SmartRetro: Blockchain-Based Incentives for Distributed IoT Retrospective Detection

Abstract

Internet of Things (IoT) has already been in the period of rapid development and widespread deployment, while it is still vulnerable to various malicious attacks. Security detection before system installation is not enough to ensure that IoT devices are always secure, because newly emerging vulnerabilities can still be exploited to launch attacks. To address this issue, retrospective detection is often required to trace the security status of IoT systems. Unfortunately, existing centralized detection mechanisms cannot easily provide a comprehensive security analysis. In particular, consumers cannot automatically receive security notification whenever a new vulnerability is uncovered. In this paper, we propose a novel blockchain-powered incentive platform, called SmartRetro, that can incentivize and attract more distributed detectors to participate in retrospective vulnerability detection and contribute their detection results. Leveraging smart contracts, consumers in SmartRetro receive automatic security feedback about their installed IoT systems. We perform the security and theoretical analysis to demonstrate that SmartRetro achieves our desirable security goals.We further implement SmartRetro prototype on Ethereum to evaluate its performance. Our experimental results show SmartRetro is technically feasible and economically beneficial.