WAVE : A Decentralized Authorization System for IoT via Blockchain Smart Contracts

Authorization is a crucial security component of many distributed systems handling sensitive data or actions, including IoT systems. We present the design of a fully decentralized authorization system, WAVE, that operates at a global scale providing fine-grained permissions, noninteractive delegation and proofs of permission that can be efficiently verified, while still supporting revocation. Using smart contracts on a public blockchain, it allows rich and complex policies to be expressed and is resistant to DoS attacks without relying on any central trusted parties. We also present a novel mechanism for protecting the secrecy of resources on the public blockchain, without out-of-band channels or interaction between granters, provers or verifiers. We implemented WAVE, which has now been running for over 500 days. We show that WAVE is efficient enough to support city-scale federation with millions of participants and permission policies.

[1]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[2]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[3]  Dimosthenis Kyriazis,et al.  Sustainable smart city IoT applications: Heat and electricity management & Eco-conscious cruise control for public transportation , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[4]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[5]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[6]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[7]  Thomas Hardjono,et al.  Cloud-Based Commissioning of Constrained Devices using Permissioned Blockchains , 2016, IoTPTS@AsiaCCS.

[8]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[9]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[10]  Joan Feigenbaum,et al.  KeyNote : Trust management for public-key infrastructures. Discussion , 1999 .

[11]  Andrea Zanella,et al.  Internet of Things for Smart Cities , 2014, IEEE Internet of Things Journal.

[12]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[13]  中西 祐子,et al.  戦後アメリカに移住した日本人女性たちの動態 : American Community Survey 2011 PUMSデータの2次分析より , 2014 .

[14]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[15]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[16]  Mudhakar Srivatsa,et al.  EventGuard: A System Architecture for Securing Publish-Subscribe Networks , 2011, TOCS.

[17]  Beng Chin Ooi,et al.  BLOCKBENCH: A Framework for Analyzing Private Blockchains , 2017, SIGMOD Conference.

[18]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[19]  Kurt D. Zeilenga Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map , 2006, RFC.

[20]  H. Farhangi,et al.  The path of the smart grid , 2010, IEEE Power and Energy Magazine.

[21]  James R. Edmondson,et al.  Evaluating the Performance of Publish / Subscribe Platforms for Information Management in Distributed Real-time and Embedded Systems , 2006 .

[22]  Peter Saint-Andre,et al.  Streaming XML with Jabber/XMPP , 2005, IEEE Internet Comput..

[23]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[24]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[25]  Germano Caronni,et al.  Walking the Web of trust , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[26]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[27]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.