Yuanyu Zhang,Shoji Kasahara,Yulong Shen,Xiaohong Jiang,Jianxiong Wan

DOI: https://doi.org/10.1109/jiot.2018.2847705

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:This paper investigates a critical access control issue in the Internet of Things (IoT). In particular, we propose a smart contract-based framework, which consists of multiple access control contracts (ACCs), one judge contract (JC) and one register contract (RC), to achieve distributed and trustworthy access control for IoT systems. Each ACC provides one access control method for a subject-object pair, and implements both static access right validation based on predefined policies and dynamic access right validation by checking the behavior of the subject. The JC implements a misbehavior-judging method to facilitate the dynamic validation of the ACCs by receiving misbehavior reports from the ACCs, judging the misbehavior and returning the corresponding penalty. The RC registers the information of the access control and misbehavior-judging methods as well as their smart contracts, and also provides functions (e.g., register, update and delete) to manage these methods. To demonstrate the application of the framework, we provide a case study in an IoT system with one desktop computer, one laptop and two Raspberry Pi single-board computers, where the ACCs, JC and RC are implemented based on the Ethereum smart contract platform to achieve the access control.

Yong Zhu,Xiao Wu,Zhihui Hu

DOI: https://doi.org/10.3390/electronics11010167

IF: 2.9

2022-01-05

Electronics

Abstract:Traditional centralized access control faces data security and privacy problems. The core server is the main target to attack. Single point of failure risk and load bottleneck are difficult to solve effectively. And the third-party data center cannot protect data owners. Traditional distributed access control faces the problem of how to effectively solve the scalability and diversified requirements of IoT (Internet of Things) applications. SCAC (Smart Contract-based Access Control) is based on ABAC (Attributes Based Access Control) and RBAC (Role Based Access Control). It can be applied to various types of nodes in different application scenarios that attributes are used as basic decision elements and authorized by role. The research objective is to combine the efficiency of service orchestration in edge computing with the security of consensus mechanism in blockchain, making full use of smart contract programmability to explore fine grained access control mode on the basis of traditional access control paradigm. By designing SSH-based interface for edge computing and blockchain access, SCAC parameters can be found and set to adjust ACLs (Access Control List) and their policies. The blockchain-edge computing combination is powerful in causing significant transformations across several industries, paving the way for new business models and novel decentralized applications. The rationality on typical process behavior of management services and data access control be verified through CPN (Color Petri Net) tools 4.0, and then data statistics on fine grained access control, decentralized scalability, and lightweight deployment can be obtained by instance running in this study. The results show that authorization takes into account both security and efficiency with the “blockchain-edge computing” combination.

engineering, electrical & electronic,computer science, information systems,physics, applied

Chen Zhonghua,S. B. Goyal,Anand Singh Rajawat

DOI: https://doi.org/10.1007/s11227-023-05517-4

IF: 3.3

2023-07-18

The Journal of Supercomputing

Abstract:In order to solve the problem of data security and management between IoT edge nodes and massive heterogeneous devices, combined with the wide application of blockchain technology in distributed system data security management, a blockchain-based Internet of Things access control model (SC-ABAC) is proposed by combining smart contracts and attribute-based access control. The traditional consensus algorithm PoW (Proof of Work) and SC-ABAC access control management process are optimized. By quantitative analysis, the time to call contracts in the query process increases linearly, the time of the policy addition and judgment process is constant, and the energy consumption of the optimized consensus mechanism is smaller than that of the PoW unit. This model provides decentralized, fine-grained, and dynamic access control management in IoT environments, enabling distributed systems to reach consensus faster and ensure data consistency.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Mohammed Amine Bouras,Boming Xia,Adnan Omer Abuassba,Huansheng Ning,Qinghua Lu

DOI: https://doi.org/10.7717/peerj-cs.455

2021-04-08

Abstract:Access control is a critical aspect for improving the privacy and security of IoT systems. A consortium is a public or private association or a group of two or more institutes, businesses, and companies that collaborate to achieve common goals or form a resource pool to enable the sharing economy aspect. However, most access control methods are based on centralized solutions, which may lead to problems like data leakage and single-point failure. Blockchain technology has its intrinsic feature of distribution, which can be used to tackle the centralized problem of traditional access control schemes. Nevertheless, blockchain itself comes with certain limitations like the lack of scalability and poor performance. To bridge the gap of these problems, here we present a decentralized capability-based access control architecture designed for IoT consortium networks named IoT-CCAC. A blockchain-based database is utilized in our solution for better performance since it exhibits favorable features of both blockchain and conventional databases. The performance of IoT-CCAC is evaluated to demonstrate the superiority of our proposed architecture. IoT-CCAC is a secure, salable, effective solution that meets the enterprise and business's needs and adaptable for different IoT interoperability scenarios.

Rashmi Raj,Mohona Ghosh

DOI: https://doi.org/10.1007/s12083-024-01648-4

IF: 3.488

2024-03-09

Peer-to-Peer Networking and Applications

Abstract:To ensure safe exchange of data in IoT-enabled-supply-chain network and safeguard other security issues, IoT devices should have an access control system that can regulate resource access in a permissioned manner. Traditional access control mechanisms (ACM) can guarantee that but lack wide adoption owing to centralized architecture, single point of failure, and limited security. A blockchain-based ACM can address all the above challenges, however, still some limitations exist. Firstly, blockchain provides data verifiability and user transparency, meaning that all stored information is accessible to network nodes for verification leading to privacy issues of sensitive data. Secondly, encryption-based solutions can address the privacy concern but require sharing of secret keys with unknown peers entailing another security risk. Thirdly, due to limited block size in blockchain, IoT-enabled-supply-chain networks prefer storing all the data in the cloud or a central server, which has their own threat concerns. In this work, we propose a blockchain-based ACM that integrates Bell La Padula (BLP) Model, Proxy Re-Encryption, and IPFS to address all the above challenges. BLP enforces fine-grained access control without performing high computation and ensures data confidentiality. With the Proxy Re-encryption, only authorized parties can decrypt data but without revealing the private key of the data owner. Meanwhile, IPFS eliminates the need for cloud servers and provides a more secure offsite storage. The security analysis of the proposed framework is presented using BAN logic. We also provide a thorough security comparison with other peer models to establish the superiority of our proposed work. Furthermore, smart contract-based implementation through Truffle is done to analyse the framework's effectiveness.

computer science, information systems,telecommunications

Aqsa Rashid,Asif Masood,Atta ur Rehman Khan

DOI: https://doi.org/10.1007/s11277-024-11266-1

IF: 2.017

2024-06-27

Wireless Personal Communications

Abstract:Centralized access control systems are unsuitable for IoT due to their resource-constrained, heterogeneous, and dynamic nature. Blockchain-assisted decentralized access control systems exist for IoT, but those approaches are tokenization-based. In some cases, IoT devices are not part of the blockchain network due to which they cannot interact with the access control system directly. Instead, they need a trusted admin, management hub, or a fog node for permissions verification and access to resources. This paper presents a smart contract and blockchain-assisted framework for the access control systems in the IoT enterprise environment, called ACS-IoT. In the proposed framework, resource-constrained IoT devices belong to the blockchain network. Therefore, these devices can directly access the permitted resources without any centrally administered authority and management hub's verification. We used smart contract and Ethereum blockchain for the new framework. Smart contract allows automated enforcement of access policies and serves as an autonomous agent running exactly as programmed. The proposed framework is validated through implementation of the proof of concept, and implemented prototype is deployed and tested on the Ethereum test network. The obtained results confirm that usage of blockchain and smart contract can be used as access management technology in the IoT enterprise environment.

telecommunications

Saurav Ghosh,Reshmi Mitra,Indranil Roy,Bidyut Gupta

2024-12-05

Abstract:Ensuring security for highly dynamic peer-to-peer (P2P) networks has always been a challenge, especially for services like online transactions and smart devices. These networks experience high churn rates, making it difficult to maintain appropriate access control. Traditional systems, particularly Role-Based Access Control (RBAC), often fail to meet the needs of a P2P environment. This paper presents a blockchain-based access control framework that uses Ethereum smart contracts to address these challenges. Our framework aims to close the gaps in existing access control systems by providing flexible, transparent, and decentralized security solutions. The proposed framework includes access control contracts (ACC) that manage access based on static and dynamic policies, a Judge Contract (JC) to handle misbehavior, and a Register Contract (RC) to record and manage the interactions between ACCs and JC. The security model combines impact and severity-based threat assessments using the CIA (Confidentiality, Integrity, Availability) and STRIDE principles, ensuring responses are tailored to different threat levels. This system not only stabilizes the fundamental issues of peer membership but also offers a scalable solution, particularly valuable in areas such as the Internet of Things (IoT) and Web 3.0 technologies.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture,Systems and Control

Yongtao Huang,I-Ling Yen,Farokh Bastani

2024-05-25

Abstract:The Internet of Things (IoT) necessitates robust access control mechanisms to secure a vast array of interconnected devices. Most of the existing IoT systems in practice use centralized solutions. We identify the problems in such solutions and adopt the blockchain based decentralized access control approach. Though there are works in the literature that use blockchain for access control, there are some gaps in these works. We develop a blockchain embedded access control (BEAC) framework to bridge the gaps. First, blockchain based solutions for access control require an enabling P2P network while existing P2P overlays do not support some required features. We develop a novel P2P infrastructure to seamlessly support our BEAC framework. Second, most of the works consider blockchain based access control for a single access control model, and we develop a generic blockchain mechanism and show that it can support the embedding of various access control models. Finally, existing works adopt existing blockchain mechanisms which may incur a high communication overhead. We develop a shortcut approach to improve the number of message rounds in the access protocol. Our experiments demonstrate the efficacy of our system, showing that the shortcut mechanism can reduces access time by approximately 43%.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rahul Saha,Gulshan Kumar,Mauro Conti,Tannishtha Devgun,Tai-hoon Kim,Mamoun Alazab,Reji Thomas

DOI: https://doi.org/10.1109/tii.2021.3108676

IF: 12.3

2022-05-01

IEEE Transactions on Industrial Informatics

Abstract:The integration between blockchains, Internet-of-Thing (IoT), and smart contracts is an emerging and promising technology. The advantages of this technology have raised the importance of Industrial Internet-of-Thing (IIoT) and have paved the pathway for "Industry 4.0." Surprisingly, access control has received less attention in IIoTs. Though there are some solutions coming forward to use blockchains for IIoT to enable secure and resilient access control management, the challenge is to satisfy the low-latency requirements of IIoTs for validating and adding the blocks to the chain. Besides, role-based and rule-based access controls in the existing systems can be forged without organizational access controls and compliance. Therefore, we address these problems in this article. In the present work, we propose DHACS, a Decentralized Hybrid Access Control for Smart contract, for IIoTs. DHACS aims to provide transparency, reliability, and robustness to the existing access control mechanism in IIoTs. The framework is based on blockchain feasibilities that contribute to an interconnected hybrid access control through smart contract provision. It is a novel idea in the domain of IIoTs. We use three access control strategies, role-based, rule-based, and organization-based, to develop a hybrid approach for smart contract in DHACS. The operational transactions along with their access controls are accounted and blocks are made by the transaction pooler and block creator. We use a private blockchain environment; however, it can be extended to a public blockchain or consortium blockchain for geographical distributed dependency. We compare DHACS with three existing approaches in recent time. We measure the performance in terms of computational costs, storage complexity, and energy consumption. DHACS outperforms the others approaches and is considered to be efficient for IIoT applications with more t-an 30% better efficiency in access control management. To the best of our knowledge, DHACS is the first attempt to use decentralized blockchains with smart contract for hybrid access control in IIoTs.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Syed Yawar Abbas Zaidi,Munam Ali Shah,Hasan Ali Khattak,Carsten Maple,Hafiz Tayyab Rauf,Ahmed M. El-Sherbeeny,Mohammed A. El-Meligy

DOI: https://doi.org/10.3390/su131910556

IF: 3.9

2021-09-23

Sustainability

Abstract:With opportunities brought by the Internet of Things (IoT), it is quite a challenge to maintain concurrency and privacy when a huge number of resource-constrained distributed devices are involved. Blockchain have become popular for its benefits, including decentralization, persistence, immutability, auditability, and consensus. Great attention has been received by the IoT based on the construction of distributed file systems worldwide. A new generation of IoT-based distributed file systems has been proposed with the integration of Blockchain technology, such as the Swarm and Interplanetary File System. By using IoT, new technical challenges, such as Credibility, Harmonization, large-volume data, heterogeneity, and constrained resources are arising. To ensure data security in IoT, centralized access control technologies do not provide credibility. In this work, we propose an attribute-based access control model for the IoT. The access control lists are not required for each device by the system. It enhances access management in terms of effectiveness. Moreover, we use blockchain technology for recording the attribute, avoiding data tempering, and eliminating a single point of failure at edge computing devices. IoT devices control the user’s environment as well as his or her private data collection; therefore, the exposure of the user’s personal data to non-trusted private and public servers may result in privacy leakage. To automate the system, smart contracts are used for data accessing, whereas Proof of Authority is used for enhancing the system’s performance and optimizing gas consumption. Through smart contracts, ciphertext can be stored on a blockchain by the data owner. Data can only be decrypted in a valid access period, whereas in blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. Scalability issues can also be resolved by using the multichain blockchain. Eventually, it is concluded from the simulation results that the proposed system is efficient for IoT.

environmental sciences,environmental studies,green & sustainable science & technology

Haoxiang Song,Zhe Tu,Yajuan Qin

DOI: https://doi.org/10.3390/s22218339

2022-10-30

Abstract:With the development of 5G and the Internet of things (IoT), the multi-domain access of massive devices brings serious data security and privacy issues. At the same time, most access systems lack the ability to identify network attacks and cannot adopt dynamic and timely defenses against various security threats. To this end, we propose a blockchain-based access control and behavior regulation system for IoT. Relying on the attribute-based access control model, this system deploys smart contracts on the blockchain to achieve distributed and fine-grained access control and ensures that the identity and authority of access users can be trusted. At the same time, an inter-domain communication mechanism is designed based on the locator/identifier separation protocol and ensures the traffic of access users are authorized. A feedback module that combines traffic detection and credit evaluation is proposed, ensuring real-time detection and fast, proactive responses against malicious behavior. Ultimately, all modules are linked together through workflows to form an integrated security model. Experiments and analysis show that the system can effectively provide comprehensive security protection in IoT scenarios.

Palak Bagga,Ashok Kumar Das,Vinay Chamola,Mohsen Guizani

DOI: https://doi.org/10.1007/s11235-022-00938-7

Abstract:With rapid advancements in the technology, almost all the devices around are becoming smart and contribute to the Internet of Things (IoT) network. When a new IoT device is added to the network, it is important to verify the authenticity of the device before allowing it to communicate with the network. Hence, access control is a crucial security mechanism that allows only the authenticated node to become the part of the network. An access control mechanism also supports confidentiality, by establishing a session key that accomplishes secure communications in open public channels. Recently, blockchain has been implemented in access control protocols to provide a better security mechanism. The foundation of this survey article is laid on IoT, where a detailed description on IoT, its architecture and applications is provided. Further, various security challenges and issues, security attacks possible in IoT and their countermeasures are also provided. We emphasize on the blockchain technology and its evolution in IoT. A detailed description on existing consensus mechanisms and how blockchain can be used to overpower IoT vulnerabilities is highlighted. Moreover, we provide a comprehensive description on access control protocols. The protocols are classified into certificate-based, certificate-less and blockchain-based access control mechanisms for better understanding. We then elaborate on each use case like smart home, smart grid, health care and smart agriculture while describing access control mechanisms. The detailed description not only explains the implementation of the access mechanism, but also gives a wider vision on IoT applications. Next, a rigorous comparative analysis is performed to showcase the efficiency of all protocols in terms of computation and communication costs. Finally, we discuss open research issues and challenges in a blockchain-envisioned IoT network.

Surendra Tyagi,Devesh C. Jinwala,Subhasis Bhattacharjee

DOI: https://doi.org/10.1504/ijahuc.2024.137602

2024-03-29

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:In internet of things (IoT), the context awareness in resolving the access control aids to finer resolution in deciding whether to grant access or not. In this paper, our focus is on the context aware access control for IoT devices, specifically on decentralised access control mechanism. We are taking the smart home as a use case for this application. However, the mechanism to implement a context aware access control requires the information about the context of the subjects in such an application. This information can best be shared using the ontologies. Motivated by the same, we propose here an ontology for decentralised context aware access control for smart home. To the best of our knowledge, this is a unique attempt to propose the design of an ontology for decentralised context-aware access control in the loT. We validate our proposed design by simulation using Protege.

computer science, information systems,telecommunications

Anu Raj,Shiva Prakash

DOI: https://doi.org/10.1007/s11277-024-11312-y

IF: 2.017

2024-06-26

Wireless Personal Communications

Abstract:Nowadays, the adoption of the Internet of Things (IoT) framework in various healthcare industries has increased rapidly in recent years. The IoT devices generate vast amounts of sensitive data, such as personal health information. It is mandatory to protect medical records from unauthorized access and use. However, the finite resources nature of these devices can make it hard to implement robust security measures, such as encryption and authentication. A blockchain is a propitious approach for the secure management of medical records in an immutable way. This problem can be resolved with ciphertext-policy attribute-based encryption (CP-ABE), which permits granular access control in IoT. The local gateways that are directly interfaced with the Ethereum blockchain-based smart contract platform are utilized to create and implement a distributed and dependable user authentication and an access control mechanism for IoMT. In this paper, a DBC-based CP-ABE approach offers a secure and decentralized solution for secure communication and data protection and provides a more secure and trustworthy system. The system works on the concept of an Elliptical Curve Cryptography-based CP-ABE method to reduce complexity and provide data security in remote patient monitoring. On the other hand, blockchain-based smart contracts offer a dynamic, optimal, and self-adjusted access control in smart healthcare systems. It lowers the overhead of conducting resource-intensive authentication procedures and blockchain communications at IoT devices. The result provides the efficiency of the proposed work in computation as well as processing time and its resistance to various security intrusions over existing schemes.

telecommunications

Dezhi Han,Yujie Zhu,Dun Li,Wei Liang,Alireza Souri,Kuan-Ching Li

DOI: https://doi.org/10.1109/tii.2021.3114621

IF: 12.3

2022-05-01

IEEE Transactions on Industrial Informatics

Abstract:Internet of Things (IoT) devices are widely considered in smart cities, intelligent medicine, and intelligent transportation, among other fields that facilitate people's lives, producing a large amount of private data. However, due to the mobility, limited performance, and distributed deployment of IoT, traditional access control methods cannot support the security of private data's access control process in current IoT environments. To address such problems, this article proposes an auditable access control model, based on an attribute-based access control model, and manages the access control policy for private data through the request record, the response record, and the access record stored in the blockchain network. Additionally, a Blockchain-based auditable access control system is also proposed based on the auditable access control model, ensuring private data security in IoT environments and realizing effective management and auditable access to these data. Experimental results show that the proposed system can maintain high throughput while ensuring private data security for real application scenarios in IoT environments.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Peng Wang,Ning Xu,Haibin Zhang,Wen Sun,Abderrahim Benslimane

DOI: https://doi.org/10.1109/jiot.2021.3125091

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fei Tong,Xing Chen,Cheng Huang,Yujian Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/JIOT.2022.3229676

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Multidomain Internet of Things (IoT) is faced with serious domain interoperability (DI) and compatibility issues since different intradomain authorization and authentication (A&A) mechanisms are deployed without the consideration of interdomain A&A. This article proposes a blockchain-assisted scheme to achieve flexible intra- and inter-domain A&A simultaneously and seamlessly. Specifically, we first design a contract-based mutual access control agreement on top of a consortium blockchain, where domain managers can manage their access permission without any trusted parties. Based on the agreement, a secure and privacy-preserving authentication protocol is further proposed by tailoring one-out-of-many proof techniques, which enables IoT devices to anonymously access authorized IoT domains. We additionally design a voting-based protocol by using a threshold-based cryptosystem. The protocol allows domain managers to transparently audit resource access with the assistance of the blockchain. Detailed security analysis demonstrates that the proposed scheme achieves the security properties, such as DI, privacy protection, and accountability. Finally, we develop two proof-of-concept prototypes in a physical testbed and virtual machine, respectively, based on an open-source blockchain platform to show our scheme's efficiency in terms of computation and communication overhead.

Anu Raj,Shiva Prakash

DOI: https://doi.org/10.1007/s40009-023-01383-z

2024-02-20

National Academy Science Letters

Abstract:Nowadays, the demand for the Internet of Medical Things (IoMT) is likely to be driven by the need for real-time health monitoring to handle chronic diseases. Designing a distributed and reliable access control and user authentication scheme for IoMT involves multiple layers of security measures to ensure the integrity, confidentiality, as well as availability of sensitive patient data. However, the major problem with smart healthcare systems is data security and privacy. Blockchain can resolve these issues due to its immutability and transparency features. Most of the existing research enhances security and data privacy but they do not consider the overhead, delay, and scalability. The clustering-based proposed approach adopted the real-world issues of blockchain, i.e., delay, and scalability. It is an efficient access control approach that enables users to establish their desired access control policy to protect their private medical data. It uses a dual chain mechanism in which the access policies are stored in one chain, while the data transactions are stored in another chain. This approach addresses the challenge of access control resolution by enabling data owners to decide their desirable access policies. The experimental results show the efficiency of the proposed scheme in terms of processing time, computational time and its resilience against various security threats.

multidisciplinary sciences

Bowen Liu,Siwei Sun,Pawel Szalachowski

DOI: https://doi.org/10.48550/arXiv.2003.07495

2020-03-17

Abstract:Although blockchain-based smart contracts promise a ``trustless'' way of enforcing agreements even with monetary consequences, they suffer from multiple security issues. Many of these issues could be mitigated via an effective access control system, however, its realization is challenging due to the properties of current blockchain platforms (like lack of privacy, costly on-chain resources, or latency). To address this problem, we propose the SMACS framework, where updatable and sophisticated Access Control Rules (ACRs)} for smart contracts can be realized with low cost. SMACS shifts the burden of expensive ACRs validation and management operations to an off-chain infrastructure, while implementing on-chain only lightweight token-based access control. SMACS is flexible and in addition to simple access control lists can easily implement rules enhancing the runtime security of smart contracts. With dedicated ACRs backed by vulnerability-detection tools, SMACS can protect vulnerable contracts after deployment. We fully implement SMACS and evaluate it.

Cryptography and Security