Yuanyu Zhang,Shoji Kasahara,Yulong Shen,Xiaohong Jiang,Jianxiong Wan

DOI: https://doi.org/10.1109/jiot.2018.2847705

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:This paper investigates a critical access control issue in the Internet of Things (IoT). In particular, we propose a smart contract-based framework, which consists of multiple access control contracts (ACCs), one judge contract (JC) and one register contract (RC), to achieve distributed and trustworthy access control for IoT systems. Each ACC provides one access control method for a subject-object pair, and implements both static access right validation based on predefined policies and dynamic access right validation by checking the behavior of the subject. The JC implements a misbehavior-judging method to facilitate the dynamic validation of the ACCs by receiving misbehavior reports from the ACCs, judging the misbehavior and returning the corresponding penalty. The RC registers the information of the access control and misbehavior-judging methods as well as their smart contracts, and also provides functions (e.g., register, update and delete) to manage these methods. To demonstrate the application of the framework, we provide a case study in an IoT system with one desktop computer, one laptop and two Raspberry Pi single-board computers, where the ACCs, JC and RC are implemented based on the Ethereum smart contract platform to achieve the access control.

Yuanyu Zhang,Mirei Yutaka,Masahiro Sasabe,Shoji Kasahara

DOI: https://doi.org/10.48550/arXiv.2009.02933

2020-09-07

Abstract:Efficient and reliable access control in smart cities is critical for the protection of various resources for decision making and task execution. Existing centralized access control schemes suffer from the limitations of single point of failure, low reliability and poor scalability. This paper therefore proposes a distributed and reliable access control framework for smart cities by combining the blockchain smart contract technology and the Attribute-Based Access Control (ABAC) model. The framework consists of one Policy Management Contract (PMC) for managing the ABAC policies, one Subject Attribute Management Contract (SAMC) for managing the attributes of subjects (i.e., entities accessing resources), one Object Attribute Management Contract (OAMC) for managing the attributes of objects (i.e., resources being accessed), and one Access Control Contract (ACC) for performing the access control. To show the feasibility of the proposed framework, we construct a local private Ethereum blockchain system to implement the four smart contracts and also conduct experiments to evaluate the monetary cost as well as to compare the proposed framework with an existing Access Control List (ACL)-based scheme. The experimental results show that although the proposed scheme consumes more money than the ACL-based scheme at the deployment stage, it introduces less monetary cost during the system running especially for large-scale smart cities.

Cryptography and Security,Information Theory

Bowen Liu,Siwei Sun,Pawel Szalachowski

DOI: https://doi.org/10.48550/arXiv.2003.07495

2020-03-17

Abstract:Although blockchain-based smart contracts promise a ``trustless'' way of enforcing agreements even with monetary consequences, they suffer from multiple security issues. Many of these issues could be mitigated via an effective access control system, however, its realization is challenging due to the properties of current blockchain platforms (like lack of privacy, costly on-chain resources, or latency). To address this problem, we propose the SMACS framework, where updatable and sophisticated Access Control Rules (ACRs)} for smart contracts can be realized with low cost. SMACS shifts the burden of expensive ACRs validation and management operations to an off-chain infrastructure, while implementing on-chain only lightweight token-based access control. SMACS is flexible and in addition to simple access control lists can easily implement rules enhancing the runtime security of smart contracts. With dedicated ACRs backed by vulnerability-detection tools, SMACS can protect vulnerable contracts after deployment. We fully implement SMACS and evaluate it.

Cryptography and Security

Chen Zhonghua,S. B. Goyal,Anand Singh Rajawat

DOI: https://doi.org/10.1007/s11227-023-05517-4

IF: 3.3

2023-07-18

The Journal of Supercomputing

Abstract:In order to solve the problem of data security and management between IoT edge nodes and massive heterogeneous devices, combined with the wide application of blockchain technology in distributed system data security management, a blockchain-based Internet of Things access control model (SC-ABAC) is proposed by combining smart contracts and attribute-based access control. The traditional consensus algorithm PoW (Proof of Work) and SC-ABAC access control management process are optimized. By quantitative analysis, the time to call contracts in the query process increases linearly, the time of the policy addition and judgment process is constant, and the energy consumption of the optimized consensus mechanism is smaller than that of the PoW unit. This model provides decentralized, fine-grained, and dynamic access control management in IoT environments, enabling distributed systems to reach consensus faster and ensure data consistency.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Yong Zhu,Xiao Wu,Zhihui Hu

DOI: https://doi.org/10.3390/electronics11010167

IF: 2.9

2022-01-05

Electronics

Abstract:Traditional centralized access control faces data security and privacy problems. The core server is the main target to attack. Single point of failure risk and load bottleneck are difficult to solve effectively. And the third-party data center cannot protect data owners. Traditional distributed access control faces the problem of how to effectively solve the scalability and diversified requirements of IoT (Internet of Things) applications. SCAC (Smart Contract-based Access Control) is based on ABAC (Attributes Based Access Control) and RBAC (Role Based Access Control). It can be applied to various types of nodes in different application scenarios that attributes are used as basic decision elements and authorized by role. The research objective is to combine the efficiency of service orchestration in edge computing with the security of consensus mechanism in blockchain, making full use of smart contract programmability to explore fine grained access control mode on the basis of traditional access control paradigm. By designing SSH-based interface for edge computing and blockchain access, SCAC parameters can be found and set to adjust ACLs (Access Control List) and their policies. The blockchain-edge computing combination is powerful in causing significant transformations across several industries, paving the way for new business models and novel decentralized applications. The rationality on typical process behavior of management services and data access control be verified through CPN (Color Petri Net) tools 4.0, and then data statistics on fine grained access control, decentralized scalability, and lightweight deployment can be obtained by instance running in this study. The results show that authorization takes into account both security and efficiency with the “blockchain-edge computing” combination.

engineering, electrical & electronic,computer science, information systems,physics, applied

Leepakshi Bindra,Kalvin Eng,Omid Ardakanian,Eleni Stroulia

DOI: https://doi.org/10.1080/23335777.2021.1922502

2020-10-16

Abstract:Large commercial buildings are complex cyber-physical systems containing expensive and critical equipment that ensure the safety and comfort of their numerous occupants. Yet occupant and visitor access to spaces and equipment within these buildings are still managed through unsystematic, inefficient, and human-intensive processes. As a standard practice, long-term building occupants are given access privileges to rooms and equipment based on their organizational roles, while visitors have to be escorted by their hosts. This approach is conservative and inflexible. In this paper, we describe a methodology that can flexibly and securely manage building access privileges for long-term occupants and short-term visitors alike, taking into account the risk associated with accessing each space within the building. Our methodology relies on blockchain smart contracts to describe, grant, audit, and revoke fine-grained permissions for building occupants and visitors, in a decentralized fashion. The smart contracts are specified through a process that leverages the information compiled from Brick and BOT models of the building. We illustrate the proposed method through a typical application scenario in the context of a real office building and argue that it can greatly reduce the administration overhead, while, at the same time, providing fine-grained, auditable access control.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Gajanan Badhe,Dr. Maithili Arjunwadkar

DOI: https://doi.org/10.46647/ijetms.2023.v07i04.082

2023-01-01

International Journal of Engineering Technology and Management Sciences

Abstract:Now a days the need for decentralized applications is increasing and blockchain provides the foundational technology for creating and developing them. The security and integrity of the blockchain network and its resources are supported by access controls, which is a crucial component of blockchain-based applications. This paper presents a study of various access control mechanisms, including smart contracts, consensus algorithms, and cryptographic protocols, to assess their benefits and limitations in different contexts of applications. The purpose of the paper is to present various access control systems in blockchain-based applications and their applicability and effectiveness in various use case scenarios.

Ke Yang,Da Li,Lei Zhou,Kai Cheng

DOI: https://doi.org/10.1088/1742-6596/2166/1/012042

2022-01-01

Journal of Physics: Conference Series

Abstract:Abstract The new power system presents new features such as massive, decentralized, multiple types of equipment and user access, more complex interactions, and faster response speed. The zero-trust security model still has problems such as the single-point failure risk of permission control and the inability to balance dynamic fine-grained permission adjustment and real-time response. Based on this, this paper proposes an adaptive dynamic access control model based on blockchain and token. First, build a decentralized authorization management architecture based on blockchain smart contracts to provide users with reliable and intelligent authorization services. Secondly, an authorization technology based on short-term tokens is proposed, which realizes adaptive dynamic access authority adjustment through user trust evaluation and smart contract automatic discrimination. Finally, an intelligent identity authentication mechanism based on user behavior data analysis is designed to support the adaptive update of tokens. Experiments have verified that this model has certain advantages in accurate and adaptive dynamic authorization, which can provide a reference for the improvement of the zero-trust model.

Saurav Ghosh,Reshmi Mitra,Indranil Roy,Bidyut Gupta

2024-12-05

Abstract:Ensuring security for highly dynamic peer-to-peer (P2P) networks has always been a challenge, especially for services like online transactions and smart devices. These networks experience high churn rates, making it difficult to maintain appropriate access control. Traditional systems, particularly Role-Based Access Control (RBAC), often fail to meet the needs of a P2P environment. This paper presents a blockchain-based access control framework that uses Ethereum smart contracts to address these challenges. Our framework aims to close the gaps in existing access control systems by providing flexible, transparent, and decentralized security solutions. The proposed framework includes access control contracts (ACC) that manage access based on static and dynamic policies, a Judge Contract (JC) to handle misbehavior, and a Register Contract (RC) to record and manage the interactions between ACCs and JC. The security model combines impact and severity-based threat assessments using the CIA (Confidentiality, Integrity, Availability) and STRIDE principles, ensuring responses are tailored to different threat levels. This system not only stabilizes the fundamental issues of peer membership but also offers a scalable solution, particularly valuable in areas such as the Internet of Things (IoT) and Web 3.0 technologies.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture,Systems and Control

Akanksha Saini,Qingyi Zhu,Navneet Singh,Yong Xiang,Longxiang Gao,Yushu Zhang

DOI: https://doi.org/10.1109/jiot.2020.3032997

IF: 10.6

2021-04-01

IEEE Internet of Things Journal

Abstract:In current healthcare systems, electronic medical records (EMRs) are always located in different hospitals and controlled by a centralized cloud provider. However, it leads to single point of failure as patients being the real owner lose track of their private and sensitive EMRs. Hence, this article aims to build an access control framework based on smart contract, which is built on the top of distributed ledger (blockchain), to secure the sharing of EMRs among different entities involved in the smart healthcare system. For this, we propose four forms of smart contracts for user verification, access authorization, misbehavior detection, and access revocation, respectively. In this framework, considering the block size of ledger and huge amount of patient data, the EMRs are stored in cloud after being encrypted through the cryptographic functions of elliptic curve cryptography (ECC) and Edwards-curve digital signature algorithm (EdDSA), while their corresponding hashes are packed into blockchain. The performance evaluation based on a private Ethereum system is used to verify the efficiency of proposed access control framework in the real-time smart healthcare system.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yizhong Liu,Meikang Qiu,Jianwei Liu,Meiqin Liu

DOI: https://doi.org/10.1109/cscloud-edgecom52276.2021.00032

2021-01-01

Abstract:In this paper, we study the existing blockchain consensus mechanisms that can be applied to access control scenarios and analyze advantages and disadvantages for each category. Besides, we divide access control procedures into policy formulation, storage, and request processing. For each procedure, we summarize existing methods and analyze possible problems. Finally, we give the potential future research directions. This paper provides a clear framework for access control, on which researchers can explore new types of blockchain-based access control solutions to solve the existing security and performance problems.

Syed Yawar Abbas Zaidi,Munam Ali Shah,Hasan Ali Khattak,Carsten Maple,Hafiz Tayyab Rauf,Ahmed M. El-Sherbeeny,Mohammed A. El-Meligy

DOI: https://doi.org/10.3390/su131910556

IF: 3.9

2021-09-23

Sustainability

Abstract:With opportunities brought by the Internet of Things (IoT), it is quite a challenge to maintain concurrency and privacy when a huge number of resource-constrained distributed devices are involved. Blockchain have become popular for its benefits, including decentralization, persistence, immutability, auditability, and consensus. Great attention has been received by the IoT based on the construction of distributed file systems worldwide. A new generation of IoT-based distributed file systems has been proposed with the integration of Blockchain technology, such as the Swarm and Interplanetary File System. By using IoT, new technical challenges, such as Credibility, Harmonization, large-volume data, heterogeneity, and constrained resources are arising. To ensure data security in IoT, centralized access control technologies do not provide credibility. In this work, we propose an attribute-based access control model for the IoT. The access control lists are not required for each device by the system. It enhances access management in terms of effectiveness. Moreover, we use blockchain technology for recording the attribute, avoiding data tempering, and eliminating a single point of failure at edge computing devices. IoT devices control the user’s environment as well as his or her private data collection; therefore, the exposure of the user’s personal data to non-trusted private and public servers may result in privacy leakage. To automate the system, smart contracts are used for data accessing, whereas Proof of Authority is used for enhancing the system’s performance and optimizing gas consumption. Through smart contracts, ciphertext can be stored on a blockchain by the data owner. Data can only be decrypted in a valid access period, whereas in blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. Scalability issues can also be resolved by using the multichain blockchain. Eventually, it is concluded from the simulation results that the proposed system is efficient for IoT.

environmental sciences,environmental studies,green & sustainable science & technology

Ronghua Xu,Yu Chen,Erik Blasch,Genshe Chen

DOI: https://doi.org/10.48550/arXiv.1810.01291

2018-10-01

Cryptography and Security

Abstract:Space situation awareness (SSA) includes tracking of active and inactive resident space objects (RSOs) and assessing the space environment through sensor data collection and processing. To enhance SSA, the dynamic data-driven applications systems (DDDAS) framework couples on-line data with off-line models to enhance system performance. Using feedback control, sensor management, and communications reliability. For information management, there is a need for identity authentication and access control to ensure the integrity of exchanged data as well as to grant authorized entities access right to data and services. Due to decentralization and heterogeneity of SSA systems, it is challenging to build an efficient centralized access control system, which could either be a performance bottleneck or the single point of failure. Inspired by the blockchain and smart contract technology, this paper introduces BlendCAC, a decentralized authentication and capability-based access control mechanism to enable effective protection for devices, services and information in SSA networks. To achieve secure identity authentication, the BlendCAC leverages the blockchain to create virtual trust zones and a robust identity-based capability token management strategy is proposed. A proof-of-concept prototype has been implemented on both resources-constrained devices and more powerful computing devices, and is tested on a private Ethereum blockchain network. The experimental results demonstrate the feasibility of the BlendCAC scheme to offer a decentralized, scalable, lightweight and fine-grained access control solution for space system towards SSA.

Hongzhi Li,Dun Li,Wei Liang

DOI: https://doi.org/10.1007/s10586-024-04524-1

2024-05-30

Cluster Computing

Abstract:The application of healthcare systems has led to an explosive growth in personal electronic health records (EHRs). These EHRs are generated from different healthcare institutions and stored in cloud data centers, respectively. However, data owners lose the authority to control and track their private and sensitive EHRs. In fact, data owners cannot establish rules for EHRs exchanging and sharing, nor can they verify the integrity of EHRs stored in semi-trusted clouds. Hence, an individual-centric access control framework is required to realize data access control. In this study, we construct a data access control framework, which integrates decentralized smart contracts and role-based access control (RBAC) to provide fine-grained data access control services. The key ideas of this schme includes: (1) a fine-grained access control framework for EHRs is proposed to achieve trusted access control; (2) a personalized policies definition mechanism is adopted to achieve patient-centric data access control; (3) a integrity checking mechanism for the shared EHRs is implemented to ensure the availability of medical records. Finally, we analyze the security properties of this scheme and develop a prototype system to evaluate its performance. Both theoretical analysis and experiment results demonstrate that this scheme can provide fine-grained access control and efficient integrity checking services for EHRs.

computer science, information systems, theory & methods

Aqsa Rashid,Asif Masood,Atta ur Rehman Khan

DOI: https://doi.org/10.1007/s11277-024-11266-1

IF: 2.017

2024-06-27

Wireless Personal Communications

Abstract:Centralized access control systems are unsuitable for IoT due to their resource-constrained, heterogeneous, and dynamic nature. Blockchain-assisted decentralized access control systems exist for IoT, but those approaches are tokenization-based. In some cases, IoT devices are not part of the blockchain network due to which they cannot interact with the access control system directly. Instead, they need a trusted admin, management hub, or a fog node for permissions verification and access to resources. This paper presents a smart contract and blockchain-assisted framework for the access control systems in the IoT enterprise environment, called ACS-IoT. In the proposed framework, resource-constrained IoT devices belong to the blockchain network. Therefore, these devices can directly access the permitted resources without any centrally administered authority and management hub's verification. We used smart contract and Ethereum blockchain for the new framework. Smart contract allows automated enforcement of access policies and serves as an autonomous agent running exactly as programmed. The proposed framework is validated through implementation of the proof of concept, and implemented prototype is deployed and tested on the Ethereum test network. The obtained results confirm that usage of blockchain and smart contract can be used as access management technology in the IoT enterprise environment.

telecommunications

Peng Wang,Ning Xu,Haibin Zhang,Wen Sun,Abderrahim Benslimane

DOI: https://doi.org/10.1109/jiot.2021.3125091

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rahul Saha,Gulshan Kumar,Mauro Conti,Tannishtha Devgun,Tai-hoon Kim,Mamoun Alazab,Reji Thomas

DOI: https://doi.org/10.1109/tii.2021.3108676

IF: 12.3

2022-05-01

IEEE Transactions on Industrial Informatics

Abstract:The integration between blockchains, Internet-of-Thing (IoT), and smart contracts is an emerging and promising technology. The advantages of this technology have raised the importance of Industrial Internet-of-Thing (IIoT) and have paved the pathway for "Industry 4.0." Surprisingly, access control has received less attention in IIoTs. Though there are some solutions coming forward to use blockchains for IIoT to enable secure and resilient access control management, the challenge is to satisfy the low-latency requirements of IIoTs for validating and adding the blocks to the chain. Besides, role-based and rule-based access controls in the existing systems can be forged without organizational access controls and compliance. Therefore, we address these problems in this article. In the present work, we propose DHACS, a Decentralized Hybrid Access Control for Smart contract, for IIoTs. DHACS aims to provide transparency, reliability, and robustness to the existing access control mechanism in IIoTs. The framework is based on blockchain feasibilities that contribute to an interconnected hybrid access control through smart contract provision. It is a novel idea in the domain of IIoTs. We use three access control strategies, role-based, rule-based, and organization-based, to develop a hybrid approach for smart contract in DHACS. The operational transactions along with their access controls are accounted and blocks are made by the transaction pooler and block creator. We use a private blockchain environment; however, it can be extended to a public blockchain or consortium blockchain for geographical distributed dependency. We compare DHACS with three existing approaches in recent time. We measure the performance in terms of computational costs, storage complexity, and energy consumption. DHACS outperforms the others approaches and is considered to be efficient for IIoT applications with more t-an 30% better efficiency in access control management. To the best of our knowledge, DHACS is the first attempt to use decentralized blockchains with smart contract for hybrid access control in IIoTs.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Teng Hu,Siqi Yang,Yanping Wang,Gongliang Li,Yulong Wang,Gang Wang,Mingyong Yin

DOI: https://doi.org/10.3390/s23208535

2023-10-18

Abstract:With the rapid advancement of network communication and big data technologies, the Internet of Things (IoT) has permeated every facet of our lives. Meanwhile, the interconnected IoT devices have generated a substantial volume of data, which possess both economic and strategic value. However, owing to the inherently open nature of IoT environments and the limited capabilities and the distributed deployment of IoT devices, traditional access control methods fall short in addressing the challenges of secure IoT data management. On the one hand, the single point of failure issue is inevitable for the centralized access control schemes. On the other hand, most decentralized access control schemes still face problems such as token underutilization, the insecure distribution of user permissions, and inefficiency.This paper introduces a blockchain-based access control framework to address these challenges. Specifically, the proposed framework enables data owners to host their data and achieves user-defined lightweight data management. Additionally, through the strategic amalgamation of smart contracts and hash-chains, our access control scheme can limit the number of times (i.e., n-times access) a user can access the IoT data before the deadline. This also means that users can utilize their tokens multiple times (predefined by the data owner) within the deadline, thereby improving token utilization while ensuring strict access control. Furthermore, by leveraging the intrinsic characteristics of blockchain, our framework allows data owners to gain capabilities for auditing the access records of their data and verifying them. To empirically validate the effectiveness of our proposed framework and approach, we conducted extensive simulations, and the experimental results demonstrated the feasibility and efficiency of our solution.

Priyanka Kamboj,Shivang Khare,Sujata Pal

DOI: https://doi.org/10.1007/s12083-021-01150-1

2021-04-28

Abstract:Since the last few decades, information security has become a significant challenge for organizations' system administrators. However, the Role-Based Access Control (RBAC) model has emerged as a viable solution for organizations to meet the security requirement due to its less administrative overhead. Blockchain technology is distributive and can be used effectively in user authentication and authorization challenges. This paper proposes an RBAC model using a blockchain-based smart contract for managing user-role permissions in the organization. We design a threat and security model to resist attacks such as man-in-the-middle attacks in an organization scenario. The proposed approach uses the Ethereum blockchain platform and its smart contract functionalities to model user-resource communications. The proposed method is tested on Ropsten Ethereum Test Network and evaluated to analyze user authentication, verification, cost, and security.

computer science, information systems,telecommunications