Peng Wang,Ning Xu,Haibin Zhang,Wen Sun,Abderrahim Benslimane

DOI: https://doi.org/10.1109/jiot.2021.3125091

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sheng Ding,Jin Cao,Chen Li,Kai Fan,Hui Li

DOI: https://doi.org/10.1109/access.2019.2905846

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the sharp increase in the number of intelligent devices, the Internet of Things (IoT) has gained more and more attention and rapid development in recent years. It effectively integrates the physical world with the Internet over existing network infrastructure to facilitate sharing data among intelligent devices. However, its complex and large-scale network structure brings new security risks and challenges to IoT systems. To ensure the security of data, traditional access control technologies are not suitable to be directly used for implementing access control in IoT systems because of their complicated access management and the lack of credibility due to centralization. In this paper, we proposed a novel attribute-based access control scheme for IoT systems, which simplifies greatly the access management. We use blockchain technology to record the distribution of attributes in order to avoid single point failure and data tampering. The access control process has also been optimized to meet the need for high efficiency and lightweight calculation for IoT devices. The security and performance analysis show that our scheme could effectively resist multiple attacks and be efficiently implemented in IoT systems.

Yuanyu Zhang,Shoji Kasahara,Yulong Shen,Xiaohong Jiang,Jianxiong Wan

DOI: https://doi.org/10.1109/jiot.2018.2847705

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:This paper investigates a critical access control issue in the Internet of Things (IoT). In particular, we propose a smart contract-based framework, which consists of multiple access control contracts (ACCs), one judge contract (JC) and one register contract (RC), to achieve distributed and trustworthy access control for IoT systems. Each ACC provides one access control method for a subject-object pair, and implements both static access right validation based on predefined policies and dynamic access right validation by checking the behavior of the subject. The JC implements a misbehavior-judging method to facilitate the dynamic validation of the ACCs by receiving misbehavior reports from the ACCs, judging the misbehavior and returning the corresponding penalty. The RC registers the information of the access control and misbehavior-judging methods as well as their smart contracts, and also provides functions (e.g., register, update and delete) to manage these methods. To demonstrate the application of the framework, we provide a case study in an IoT system with one desktop computer, one laptop and two Raspberry Pi single-board computers, where the ACCs, JC and RC are implemented based on the Ethereum smart contract platform to achieve the access control.

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Syed Yawar Abbas Zaidi,Munam Ali Shah,Hasan Ali Khattak,Carsten Maple,Hafiz Tayyab Rauf,Ahmed M. El-Sherbeeny,Mohammed A. El-Meligy

DOI: https://doi.org/10.3390/su131910556

IF: 3.9

2021-09-23

Sustainability

Abstract:With opportunities brought by the Internet of Things (IoT), it is quite a challenge to maintain concurrency and privacy when a huge number of resource-constrained distributed devices are involved. Blockchain have become popular for its benefits, including decentralization, persistence, immutability, auditability, and consensus. Great attention has been received by the IoT based on the construction of distributed file systems worldwide. A new generation of IoT-based distributed file systems has been proposed with the integration of Blockchain technology, such as the Swarm and Interplanetary File System. By using IoT, new technical challenges, such as Credibility, Harmonization, large-volume data, heterogeneity, and constrained resources are arising. To ensure data security in IoT, centralized access control technologies do not provide credibility. In this work, we propose an attribute-based access control model for the IoT. The access control lists are not required for each device by the system. It enhances access management in terms of effectiveness. Moreover, we use blockchain technology for recording the attribute, avoiding data tempering, and eliminating a single point of failure at edge computing devices. IoT devices control the user’s environment as well as his or her private data collection; therefore, the exposure of the user’s personal data to non-trusted private and public servers may result in privacy leakage. To automate the system, smart contracts are used for data accessing, whereas Proof of Authority is used for enhancing the system’s performance and optimizing gas consumption. Through smart contracts, ciphertext can be stored on a blockchain by the data owner. Data can only be decrypted in a valid access period, whereas in blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. Scalability issues can also be resolved by using the multichain blockchain. Eventually, it is concluded from the simulation results that the proposed system is efficient for IoT.

environmental sciences,environmental studies,green & sustainable science & technology

Xincheng Yan,Jianhua Wu,Na Zhou,Zhihong Jiang,Juqin Wu,Jianhui Yin,Ying Liu

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics60724.2023.00040

2024-01-01

Abstract:With smart devices and high-speed networks advancing rapidly, the Internet of Things (IoT) is widespread across sectors. However personal privacy becomes a concern within the vast expanse of IoT data in this more convenient era. Access control stands out as a pivotal technology for safeguarding data integrity, ensuring authorized user-exclusive data access. Attribute-based access control (ABAC), a traditional access control model, offers the key benefit of allowing access control based on multiple attributes for enhanced flexibility. However, ABAC model faces drawbacks like single points of failure and limited transparency due to its single-server focus, potentially leading to data vulnerabilities. As a promising technology, blockchain provides novel approaches for designing new access control models. In this regard, we propose a blockchain-based security access control (BBSAC) model. On the basis of ABAC, the model uses blockchain technology to realize the decentralization, automation and fine-grained access control of Internet devices. At the same time, the trust value is used as an additional attribute to evaluate the reputation of different users, and the trust value is updated after each interaction to assign different access rights to different users, thereby realizing dynamic rights management. Theoretical analysis and experimental simulation results show that the model can maintain high throughput under a large number of requests while ensuring fine-grained and dynamic access control.

Yongtao Huang,I-Ling Yen,Farokh Bastani

2024-05-25

Abstract:The Internet of Things (IoT) necessitates robust access control mechanisms to secure a vast array of interconnected devices. Most of the existing IoT systems in practice use centralized solutions. We identify the problems in such solutions and adopt the blockchain based decentralized access control approach. Though there are works in the literature that use blockchain for access control, there are some gaps in these works. We develop a blockchain embedded access control (BEAC) framework to bridge the gaps. First, blockchain based solutions for access control require an enabling P2P network while existing P2P overlays do not support some required features. We develop a novel P2P infrastructure to seamlessly support our BEAC framework. Second, most of the works consider blockchain based access control for a single access control model, and we develop a generic blockchain mechanism and show that it can support the embedding of various access control models. Finally, existing works adopt existing blockchain mechanisms which may incur a high communication overhead. We develop a shortcut approach to improve the number of message rounds in the access protocol. Our experiments demonstrate the efficacy of our system, showing that the shortcut mechanism can reduces access time by approximately 43%.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Chen Zhonghua,S. B. Goyal,Anand Singh Rajawat

DOI: https://doi.org/10.1007/s11227-023-05517-4

IF: 3.3

2023-07-18

The Journal of Supercomputing

Abstract:In order to solve the problem of data security and management between IoT edge nodes and massive heterogeneous devices, combined with the wide application of blockchain technology in distributed system data security management, a blockchain-based Internet of Things access control model (SC-ABAC) is proposed by combining smart contracts and attribute-based access control. The traditional consensus algorithm PoW (Proof of Work) and SC-ABAC access control management process are optimized. By quantitative analysis, the time to call contracts in the query process increases linearly, the time of the policy addition and judgment process is constant, and the energy consumption of the optimized consensus mechanism is smaller than that of the PoW unit. This model provides decentralized, fine-grained, and dynamic access control management in IoT environments, enabling distributed systems to reach consensus faster and ensure data consistency.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Shuang Sun,Rong Du,Shudong Chen,Weiwei Li

DOI: https://doi.org/10.1109/access.2021.3059863

IF: 3.9

2021-01-01

IEEE Access

Abstract:Most IoT devices cannot afford to be a blockchain node due to the high computation and storage loads. Thus, the blockchain is usually deployed on one delegate node, e.g., the edge device or cloud, which may encounters three drawbacks: (1) The delegate node becomes the single failure point when the number of delegate notes are limited. (2) The delegate node replicating the blockchain data can lead to privacy information leak. (3) The delegate node is vulnerable to the Distributed Denial of Service (DDoS) attack. To tackle these drawbacks, we consider to minimize the redundant of blockchain to make the IoT devices as the specialized blockchain nodes. In this paper, we integrate a permissioned blockchain (HLF), an attribute-based access control (ABAC) and an identity-based signature (IBS) to build a security, lightweight, and cross-domain blockchain-based IoT access control system. Specifically, we divided the IoT system into different function domains, named IoT domains. Then, we establish a local blockchain ledger for each IoT domain to enable more IoT devices as blockchain nodes. The local blockchain ledger records the IoT domain entities' attributes, policy files' digests, and access decisions. Meanwhile, we use the channel technology of HLF to realize cross-domain access and use the IBS to filter the legal access requests for each IoT domain to prevent DDoS attacks. We also design a policy decision point (PDP) selection algorithm that select multiple IoT devices (blockchain nodes) to achieve the real-time distributed policy decisions (off-chain). Finally, we implement and evaluate the proposed system to demonstrate its practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mohammed Amine Bouras,Boming Xia,Adnan Omer Abuassba,Huansheng Ning,Qinghua Lu

DOI: https://doi.org/10.7717/peerj-cs.455

2021-04-08

Abstract:Access control is a critical aspect for improving the privacy and security of IoT systems. A consortium is a public or private association or a group of two or more institutes, businesses, and companies that collaborate to achieve common goals or form a resource pool to enable the sharing economy aspect. However, most access control methods are based on centralized solutions, which may lead to problems like data leakage and single-point failure. Blockchain technology has its intrinsic feature of distribution, which can be used to tackle the centralized problem of traditional access control schemes. Nevertheless, blockchain itself comes with certain limitations like the lack of scalability and poor performance. To bridge the gap of these problems, here we present a decentralized capability-based access control architecture designed for IoT consortium networks named IoT-CCAC. A blockchain-based database is utilized in our solution for better performance since it exhibits favorable features of both blockchain and conventional databases. The performance of IoT-CCAC is evaluated to demonstrate the superiority of our proposed architecture. IoT-CCAC is a secure, salable, effective solution that meets the enterprise and business's needs and adaptable for different IoT interoperability scenarios.

Teng Hu,Siqi Yang,Yanping Wang,Gongliang Li,Yulong Wang,Gang Wang,Mingyong Yin

DOI: https://doi.org/10.3390/s23208535

2023-10-18

Abstract:With the rapid advancement of network communication and big data technologies, the Internet of Things (IoT) has permeated every facet of our lives. Meanwhile, the interconnected IoT devices have generated a substantial volume of data, which possess both economic and strategic value. However, owing to the inherently open nature of IoT environments and the limited capabilities and the distributed deployment of IoT devices, traditional access control methods fall short in addressing the challenges of secure IoT data management. On the one hand, the single point of failure issue is inevitable for the centralized access control schemes. On the other hand, most decentralized access control schemes still face problems such as token underutilization, the insecure distribution of user permissions, and inefficiency.This paper introduces a blockchain-based access control framework to address these challenges. Specifically, the proposed framework enables data owners to host their data and achieves user-defined lightweight data management. Additionally, through the strategic amalgamation of smart contracts and hash-chains, our access control scheme can limit the number of times (i.e., n-times access) a user can access the IoT data before the deadline. This also means that users can utilize their tokens multiple times (predefined by the data owner) within the deadline, thereby improving token utilization while ensuring strict access control. Furthermore, by leveraging the intrinsic characteristics of blockchain, our framework allows data owners to gain capabilities for auditing the access records of their data and verifying them. To empirically validate the effectiveness of our proposed framework and approach, we conducted extensive simulations, and the experimental results demonstrated the feasibility and efficiency of our solution.

Peng Zhai,Jingsha He,Nafei Zhu

DOI: https://doi.org/10.3390/app12073692

2022-04-06

Applied Sciences

Abstract:The integration of information systems and physical systems is the development trend of today’s manufacturing industry. Intelligent manufacturing is a new model of manufacturing, based on advanced manufacturing technology with human–machine–material collaboration. Internet of Things technology is the core technology of intelligent manufacturing, and access control technology is one of the main measures to ensure the security of the IoT. In view of the problem that the existing IoT access control model does not support distributed and fine-grained dynamic access control, this paper uses the characteristics of blockchain, such as decentralization and non-tampering, combined with the attribute-based access control (ABAC) method, to propose a distributed access control method, applicable to the IoT environment in the process of intelligent manufacturing. This paper describes a fine-grained access control policy by defining the access control attribute values in a formal language, which supports complex logic operations in the policy and enhances the expressiveness of the model. Distributed access control decision making, using smart contracts for blockchain, improves the decision-making efficiency of the access control model, increases the post-facto audit of the access control behavior, and improves the overall security of IoT data protection. The paper concludes with proof of security and a performance analysis, and the experimental results, such as storage and computing overheads, show that this method can provide fine-grained, dynamic, and distributed access control for devices in intelligent manufacturing, ensuring the security and reliability of access control for IoT devices.

Haoxiang Song,Zhe Tu,Yajuan Qin

DOI: https://doi.org/10.3390/s22218339

2022-10-30

Abstract:With the development of 5G and the Internet of things (IoT), the multi-domain access of massive devices brings serious data security and privacy issues. At the same time, most access systems lack the ability to identify network attacks and cannot adopt dynamic and timely defenses against various security threats. To this end, we propose a blockchain-based access control and behavior regulation system for IoT. Relying on the attribute-based access control model, this system deploys smart contracts on the blockchain to achieve distributed and fine-grained access control and ensures that the identity and authority of access users can be trusted. At the same time, an inter-domain communication mechanism is designed based on the locator/identifier separation protocol and ensures the traffic of access users are authorized. A feedback module that combines traffic detection and credit evaluation is proposed, ensuring real-time detection and fast, proactive responses against malicious behavior. Ultimately, all modules are linked together through workflows to form an integrated security model. Experiments and analysis show that the system can effectively provide comprehensive security protection in IoT scenarios.

Hongliang Tian,Junyuan Tian

DOI: https://doi.org/10.32604/cmc.2024.047058

2024-01-01

Abstract:The Internet of Things (IoT) access control mechanism may encounter security issues such as single point of failure and data tampering. To address these issues, a blockchain-based IoT reputation value attribute access control scheme is proposed. Firstly, writing the reputation value as an attribute into the access control policy, and then deploying the access control policy in the smart contract of the blockchain system can enable the system to provide more fine-grained access control; Secondly, storing a large amount of resources from the Internet of Things in Inter Planetary File System (IPFS) to improve system throughput; Finally, map resource access operations to qualification tokens to improve the performance of the access control system. Complete simulation experiments based on the Hyperledger Fabric platform. From the simulation experimental results, it can be seen that the access control system can achieve more fine-grained and dynamic access control while maintaining high throughput and low time delay, providing sufficient reliability and security for access control of IoT devices.

computer science, information systems,materials science, multidisciplinary

Jiujiang Han,Yuxiang Zhang,Jian Liu,Ziyuan Li,Ming Xian,Huimei Wang,Feilong Mao,Yu Chen

DOI: https://doi.org/10.3390/electronics11172710

IF: 2.9

2022-08-30

Electronics

Abstract:With the rapid development of physical networks, tens of billions of Internet of Things (IoT) devices have been deployed worldwide. Access control is essential in the IoT system, which manages user access to vital IoT data. However, access control for the IoT is mainly based on centralized trusted servers, which face problems such as a single point of failure and data leakage. To tackle these challenges, we propose an access control framework for the IoT by combining blockchain and Intel software guard extension (SGX) technology. A blockchain validates both IoT devices and edge servers added to the network. The access control contract is deployed on the blockchain, which can manage attribute-based access control policies in a fine-grained manner and make access control decisions flexibly. SGX technology is introduced into the edge computing server to realize the confidentiality of data processing. Finally, we implemented the prototype of the framework on Quorum and conducted extensive experiments and theoretical analyses on the performance of the blockchain. The results of the experimental tests and theoretical analyses show that our framework has more advantages in computing costs and on-chain storage costs.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yong Zhu,Xiao Wu,Zhihui Hu

DOI: https://doi.org/10.3390/electronics11010167

IF: 2.9

2022-01-05

Electronics

Abstract:Traditional centralized access control faces data security and privacy problems. The core server is the main target to attack. Single point of failure risk and load bottleneck are difficult to solve effectively. And the third-party data center cannot protect data owners. Traditional distributed access control faces the problem of how to effectively solve the scalability and diversified requirements of IoT (Internet of Things) applications. SCAC (Smart Contract-based Access Control) is based on ABAC (Attributes Based Access Control) and RBAC (Role Based Access Control). It can be applied to various types of nodes in different application scenarios that attributes are used as basic decision elements and authorized by role. The research objective is to combine the efficiency of service orchestration in edge computing with the security of consensus mechanism in blockchain, making full use of smart contract programmability to explore fine grained access control mode on the basis of traditional access control paradigm. By designing SSH-based interface for edge computing and blockchain access, SCAC parameters can be found and set to adjust ACLs (Access Control List) and their policies. The blockchain-edge computing combination is powerful in causing significant transformations across several industries, paving the way for new business models and novel decentralized applications. The rationality on typical process behavior of management services and data access control be verified through CPN (Color Petri Net) tools 4.0, and then data statistics on fine grained access control, decentralized scalability, and lightweight deployment can be obtained by instance running in this study. The results show that authorization takes into account both security and efficiency with the “blockchain-edge computing” combination.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jie Zhang,Lingyun Yuan,Shanshan Xu

DOI: https://doi.org/10.48550/arXiv.2111.06544

2021-11-17

Abstract:In view of the security issues of the Internet of Things (IoT), considered better combining edge computing and blockchain with the IoT, integrating attribute-based encryption (ABE) and attribute-based access control (ABAC) models with attributes as the entry point, an attribute-based encryption and access control scheme (ABE-ACS) has been proposed. Facing Edge-Iot, which is a heterogeneous network composed of most resource-limited IoT devices and some nodes with higher computing power. For the problems of high resource consumption and difficult deployment of existing blockchain platforms, we design a lightweight blockchain (LBC) with improvement of the proof-of-work consensus. For the access control policies, the threshold tree and LSSS are used for conversion and assignment, stored in the blockchain to protect the privacy of the policy. For device and data, six smart contracts are designed to realize the ABAC and penalty mechanism, with which ABE is outsourced to edge nodes for privacy and integrity. Thus, our scheme realizing Edge-Iot privacy protection, data and device controlled access. The security analysis shows that the proposed scheme is secure and the experimental results show that our LBC has higher throughput and lower resources consumption, the cost of encryption and decryption of our scheme is desirable.

Cryptography and Security,Computers and Society

Andalib, Abdolreza,Aski, Akbar Morshed

DOI: https://doi.org/10.1007/s11277-024-11673-4

IF: 2.017

2024-12-13

Wireless Personal Communications

Abstract:With the rapid expansion of the Internet of Things (IoT), securing devices and the data they generate has become a critical priority. This paper proposes an access control model for IoT systems that utilizes blockchain technology to maintain a comprehensive record of devices and their authorized access permissions, with smart contracts regulating access to IoT devices. The model is organized across four layers: IoT smart devices, dew, fog, and cloud. To enable access control at both global and local levels, we combine fog computing with a distributed blockchain framework and enhance it using machine learning algorithms. The model was implemented using tools such as Ganache, MyEtherWallet, the Remix compiler, Solidity programming language, and Python for AI algorithms. We evaluated the proposed model on four datasets (Kaggle, UCI, and two randomly generated datasets), assessing its performance using metrics like accuracy and F1-score, and compared it with existing approaches. The results demonstrate that our model outperforms current methods, with the SVM algorithm achieving an accuracy of 98% and an F1-score of 99%.

telecommunications

Fei Tong,Xing Chen,Cheng Huang,Yujian Zhang,Xuemin Shen

DOI: https://doi.org/10.1109/JIOT.2022.3229676

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Multidomain Internet of Things (IoT) is faced with serious domain interoperability (DI) and compatibility issues since different intradomain authorization and authentication (A&A) mechanisms are deployed without the consideration of interdomain A&A. This article proposes a blockchain-assisted scheme to achieve flexible intra- and inter-domain A&A simultaneously and seamlessly. Specifically, we first design a contract-based mutual access control agreement on top of a consortium blockchain, where domain managers can manage their access permission without any trusted parties. Based on the agreement, a secure and privacy-preserving authentication protocol is further proposed by tailoring one-out-of-many proof techniques, which enables IoT devices to anonymously access authorized IoT domains. We additionally design a voting-based protocol by using a threshold-based cryptosystem. The protocol allows domain managers to transparently audit resource access with the assistance of the blockchain. Detailed security analysis demonstrates that the proposed scheme achieves the security properties, such as DI, privacy protection, and accountability. Finally, we develop two proof-of-concept prototypes in a physical testbed and virtual machine, respectively, based on an open-source blockchain platform to show our scheme's efficiency in terms of computation and communication overhead.

Rashmi Raj,Mohona Ghosh

DOI: https://doi.org/10.1007/s12083-024-01648-4

IF: 3.488

2024-03-09

Peer-to-Peer Networking and Applications

Abstract:To ensure safe exchange of data in IoT-enabled-supply-chain network and safeguard other security issues, IoT devices should have an access control system that can regulate resource access in a permissioned manner. Traditional access control mechanisms (ACM) can guarantee that but lack wide adoption owing to centralized architecture, single point of failure, and limited security. A blockchain-based ACM can address all the above challenges, however, still some limitations exist. Firstly, blockchain provides data verifiability and user transparency, meaning that all stored information is accessible to network nodes for verification leading to privacy issues of sensitive data. Secondly, encryption-based solutions can address the privacy concern but require sharing of secret keys with unknown peers entailing another security risk. Thirdly, due to limited block size in blockchain, IoT-enabled-supply-chain networks prefer storing all the data in the cloud or a central server, which has their own threat concerns. In this work, we propose a blockchain-based ACM that integrates Bell La Padula (BLP) Model, Proxy Re-Encryption, and IPFS to address all the above challenges. BLP enforces fine-grained access control without performing high computation and ensures data confidentiality. With the Proxy Re-encryption, only authorized parties can decrypt data but without revealing the private key of the data owner. Meanwhile, IPFS eliminates the need for cloud servers and provides a more secure offsite storage. The security analysis of the proposed framework is presented using BAN logic. We also provide a thorough security comparison with other peer models to establish the superiority of our proposed work. Furthermore, smart contract-based implementation through Truffle is done to analyse the framework's effectiveness.

computer science, information systems,telecommunications