Anu Raj,Shiva Prakash

DOI: https://doi.org/10.1007/s40009-023-01383-z

2024-02-20

National Academy Science Letters

Abstract:Nowadays, the demand for the Internet of Medical Things (IoMT) is likely to be driven by the need for real-time health monitoring to handle chronic diseases. Designing a distributed and reliable access control and user authentication scheme for IoMT involves multiple layers of security measures to ensure the integrity, confidentiality, as well as availability of sensitive patient data. However, the major problem with smart healthcare systems is data security and privacy. Blockchain can resolve these issues due to its immutability and transparency features. Most of the existing research enhances security and data privacy but they do not consider the overhead, delay, and scalability. The clustering-based proposed approach adopted the real-world issues of blockchain, i.e., delay, and scalability. It is an efficient access control approach that enables users to establish their desired access control policy to protect their private medical data. It uses a dual chain mechanism in which the access policies are stored in one chain, while the data transactions are stored in another chain. This approach addresses the challenge of access control resolution by enabling data owners to decide their desirable access policies. The experimental results show the efficiency of the proposed scheme in terms of processing time, computational time and its resilience against various security threats.

multidisciplinary sciences

Palak Bagga,Ashok Kumar Das,Vinay Chamola,Mohsen Guizani

DOI: https://doi.org/10.1007/s11235-022-00938-7

Abstract:With rapid advancements in the technology, almost all the devices around are becoming smart and contribute to the Internet of Things (IoT) network. When a new IoT device is added to the network, it is important to verify the authenticity of the device before allowing it to communicate with the network. Hence, access control is a crucial security mechanism that allows only the authenticated node to become the part of the network. An access control mechanism also supports confidentiality, by establishing a session key that accomplishes secure communications in open public channels. Recently, blockchain has been implemented in access control protocols to provide a better security mechanism. The foundation of this survey article is laid on IoT, where a detailed description on IoT, its architecture and applications is provided. Further, various security challenges and issues, security attacks possible in IoT and their countermeasures are also provided. We emphasize on the blockchain technology and its evolution in IoT. A detailed description on existing consensus mechanisms and how blockchain can be used to overpower IoT vulnerabilities is highlighted. Moreover, we provide a comprehensive description on access control protocols. The protocols are classified into certificate-based, certificate-less and blockchain-based access control mechanisms for better understanding. We then elaborate on each use case like smart home, smart grid, health care and smart agriculture while describing access control mechanisms. The detailed description not only explains the implementation of the access mechanism, but also gives a wider vision on IoT applications. Next, a rigorous comparative analysis is performed to showcase the efficiency of all protocols in terms of computation and communication costs. Finally, we discuss open research issues and challenges in a blockchain-envisioned IoT network.

Yongtao Huang,I-Ling Yen,Farokh Bastani

2024-05-25

Abstract:The Internet of Things (IoT) necessitates robust access control mechanisms to secure a vast array of interconnected devices. Most of the existing IoT systems in practice use centralized solutions. We identify the problems in such solutions and adopt the blockchain based decentralized access control approach. Though there are works in the literature that use blockchain for access control, there are some gaps in these works. We develop a blockchain embedded access control (BEAC) framework to bridge the gaps. First, blockchain based solutions for access control require an enabling P2P network while existing P2P overlays do not support some required features. We develop a novel P2P infrastructure to seamlessly support our BEAC framework. Second, most of the works consider blockchain based access control for a single access control model, and we develop a generic blockchain mechanism and show that it can support the embedding of various access control models. Finally, existing works adopt existing blockchain mechanisms which may incur a high communication overhead. We develop a shortcut approach to improve the number of message rounds in the access protocol. Our experiments demonstrate the efficacy of our system, showing that the shortcut mechanism can reduces access time by approximately 43%.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Teng Hu,Siqi Yang,Yanping Wang,Gongliang Li,Yulong Wang,Gang Wang,Mingyong Yin

DOI: https://doi.org/10.3390/s23208535

2023-10-18

Abstract:With the rapid advancement of network communication and big data technologies, the Internet of Things (IoT) has permeated every facet of our lives. Meanwhile, the interconnected IoT devices have generated a substantial volume of data, which possess both economic and strategic value. However, owing to the inherently open nature of IoT environments and the limited capabilities and the distributed deployment of IoT devices, traditional access control methods fall short in addressing the challenges of secure IoT data management. On the one hand, the single point of failure issue is inevitable for the centralized access control schemes. On the other hand, most decentralized access control schemes still face problems such as token underutilization, the insecure distribution of user permissions, and inefficiency.This paper introduces a blockchain-based access control framework to address these challenges. Specifically, the proposed framework enables data owners to host their data and achieves user-defined lightweight data management. Additionally, through the strategic amalgamation of smart contracts and hash-chains, our access control scheme can limit the number of times (i.e., n-times access) a user can access the IoT data before the deadline. This also means that users can utilize their tokens multiple times (predefined by the data owner) within the deadline, thereby improving token utilization while ensuring strict access control. Furthermore, by leveraging the intrinsic characteristics of blockchain, our framework allows data owners to gain capabilities for auditing the access records of their data and verifying them. To empirically validate the effectiveness of our proposed framework and approach, we conducted extensive simulations, and the experimental results demonstrated the feasibility and efficiency of our solution.

Mohammed Amine Bouras,Boming Xia,Adnan Omer Abuassba,Huansheng Ning,Qinghua Lu

DOI: https://doi.org/10.7717/peerj-cs.455

2021-04-08

Abstract:Access control is a critical aspect for improving the privacy and security of IoT systems. A consortium is a public or private association or a group of two or more institutes, businesses, and companies that collaborate to achieve common goals or form a resource pool to enable the sharing economy aspect. However, most access control methods are based on centralized solutions, which may lead to problems like data leakage and single-point failure. Blockchain technology has its intrinsic feature of distribution, which can be used to tackle the centralized problem of traditional access control schemes. Nevertheless, blockchain itself comes with certain limitations like the lack of scalability and poor performance. To bridge the gap of these problems, here we present a decentralized capability-based access control architecture designed for IoT consortium networks named IoT-CCAC. A blockchain-based database is utilized in our solution for better performance since it exhibits favorable features of both blockchain and conventional databases. The performance of IoT-CCAC is evaluated to demonstrate the superiority of our proposed architecture. IoT-CCAC is a secure, salable, effective solution that meets the enterprise and business's needs and adaptable for different IoT interoperability scenarios.

Peng Wang,Ning Xu,Haibin Zhang,Wen Sun,Abderrahim Benslimane

DOI: https://doi.org/10.1109/jiot.2021.3125091

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiujiang Han,Yuxiang Zhang,Jian Liu,Ziyuan Li,Ming Xian,Huimei Wang,Feilong Mao,Yu Chen

DOI: https://doi.org/10.3390/electronics11172710

IF: 2.9

2022-08-30

Electronics

Abstract:With the rapid development of physical networks, tens of billions of Internet of Things (IoT) devices have been deployed worldwide. Access control is essential in the IoT system, which manages user access to vital IoT data. However, access control for the IoT is mainly based on centralized trusted servers, which face problems such as a single point of failure and data leakage. To tackle these challenges, we propose an access control framework for the IoT by combining blockchain and Intel software guard extension (SGX) technology. A blockchain validates both IoT devices and edge servers added to the network. The access control contract is deployed on the blockchain, which can manage attribute-based access control policies in a fine-grained manner and make access control decisions flexibly. SGX technology is introduced into the edge computing server to realize the confidentiality of data processing. Finally, we implemented the prototype of the framework on Quorum and conducted extensive experiments and theoretical analyses on the performance of the blockchain. The results of the experimental tests and theoretical analyses show that our framework has more advantages in computing costs and on-chain storage costs.

engineering, electrical & electronic,computer science, information systems,physics, applied

Anu Raj,Shiva Prakash

DOI: https://doi.org/10.1007/s11277-024-11312-y

IF: 2.017

2024-06-26

Wireless Personal Communications

Abstract:Nowadays, the adoption of the Internet of Things (IoT) framework in various healthcare industries has increased rapidly in recent years. The IoT devices generate vast amounts of sensitive data, such as personal health information. It is mandatory to protect medical records from unauthorized access and use. However, the finite resources nature of these devices can make it hard to implement robust security measures, such as encryption and authentication. A blockchain is a propitious approach for the secure management of medical records in an immutable way. This problem can be resolved with ciphertext-policy attribute-based encryption (CP-ABE), which permits granular access control in IoT. The local gateways that are directly interfaced with the Ethereum blockchain-based smart contract platform are utilized to create and implement a distributed and dependable user authentication and an access control mechanism for IoMT. In this paper, a DBC-based CP-ABE approach offers a secure and decentralized solution for secure communication and data protection and provides a more secure and trustworthy system. The system works on the concept of an Elliptical Curve Cryptography-based CP-ABE method to reduce complexity and provide data security in remote patient monitoring. On the other hand, blockchain-based smart contracts offer a dynamic, optimal, and self-adjusted access control in smart healthcare systems. It lowers the overhead of conducting resource-intensive authentication procedures and blockchain communications at IoT devices. The result provides the efficiency of the proposed work in computation as well as processing time and its resistance to various security intrusions over existing schemes.

telecommunications

Shuang Sun,Rong Du,Shudong Chen,Weiwei Li

DOI: https://doi.org/10.1109/access.2021.3059863

IF: 3.9

2021-01-01

IEEE Access

Abstract:Most IoT devices cannot afford to be a blockchain node due to the high computation and storage loads. Thus, the blockchain is usually deployed on one delegate node, e.g., the edge device or cloud, which may encounters three drawbacks: (1) The delegate node becomes the single failure point when the number of delegate notes are limited. (2) The delegate node replicating the blockchain data can lead to privacy information leak. (3) The delegate node is vulnerable to the Distributed Denial of Service (DDoS) attack. To tackle these drawbacks, we consider to minimize the redundant of blockchain to make the IoT devices as the specialized blockchain nodes. In this paper, we integrate a permissioned blockchain (HLF), an attribute-based access control (ABAC) and an identity-based signature (IBS) to build a security, lightweight, and cross-domain blockchain-based IoT access control system. Specifically, we divided the IoT system into different function domains, named IoT domains. Then, we establish a local blockchain ledger for each IoT domain to enable more IoT devices as blockchain nodes. The local blockchain ledger records the IoT domain entities' attributes, policy files' digests, and access decisions. Meanwhile, we use the channel technology of HLF to realize cross-domain access and use the IBS to filter the legal access requests for each IoT domain to prevent DDoS attacks. We also design a policy decision point (PDP) selection algorithm that select multiple IoT devices (blockchain nodes) to achieve the real-time distributed policy decisions (off-chain). Finally, we implement and evaluate the proposed system to demonstrate its practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

Inderpal Singh,Balraj Singh

DOI: https://doi.org/10.1007/s40998-024-00748-4

2024-09-11

Iranian Journal of Science and Technology Transactions of Electrical Engineering

Abstract:Internet of Things (IoT) applications are popularly involved in day-to-day life. The increase in utilization leads to an increase in network traffic. The incoming users have different intentions in the network and hence security is essential. The data user accesses the data in the cloud that is collected from IoT devices. A large-scale IoT environment has challenges in the provisioning of security as well as the management of access control mechanisms. The problem is a generation of policies and authenticating devices with minimum credentials. In this paper, Blockchain-based decentralized authentication and access control systems are designed. The process of authentication is conducted for the data owner and data user by considering identity, device type, IP address and signature, PUF, and biometric respectively. PUF stands for Physical Unclonable Function, which is a hardware-based security feature that generates a unique identifier for a device based on its physical properties, SALSA20 and PRESENT are encryption algorithms used in the proposed system to encrypt data chunks. SALSA20 is a stream cipher that generates a keystream to encrypt data, while PRESENT is a block cipher that encrypts data in fixed-size blocks These authentication credentials are managed in the blockchain. The credentials are stored in encrypted form using the Key schedule PRESENT algorithm. In the authentication of data users, the number of credentials is selected using fuzzy logic that improves security. To assure data storage security, the data is split into two chunks, and it is encrypted using SALSA20 and PRESENT algorithm. The proposed model is developed in an ifogsim simulator, and the performance metrics are evaluated in terms of authentication time, storage efficiency, running time, throughput, latency, and blocksize.

engineering, electrical & electronic

Saurav Ghosh,Reshmi Mitra,Indranil Roy,Bidyut Gupta

2024-12-05

Abstract:Ensuring security for highly dynamic peer-to-peer (P2P) networks has always been a challenge, especially for services like online transactions and smart devices. These networks experience high churn rates, making it difficult to maintain appropriate access control. Traditional systems, particularly Role-Based Access Control (RBAC), often fail to meet the needs of a P2P environment. This paper presents a blockchain-based access control framework that uses Ethereum smart contracts to address these challenges. Our framework aims to close the gaps in existing access control systems by providing flexible, transparent, and decentralized security solutions. The proposed framework includes access control contracts (ACC) that manage access based on static and dynamic policies, a Judge Contract (JC) to handle misbehavior, and a Register Contract (RC) to record and manage the interactions between ACCs and JC. The security model combines impact and severity-based threat assessments using the CIA (Confidentiality, Integrity, Availability) and STRIDE principles, ensuring responses are tailored to different threat levels. This system not only stabilizes the fundamental issues of peer membership but also offers a scalable solution, particularly valuable in areas such as the Internet of Things (IoT) and Web 3.0 technologies.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture,Systems and Control

Aqsa Rashid,Asif Masood,Atta ur Rehman Khan

DOI: https://doi.org/10.1007/s11277-024-11266-1

IF: 2.017

2024-06-27

Wireless Personal Communications

Abstract:Centralized access control systems are unsuitable for IoT due to their resource-constrained, heterogeneous, and dynamic nature. Blockchain-assisted decentralized access control systems exist for IoT, but those approaches are tokenization-based. In some cases, IoT devices are not part of the blockchain network due to which they cannot interact with the access control system directly. Instead, they need a trusted admin, management hub, or a fog node for permissions verification and access to resources. This paper presents a smart contract and blockchain-assisted framework for the access control systems in the IoT enterprise environment, called ACS-IoT. In the proposed framework, resource-constrained IoT devices belong to the blockchain network. Therefore, these devices can directly access the permitted resources without any centrally administered authority and management hub's verification. We used smart contract and Ethereum blockchain for the new framework. Smart contract allows automated enforcement of access policies and serves as an autonomous agent running exactly as programmed. The proposed framework is validated through implementation of the proof of concept, and implemented prototype is deployed and tested on the Ethereum test network. The obtained results confirm that usage of blockchain and smart contract can be used as access management technology in the IoT enterprise environment.

telecommunications

Syed Yawar Abbas Zaidi,Munam Ali Shah,Hasan Ali Khattak,Carsten Maple,Hafiz Tayyab Rauf,Ahmed M. El-Sherbeeny,Mohammed A. El-Meligy

DOI: https://doi.org/10.3390/su131910556

IF: 3.9

2021-09-23

Sustainability

Abstract:With opportunities brought by the Internet of Things (IoT), it is quite a challenge to maintain concurrency and privacy when a huge number of resource-constrained distributed devices are involved. Blockchain have become popular for its benefits, including decentralization, persistence, immutability, auditability, and consensus. Great attention has been received by the IoT based on the construction of distributed file systems worldwide. A new generation of IoT-based distributed file systems has been proposed with the integration of Blockchain technology, such as the Swarm and Interplanetary File System. By using IoT, new technical challenges, such as Credibility, Harmonization, large-volume data, heterogeneity, and constrained resources are arising. To ensure data security in IoT, centralized access control technologies do not provide credibility. In this work, we propose an attribute-based access control model for the IoT. The access control lists are not required for each device by the system. It enhances access management in terms of effectiveness. Moreover, we use blockchain technology for recording the attribute, avoiding data tempering, and eliminating a single point of failure at edge computing devices. IoT devices control the user’s environment as well as his or her private data collection; therefore, the exposure of the user’s personal data to non-trusted private and public servers may result in privacy leakage. To automate the system, smart contracts are used for data accessing, whereas Proof of Authority is used for enhancing the system’s performance and optimizing gas consumption. Through smart contracts, ciphertext can be stored on a blockchain by the data owner. Data can only be decrypted in a valid access period, whereas in blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. Scalability issues can also be resolved by using the multichain blockchain. Eventually, it is concluded from the simulation results that the proposed system is efficient for IoT.

environmental sciences,environmental studies,green & sustainable science & technology

Rourab Paul,Nimisha Ghosh,Suman Sau,Amlan Chakrabarti,Prasant Mahapatra

DOI: https://doi.org/10.48550/arXiv.1908.11538

2019-09-09

Abstract:Standard security protocols like SSL, TLS, IPSec etc. have high memory and processor consumption which makes all these security protocols unsuitable for resource constrained platforms such as Internet of Things (IoT). Blockchain (BC) finds its efficient application in IoT platform to preserve the five basic cryptographic primitives, such as confidentiality, authenticity, integrity, availability and non-repudiation. Conventional adoption of BC in IoT platform causes high energy consumption, delay and computational overhead which are not appropriate for various resource constrained IoT devices. This work proposes a machine learning (ML) based smart access control framework in a public and a private BC for a smart city application which makes it more efficient as compared to the existing IoT applications. The proposed IoT based smart city architecture adopts BC technology for preserving all the cryptographic security and privacy issues. Moreover, BC has very minimal overhead on IoT platform as well. This work investigates the existing threat models and critical access control issues which handle multiple permissions of various nodes and detects relevant inconsistencies to notify the corresponding nodes. Comparison in terms of all security issues with existing literature shows that the proposed architecture is competitively efficient in terms of security access control.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Muhammad Usman,Muhammad Shahzad Sarfraz,Muhammad Umar Aftab,Usman Habib,Saleha Javed

DOI: https://doi.org/10.1109/access.2024.3390842

IF: 3.9

2024-04-27

IEEE Access

Abstract:Industrial Internet of Things (IIoT) applications consist of resource constrained interconnected devices that make them vulnerable to data leak and integrity violation challenges. The mobility, dynamism, and complex structure of the network further make this issue more challenging. To control the information flow in such environments, access control is critical to make collaboration and communication safe. To deal with these challenges, recent studies employ attribute-based access control on top of blockchain technology. However, the attribute-based access control frameworks suffer due to high computational overhead. In this paper, we propose an improved role-based access control framework using hyperledger blockchain to deal with IIoT requirements with less computational overhead making the information control process more efficient and real-time. The proposed framework leverages a layered architecture of chaincodes to implement the improved access control framework that handles the permission delegation and conflict management to deal with the dynamism of the IIoT network. The system uses a Policy Contract, Device Contract, and Access Contract to manage the workflow of the whole access control process. Each chaincode in the proposed framework is isolated in terms of its responsibilities to make the design low coupled. The integration of improved access control with blockchain enables the proposed framework to provide a highly scalable solution, tamper-proof, and flexible to manage conflicting scenarios. The proposed system outperforms the recent studies significantly in computational overhead in extensive simulation results. To verify the scalability and efficiency, the proposed is evaluated against a large number of concurrent virtual clients in simulation and statistical analysis proves that the proposed system is promising for further research in this domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zia Ullah,Ghassan Husnain,Muhammad Ismail Mohmand,Mansoor Qadir,Khalid J. Alzahrani,Yazeed Yasin Ghadi,Hend Khalid Alkahtani

DOI: https://doi.org/10.1049/cmu2.12845

IF: 1.345

2024-10-09

IET Communications

Abstract:The model combines the Ethereum blockchain, interplanetary file system, and attribute‐based encryption to ensure secure and resilient storage and sharing of Internet of Things data. Through an in‐depth exploration of the system architecture and underlying mechanisms, it is demonstrated how the framework decouples storage functionality from resource‐constrained Internet of Things devices, mitigating security risks associated with on‐device storage. With the rapid expansion of the Internet of Things (IoT), cloud storage has emerged as one of the cornerstones of data management, facilitating ubiquitous access and seamless sharing of information. However, with the involvement of a third party, traditional cloud‐based storage systems are plagued by security and availability concerns, stemming from centralized control and management architectures. A novel blockchain‐IoT model that leverages blockchain technology and decentralized storage mechanisms to address these challenges is presented. The model combines the Ethereum blockchain, interplanetary file system, and attribute‐based encryption to ensure secure and resilient storage and sharing of IoT data. Through an in‐depth exploration of the system architecture and underlying mechanisms, it is demonstrated how the framework decouples storage functionality from resource‐constrained IoT devices, mitigating security risks associated with on‐device storage. In addition, data owners and users can easily exchange data with one another through the use of Ethereum smart contracts, fostering a collaborative environment and providing incentives for data sharing. Moreover, an incentive mechanism powered by the FileCoin cryptocurrency is introduced, which motivates and ensures data sharing transparency and integrity between stakeholders. Furthermore, in the proposed blockchain‐IoT model, the proof‐of‐authority system consensus algorithm has been replaced by a delegated proof‐of‐capacity system, which reduces transaction costs and energy consumption. Using the Rinkby Ethereum official testing network, the proposed model has been demonstrated to be feasible and economical, emphasizing its potential to redefine IoT data management.

engineering, electrical & electronic

Jie Zhang,Lingyun Yuan,Shanshan Xu

DOI: https://doi.org/10.48550/arXiv.2111.06544

2021-11-17

Abstract:In view of the security issues of the Internet of Things (IoT), considered better combining edge computing and blockchain with the IoT, integrating attribute-based encryption (ABE) and attribute-based access control (ABAC) models with attributes as the entry point, an attribute-based encryption and access control scheme (ABE-ACS) has been proposed. Facing Edge-Iot, which is a heterogeneous network composed of most resource-limited IoT devices and some nodes with higher computing power. For the problems of high resource consumption and difficult deployment of existing blockchain platforms, we design a lightweight blockchain (LBC) with improvement of the proof-of-work consensus. For the access control policies, the threshold tree and LSSS are used for conversion and assignment, stored in the blockchain to protect the privacy of the policy. For device and data, six smart contracts are designed to realize the ABAC and penalty mechanism, with which ABE is outsourced to edge nodes for privacy and integrity. Thus, our scheme realizing Edge-Iot privacy protection, data and device controlled access. The security analysis shows that the proposed scheme is secure and the experimental results show that our LBC has higher throughput and lower resources consumption, the cost of encryption and decryption of our scheme is desirable.

Cryptography and Security,Computers and Society

JoonYoung Lee,MyeongHyun Kim,KiSung Park,SungKee Noh,Abhishek Bisht,Ashok Kumar Das,Youngho Park

DOI: https://doi.org/10.3390/s23115173

2023-05-29

Abstract:Recently, with the increasing application of the Internet of Things (IoT), various IoT environments such as smart factories, smart homes, and smart grids are being generated. In the IoT environment, a lot of data are generated in real time, and the generated IoT data can be used as source data for various services such as artificial intelligence, remote medical care, and finance, and can also be used for purposes such as electricity bill generation. Therefore, data access control is required to grant access rights to various data users in the IoT environment who need such IoT data. In addition, IoT data contain sensitive information such as personal information, so privacy protection is also essential. Ciphertext-policy attribute-based encryption (CP-ABE) technology has been utilized to address these requirements. Furthermore, system structures applying blockchains with CP-ABE are being studied to prevent bottlenecks and single failures of cloud servers, as well as to support data auditing. However, these systems do not stipulate authentication and key agreement to ensure the security of the data transmission process and data outsourcing. Accordingly, we propose a data access control and key agreement scheme using CP-ABE to ensure data security in a blockchain-based system. In addition, we propose a system that can provide data nonrepudiation, data accountability, and data verification functions by utilizing blockchains. Both formal and informal security verifications are performed to demonstrate the security of the proposed system. We also compare the security, functional aspects, and computational and communication costs of previous systems. Furthermore, we perform cryptographic calculations to analyze the system in practical terms. As a result, our proposed protocol is safer against attacks such as guessing attacks and tracing attacks than other protocols, and can provide mutual authentication and key agreement functions. In addition, the proposed protocol is more efficient than other protocols, so it can be applied to practical IoT environments.

Liang Tan,Na Shi,Keping Yu,Moayad Aloqaily,Yaser Jararweh

DOI: https://doi.org/10.1145/3433542

IF: 5.3

2021-06-15

ACM Transactions on Internet Technology

Abstract:Green Internet of things (GIoT) generally refers to a new generation of Internet of things design concept. It can save energy and reduce emissions, reduce environmental pollution, waste of resources, and harm to human body and environment, in which green smart device (GSD) is a basic unit of GIoT for saving energy. With the access of a large number of heterogeneous bottom-layer GSDs in GIoT, user access and control of GSDs have become more and more complicated. Since there is no unified GSD management system, users need to operate different GIoT applications and access different GIoT cloud platforms when accessing and controlling these heterogeneous GSDs. This fragmented GSD management model not only increases the complexity of user access and control for heterogeneous GSDs, but also reduces the scalability of GSDs applications. To address this issue, this article presents a blockchain-empowered general GSD access control framework, which provides users with a unified GSD management platform. First, based on the World Wide Web Consortium (W3C) decentralized identifiers (DIDs) standard, users and GSD are issued visual identity ( VID ). Then, we extended the GSD-DIDs protocol to authenticate devices and users. Finally, based on the characteristics of decentralization and non-tampering of blockchain, a unified access control system for GSD was designed, including the registration, granting, and revoking of access rights. We implement and test on the Raspberry Pi device and the FISCO-BCOS alliance chain. The experimental results prove that the framework provides a unified and feasible way for users to achieve decentralized, lightweight, and fine-grained access control of GSDs. The solution reduces the complexity of accessing and controlling GSDs, enhances the scalability of GSD applications, as well as guarantees the credibility and immutability of permission data and identity data during access.

computer science, information systems, software engineering