Ben-Gurion University of the Negev Masters’s Thesis Incentivized Delivery Network of IoT Software Updates using gradual release Submitted By: Supervisor: Yechiav Yitzchak Prof. Asaf Shabtai A thesis submitted in fulfillment of the requirements for the degree of Master of Science in the DEPARTMENT OF SOFTWARE AND INFORMATION SYSTEMS ENGINEERING FACULTY OF ENGINEERING SCIENCES February 27, 2019 Ben-Gurion University of the Negev Masters’s Thesis Incentivized Delivery Network of IoT Software Updates using gradual release Submitted By: Supervisor: Yechiav Yitzchak Prof. Asaf Shabtai A thesis submitted in fulfillment of the requirements for the degree of Master of Science in the DEPARTMENT OF SOFTWARE AND INFORMATION SYSTEMS ENGINEERING FACULTY OF ENGINEERING SCIENCES Author: .............................................................................. Date ........27.2.2019 Suprvisor: ....................................... ...................................Date ........06/05/2020 Chairman of Graduate Studies Committee: ……………………..Date…… Abstract this work introduces IoTPatchPool Pay Per Piece -aschemethatenablesanincen- tivized distributed delivery network of IoT software updates. the scheme uses a decentralized storage network for reducing the load on the vendor when distributing patches towards IoT devices and eliminating central points of failure. Unlike existing peer-to-peer file-sharing networks that have a fundamental availability problem for unpopular files, our protocol utilizes blockchain-based smart contracts to incentivize independent peers, termed distributors, by means of cryptocurrency payments. A vendor of IoT devices deploys a smart contract with a deposit, which acts as a publicly verifiable binding bid for delivery of patches by pieces to a specific set of IoT endpoints. Distributors will compete for delivering updates to the desired IoT devices in exchange for cryptocurrency payments. We address the fair exchange problem between distributors and the consuming IoT devices by utilizing aa Pay Per Piece Payments protocol, the pay per piece is a form of a gradual release of a commodity where the commodity can be divided into small piece the sender and the receiver build trust as the transactions progress in rounds the permission-less nature of the framework can encourage the participation of a large number of dis- tributors, and thus facilitate a rapid scale-out of the system. Finally, we present and evaluate a prototype implementation combining the BitTorrent network with the cryptocurrency Ethereum. Keywords IoT Blockchain Patch Update Distributed ledger Ethereum Incentivized system 2 Acknowledgments would like to thank several people for supporting me in the work on this thesis. First, I would like to express my appreciation to my supervisor Prof. Asaf Shabtai, for the guidance, support, and brainstorming, he has given me all along this thesis. IwouldliketothankRonBitonforhissupportthroughoutthisprocessin consulting, examining new paths, and pushing the boundaries. Second, I would like to thank all my colleagues who I worked the framework leading to this thesis, Oded Leiba, Ron Biton, Asaf Nadler, Davidoz Kashi, and Ishai Wiesner. Third, I would like to thank Zur Ronen for his help and support in implementation. lastly many thanks to Telekom Innovation Laboratories at Ben-Gurion University for providing the supporting environment. 2 Contents Abbreviations 8 1Introduction 9 1.1 Background ................................ 13 1.1.1 Blockchain ............................. 13 1.1.2 Smart Contracts ......................... 14 1.1.3 zk-SNARKs ............................ 15 1.1.4 Zero-Knowledge Contingent Payments (ZKCP) ........ 16 1.1.5 Gradual release .......................... 16 2ResearchObjectives 18 2.1 Research Goal .............................. 18 2.2 Research Questions ........................... 19 2.2.1 RQ1: Defining a incentivized IoT patching protocol ...... 19 2.2.2 RQ2: Examining The economic model of the system ..... 19 3RelatedWork 20 3.1 General Architectures for IoT Patching ................ 20 3.2 Decentralized Storage Networks ..................... 22 4SecurityModel 25 4.1 Trust Model ................................ 25 4.2 Adversarial Model ............................. 26 4.3 Goals ................................... 26 3 5TheMainComponents 27 5.1 Decentralized storage network (DSN) .................. 27 5.2 Blockchain network ............................ 28 5.2.1 Vendor nodes ........................... 28 5.2.2 IoT nodes ............................. 29 5.2.3 Distributor nodes ......................... 30 6IoTPatchPool 32 6.1 Protocol .................................. 33 6.1.1 Setup ............................... 34 6.1.2 Contract publication ....................... 34 6.1.3 Update file initial seeding .................... 36 6.1.4 Update file exchange for a proof-of-distribution ........ 37 6.1.5 Reward claim for a proof-of-distribution ............ 39 6.2 Properties ................................. 40 6.3 Implementation .............................. 43 7Proposedframework:IoTPatchPoolPayperpiece 47 7.1 Alternative selection ........................... 49 7.2 Protocol .................................. 51 7.2.1 Setup ............................... 51 7.2.2 Contract publication ....................... 51 7.2.3 Update file initial seeding .................... 52 7.2.4 Update file Pay Per Piece exchange .............. 54 7.2.5 Reward claiming ......................... 55 7.3 Implementation .............................. 57 7.4 Evaluation ................................. 58 7.4.1 Properties ............................. 60 8Discussion 62 8.1 Common Requirements ......................... 62 4 8.2 Comparison ................................ 63 8.3 Economic Feasibility Analysis ...................... 69 9ConclusionsandFutureWork 73 5 List of Figures 6.1 IOTPatchpool High level architecture overview ......... 33 6.2 IOTPatchpool High level overview of the update protocol .. 40 6.3 IOTPatchpool: Outline of the IoT software update protocol 41 6.4 IOTPatchpool: The board used for our demonstration environment, consisting of 48 Raspberry Pi devices. .................. 45 6.5 IOTPatchpool: A screenshot capturing the user interface of the ven- dor’s server during the update process. ................. 45 7.1 IoTPatchPool Pay Per Piece High level architecture overview 49 7.2 IoTPatchPool Pay Per Piece sequence diagram ......... 56 8.1 Gas consumption comparison ...................... 65 8.2 Time (sec) to execute a Redeem transaction the Rinkeby Test net ................................. 67 8.3 time to execute first device update.timeinsecondsforupdating first device on both frameworks, IoTPatchPool on top part and IoTPatchPool Pay Per Piece on bottom part ........... 68 8.4 time to complete 100 IoT devices update.timeinsecondsfor completing 100 devices update, IoTPatchPool on top part and IoTPatchPool Pay Per Piece on bottom part ........... 68 8.5 Frameworks economic feasibility compared to alternatives ....... 72 6 List of Tables 8.1 Comparison between the IoTPatchPool and IoTPatchPool PPP frame- works ................................... 64 8.2 Summary of the main items and their size in both frameworks .... 68 8.3 A breakdown of the transactions costs ................. 71 7 Abbreviations DHT Distributed hash table DOS Denial of service DSN Decentralized storage network ECDSA Elliptic Curve Digital Signature Algorithm EVM Ethereum Virtual Machine IOT Internet Of Things IPFS InterPlanetary File System P2P Peer to Peer PPP Pay Per Piece ZCKP Zero-Knowledge Contingent Payment 8 Chapter 1 Introduction The Internet of Things (IoT) is a disruptive paradigm that continues to evolve. It is predicted that there will be a total of 26 billion connected IoT units by 2020.1 The prevalence of these devices makes them an ideal target for attackers, recently many high impact exploits have been demonstrated in practice [1, 2]. In order to de- fend devices from such vulnerabilities or recover from attacks, they must be patched with security updates. Concerns have been raised by users and manufacture alike that this need is often overlooked, and in practice, devices are patched much more rarely than they should [3]. This is in large part due to the slim profit margins of IoT manufacturers, and operational difficulties associated with the large-scale patching of devices. Another concern around the traditional way to distribute con- tent and in particular IoT software updates is the centralized nature of client-server architectures which typically rely on a large geographically and/or organizationally centralized cloud service. The increased amount of IoT devices and sensors, with their respective large amounts of data they broadcast and consume, can put a signif- icant burden on ISPs, inter-ISP business relationships, and the Internet backbone. Therefore, recent researches focused on shifting computation and data throughput to the edge, so that a large part of the data exchange can be performed within the boundaries of single ISPs [4, 5]. Moreover, such architectures impose large central points of failure and are subject to vulnerabilities such as natural disasters or local 1https://www.gartner.com/newsroom/id/3598917 9 outages. For instance, Amazon Web Services (AWS) control around 40% of the cloud-server market, and a recent outage in its US-East-1 region (Ashburn) caused asignificantportionofthewebtobeoffline[6]. Nonetheless, cloud servers dis- persed over multiple regions do not completely solve the problem, as these are