A Blockchain-based Decentralised and Dynamic Authorisation Scheme for the Internet of Things

An authorisation has been recognised as an important security measure for preventing unauthorised access to critical resources, such as devices and data, within the Internet of Things (IoT) networks. To achieve authorisation, access control mechanisms are extensively utilised, restricting the user’s actions within the network or system based on predetermined access control policies with specific control actions. Existing authorisation methods for the IoT network is based on traditional access control models, which have several drawbacks, including architecture centralisation, policy tampering, access rights validation, malicious third party policy assignment and control, and network-related overheads. The increasing trend of integrating Blockchain technology with IoT networks demonstrates its importance and potential to address the shortcomings of traditional IoT network authorisation mechanisms. However, existing Blockchain-based authorisation solutions for IoT networks overlook the importance of utilising the full potential of Blockchain technology and under-perform to handle the dynamicity of the underlying network in terms of malicious user behaviour, static policies, and auditability of user requests and resources. This paper proposes a decentralised secure, dynamic, and flexible authorisation scheme for IoT networks based on attribute-based access control (ABAC) fine-grained policies stored on a distributed immutable ledger. We design a Blockchain-based ABAC policy management framework divided into Attribute Management Authority (AMA) and Policy Management Authority (PMA) frameworks that use smart contract features to initialise, store, and manage attributes and policies on the Blockchain. To achieve flexibility and dynamicity in the authorisation process, we capture and utilise the environmental-related attributes in conjunction with the subject and object attributes of the ABAC model to define the policies. Furthermore, we designed the Blockchain-based Access Management Framework (AMF) to manage user requests to access IoT devices while maintaining the privacy and auditability of user requests and assigned policies. We implemented a prototype of our proposed scheme and executed it on the local Ethereum Blockchain. Finally, we demonstrated the applicability and flexibility of our proposed scheme for an IoT-based smart home scenario, taking into account deployment, execution and financial costs.

[1]  Yaser Jararweh,et al.  A Blockchain-empowered Access Control Framework for Smart Devices in Green Internet of Things , 2021, ACM Trans. Internet Techn..

[2]  Raja Jurdak,et al.  Blockchain for IoT Access Control: Recent Trends and Future Research Directions , 2021, J. Netw. Comput. Appl..

[3]  Muhammad Bilal Amin,et al.  A formally verified blockchain-based decentralised authentication scheme for the internet of things , 2021, The Journal of Supercomputing.

[4]  Hongming Cai,et al.  A distributed dynamic authorisation method for Internet+ medical & healthcare data access based on consortium blockchain , 2021, Enterp. Inf. Syst..

[5]  Jiguo Yu,et al.  BHE-AC: a blockchain-based high-efficiency access control framework for Internet of Things , 2021, Personal and Ubiquitous Computing.

[6]  Salil S. Kanhere,et al.  Trust-Based Blockchain Authorization for IoT , 2021, IEEE Transactions on Network and Service Management.

[7]  Yongfeng Huang,et al.  LBAC: A lightweight blockchain-based access control scheme for the internet of things , 2021, Inf. Sci..

[8]  Masahiro Sasabe,et al.  Attribute-Based Access Control for Smart Cities: A Smart-Contract-Driven Framework , 2020, IEEE Internet of Things Journal.

[9]  ALI GAUHAR,et al.  xDBAuth: Blockchain Based Cross Domain Authentication and Authorization Framework for Internet of Things , 2020, IEEE Access.

[10]  Masahiro Sasabe,et al.  Exploiting Smart Contracts for Capability-Based Access Control in the Internet of Things † , 2020, Sensors.

[11]  Dezhi Han,et al.  Fabric-iot: A Blockchain-Based Access Control System in IoT , 2020, IEEE Access.

[12]  Nadeem Javaid,et al.  Data Sharing System Integrating Access Control Mechanism using Blockchain-Based Smart Contracts for IoT Devices , 2020, Applied Sciences.

[13]  Masahiro Sasabe,et al.  Using Ethereum Blockchain for Distributed Attribute-Based Access Control in the Internet of Things , 2019, 2019 IEEE Global Communications Conference (GLOBECOM).

[14]  Masahiro Sasabe,et al.  Capability-Based Access Control for the Internet of Things: An Ethereum Blockchain-Based Scheme , 2019, 2019 IEEE Global Communications Conference (GLOBECOM).

[15]  Peng Wang,et al.  An Attribute-Based Distributed Access Control for Blockchain-enabled IoT , 2019, 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[16]  Chen Li,et al.  A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT , 2019, IEEE Access.

[17]  Genshe Chen,et al.  Exploration of blockchain-enabled decentralized capability-based access control strategy for space situation awareness , 2018, Optical Engineering.

[18]  Genshe Chen,et al.  BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT , 2018, Comput..

[19]  Genshe Chen,et al.  BlendCAC: A BLockchain-Enabled Decentralized Capability-Based Access Control for IoTs , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[20]  Yunpeng Zhang,et al.  Decentralized, BlockChain Based Access Control Framework for the Heterogeneous Internet of Things , 2018 .

[21]  Naoto Yanai,et al.  RBAC-SC: Role-Based Access Control Using Smart Contract , 2018, IEEE Access.

[22]  Oscar Novo,et al.  Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT , 2018, IEEE Internet of Things Journal.

[23]  Xiaohong Jiang,et al.  Smart Contract-Based Access Control for the Internet of Things , 2018, IEEE Internet of Things Journal.

[24]  André Ricardo Abed Grégio,et al.  ControlChain: Blockchain as a Central Enabler for Access Control Authorizations in the IoT , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[25]  Adeel Anjum,et al.  Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes , 2017, J. Netw. Comput. Appl..

[26]  Laura Ricci,et al.  Blockchain Based Access Control , 2017, DAIS.

[27]  Simon Duquennoy,et al.  Towards Blockchain-based Auditable Storage and Sharing of IoT Data , 2017, CCSW.

[28]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[29]  Emmanuel Bertin,et al.  A Community-Driven Access Control Approach in Distributed IoT Environments , 2017, IEEE Communications Magazine.

[30]  Anas Abou El Kalam,et al.  FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.

[31]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[32]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[33]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[34]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[35]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[36]  Mark D. Button Security , 2010, 5G Second Phase Explained.

[37]  Jiguo Yu,et al.  SFAC:A Smart Contract-Based Fine-Grained Access Control for Internet of Things , 2021 .

[38]  Christian Esposito,et al.  Blockchain-based authentication and authorization for smart city applications , 2021, Inf. Process. Manag..

[39]  David E. Culler,et al.  WAVE: A Decentralized Authorization Framework with Transitive Delegation , 2019, USENIX Security Symposium.

[40]  D. Culler,et al.  WAVE : A Decentralized Authorization System for IoT via Blockchain Smart Contracts , 2017 .

[41]  Daniel Davis Wood ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[42]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .