Decentralized Access Control for Smart Buildings Using Metadata and Smart Contracts

Managing the privileges of occupants and visitors of large commercial buildings to access different building areas, control systems and equipment therein is a challenging task. The best practice today involves giving long-term building occupants, for example employees working in the building, access privileges to their organization areas and requiring visitors to be escorted by them. This approach is conservative and inflexible. Ideally, an automated solution is needed to manage access delegations; however, traditional role-based access control models are unwieldy in that they require the specification of all roles and their relative authority, which is a challenge in large buildings home of multiple organizations and numerous visitors. In this paper, we present a methodology based on blockchain smart contracts to describe, grant, and revoke fine-grained permissions for building users in a decentralized fashion. This method supports access control using resource description framework (RDF) graphs and implements two APIs for client applications. Leveraging the metadata of a real building, we have applied the proposed method to manage privileges in some realistic use-cases and shown that it can greatly reduce the administration overhead while providing fine-grained access control.

[1]  David Shaw,et al.  OpenPGP Message Format , 1998, RFC.

[2]  Dan Brickley,et al.  Resource Description Framework (RDF) Model and Syntax Specification , 2002 .

[3]  Germano Caronni,et al.  Walking the Web of trust , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[4]  Peter Saint-Andre,et al.  Streaming XML with Jabber/XMPP , 2005, IEEE Internet Comput..

[5]  David E. Culler,et al.  Non-intrusive occupancy monitoring for energy conservation in commercial buildings , 2018 .

[6]  D. Culler,et al.  WAVE : A Decentralized Authorization System for IoT via Blockchain Smart Contracts , 2017 .

[7]  Randy H. Katz,et al.  Democratizing authority in the built environment , 2017, BuildSys@SenSys.

[8]  Jani Suomalainen,et al.  Architecture and Knowledge-Driven Self-Adaptive Security in Smart Space , 2013, Comput..

[9]  Mani Srivastava,et al.  Brick: Towards a Unified Metadata Schema For Buildings , 2016, BuildSys@SenSys.

[10]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[11]  Kurt D. Zeilenga Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map , 2006, RFC.

[12]  Amedeo Cesta,et al.  An Ontology-Based Domain Representation for Plan-Based Controllers in a Reconfigurable Manufacturing System , 2015, FLAIRS.

[13]  Naoto Yanai,et al.  RBAC-SC: Role-Based Access Control Using Smart Contract , 2018, IEEE Access.

[14]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.