This is a contributed piece by Pascal Geenens, EMEA security evangelist at Radware\n\nBlockchain is expected to be instrumental in digital transformation in the coming years, especially in the field of IoT. But there are technical hurdles to overcome largely because most IoT devices lack the adequate computing power to participate in blockchains directly. That said, as with most IoT initiatives, a small thing like power isn\u2019t going to stop the world from trying.\nYou just have to look at the importance of cryptocurrencies, which rely on blockchain to operate, to see the potential. Cryptocurrencies, which allow people to move money in the same way they move information on the internet, are being traded in huge sums. There are currently more than 900 different cryptocurrencies being traded and the most popular, the Bitcoin (BTC), has a market cap of over $40 billion with daily volumes averaging $1 billion and peaking at around $2 billion.\nBesides providing real opportunities for cyber criminals and clever, high risk, traders, our interest in cryptocurrencies has proven that blockchain is a viable technology to exponentially grow the IoT ecosystem. At the moment though, technologists are grappling with exactly how it will do this.\nThe future of IoT is decentralised\nTo understand the need for technologies like blockchain for IoT, we need to understand the problem IoT will be facing in the future. Most of today\u2019s IoT ecosystems are built around a centralised, brokered communication model. All the IoT devices in the system are known and authenticated by and communicate through a centralised, large cloud which provides huge amounts of processing power and storage.\nAt its basic level, any two IoT devices exchanging information are brokered through the central system, even if they are a couple of feet away. They rely on a private network and internet cloud servers to exchange even the smallest bit of information. While the cloud provides immense potential for compute and storage, and will continue to persist as a design pattern for small scale IoT deployments, this central model will not be able to cope with the huge ecosystems we expect to see in the near future. Even if centralised cloud servers could accommodate the scale in an economical fashion, they are still the single point of failure for the whole ecosystem.\nFor an ecosystem of devices to scale to millions or even billions, a decentralised approach is preferred in which each device represents an autonomous system. All communication and information exchange between devices, servers and services of the ecosystem should be based on distributed protocols. This is where blockchain can help. In fact, IBM in partnership with Samsung has published a proof of concept whitepaper for a system, known as ADEPT, that uses elements of blockchain to create distributed networks of autonomous devices to form a decentralised IoT ecosystem.\nIt notes that any protocols used by the autonomous systems should be secured, authenticated and distributed, and that each node in the ecosystem should be able to perform, in a distributed fashion, three things: messaging, file sharing and coordination. It\u2019s obvious IoT devices need to be able to message its ecosystem to alert it to a change in the environment, and do so in a distributed, secure and authenticated way. But current IoT messaging systems such as MQTT use a central broker design and while they can be secured and authenticated, they can\u2019t scale to support millions or billions of devices without complex hierarchical designs.\nTransaction history\nSo we are starting to see the development of new peer to peer messaging systems which provide encrypted messaging, low latency, and guaranteed delivery, store and forwarding of messages whereby the message can hop on to other devices. Known as distributed hash tables, these allow devices to create their own hashtag and find other devices in its network. We\u2019re likely to hear more about Telehash to name just one approach, which is an emerging open source version of this messaging technique.\nOf course, there are times when files need to be shared\u2014like software updates or configuration settings. BitTorrent is well known as a robust peer-to-peer file sharing protocol. But it\u2019s still not enough. When there is a need for an actual transaction, like a payment, Blockchain will be the technology of choice, as it provides a decentralised ledger where autonomous things in the network can follow rules and verify the validity of transactions without relying on a central authority or human.\nWhat\u2019s more, every device in the system keeps a complete history of all the transactions performed in the whole ecosystem and as it\u2019s tamper proof it\u2019s fundamentally secure which is essential if you are building complex networks where life or death is at stake\u2014there is no risk of a \u2018man in the middle\u2019 cyberattack.\nCombine all this together and IoT becomes smart, self-supporting and self-sustaining. Blockchain allows devices to make the right decisions at the right time and log the history, ideal for situations where there must be a ledger of transactions for regulatory compliance. It will even go as far as to fix the ecosystem if something breaks based on the protocols its programmed to follow. However, we can\u2019t get carried away yet. IoT ecosystems aren\u2019t always closed, sometimes they need to talk to another ecosystem or network. This inherently brings risk as you create a bridge from one system to another. The minute an API or a web application in the cloud is introduced to create this bridge so you create a target for a hacker.\nBlind spots\nConsider the recent DDoS attacks on the Bitfinex and BTC-e Bitcoin exchanges, and theft of cryptocurrency in the case of Classic Ether Wallet. It wasn\u2019t the blockchain nodes that were targets it was the web services they relied on. Plus you can\u2019t always rely on the inherent security of the blockchain technology. If it\u2019s not implemented correctly you introduce weakness, as happened when a hacker exploited a blind spot in some code on the Etherum Investment Fund platform, draining it of around $53 million worth of digital currency in a few hours.\nWhat\u2019s curious about all of this is that many of the technologies being developed using blockchain are similar to the botnets hackers have used to cause havoc\u2014even the IBM and Samsung pilot is strikingly close. So while we strive to create secure smart IoT ecosystems we have to build in security. Blockchain is going to be a large part of the puzzle in the future, but it is only ever going to be as good as the humans who design it\u2014inadvertently put in a flaw and you destroy utopia.