How to Dynamically Incentivize Sufficient Level of IoT Security

Abstract

This paper propose an incentive mechanism to make large number of device secure based on insurance by smart contracts. It con- sists of the automated security evaluation of enterprise IoT devices and the creation of a dynamic insurance premium. To automate the security evaluation of enterprise IoT devices, we collect and store IoT device sta- tus data with privacy preservation on blockchain. Then, we track and assess the risk associated with IoT devices with the use of a smart con- tract. By monitoring this risk over time, we present a means to incentivize the resolution of vulnerabilities by judging the latent risk in an environ- ment as well as the vigilance of the devices’ managers in resolving these vulnerabilities. In this way, we produce a dynamic cyber insurance pre- mium that more accurately captures the risk profile associated with an environment than existing cyber insurance. Through the use blockchain and smart contracts, this framework also provides public verification for both insured and insurer and provides a level of risk management for the insurer. We also present regulatory considerations in order for this scheme to meet supervisory requirements.

Publication
In Proc. of 4th Workshop on Trusted Smart Contracts, a workshop of Financial Cryptography and Data Security 2020.
Shin'ichiro Matsuo
Shin'ichiro Matsuo
Research Professor of Computer Science

Cryptographer, and the acting co-chair of Blockchain Governance Initiative Network (BGIN).