# On the Activity Privacy of Blockchain for IoT

**Authors:** Ali Dorri, Clemence Roulin, Raja Jurdak, Salil Kanhere

arXiv: 1812.08970 · 2019-03-15

## TL;DR

This paper investigates privacy risks in blockchain-based IoT device identification, demonstrating high classification success rates and proposing obfuscation methods to mitigate privacy breaches.

## Contribution

It is the first study to analyze device activity privacy risks in blockchain IoT, showing how transaction patterns can reveal device identities and proposing effective obfuscation techniques.

## Key findings

- Device classification success rates over 90%
- Obfuscation methods reduce success to as low as 20%
- Blockchain transaction analysis can compromise IoT privacy

## Abstract

Security is one of the fundamental challenges in the Internet of Things (IoT) due to the heterogeneity and resource constraints of the IoT devices. Device classification methods are employed to enhance the security of IoT by detecting unregistered devices or traffic patterns. In recent years, blockchain has received tremendous attention as a distributed trustless platform to enhance the security of IoT. Conventional device identification methods are not directly applicable in blockchain-based IoT as network layer packets are not stored in the blockchain. Moreover, the transactions are broadcast and thus have no destination IP address and contain a public key as the user identity, and are stored permanently in blockchain which can be read by any entity in the network. We show that device identification in blockchain introduces privacy risks as the malicious nodes can identify users' activity pattern by analyzing the temporal pattern of their transactions in the blockchain. We study the likelihood of classifying IoT devices by analyzing their information stored in the blockchain, which to the best of our knowledge, is the first work of its kind. We use a smart home as a representative IoT scenario. First, a blockchain is populated according to a real-world smart home traffic dataset. We then apply machine learning algorithms on the data stored in the blockchain to analyze the success rate of device classification, modeling both an informed and a blind attacker. Our results demonstrate success rates over 90\% in classifying devices. We propose three timestamp obfuscation methods, namely combining multiple packets into a single transaction, merging ledgers of multiple devices, and randomly delaying transactions, to reduce the success rate in classifying devices. The proposed timestamp obfuscation methods can reduce the classification success rates to as low as 20%.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.08970/full.md

## Figures

17 figures with captions in the complete paper: https://tomesphere.com/paper/1812.08970/full.md

## References

16 references — full list in the complete paper: https://tomesphere.com/paper/1812.08970/full.md

---
Source: https://tomesphere.com/paper/1812.08970