Efficient Distributed Authentication and Access Control System Management for Internet of Things Using Blockchain

Internet of things (IoT) enables a huge network of connected devices inter-working and collaborating to provide relevant services and applications. This technology entered the market and is expected to grow in the upcoming years, as the critical questions related to the management and communication security continue to be challenging research problems. Current solutions of access control system management that enables communication between devices depend mainly on the use of digital certificates for authentication. However, such an approach imposes significant overhead on IoT devices since it is computationally demanding and requires validation of the certificate within a limited period. In addition, relying on a central node for deciding on issuing and revoking certificates introduces a single point of failure and could even risk the safety of personal information or physical damages related to IoT services. In this paper, we propose a new distributed authentication and access control system management for IoT by the use of Blockchain technology to keep track of the certificate of each IoT device (valid or revoked) in distributed and immutable records. In essence we replace certificate verification with a lightweight blockchain-based authentication approach. In addition, we propose a fully distributed IoT admission/revocation scheme. We show that our scheme could alleviate the computation overhead and enhance the response time while improving the overall system security.

[1]  Yunpeng Zhang,et al.  Decentralized, BlockChain Based Access Control Framework for the Heterogeneous Internet of Things , 2018 .

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  Juan Carlos De Martin,et al.  Blockchain for the Internet of Things: A systematic literature review , 2016, 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA).

[4]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[5]  Genshe Chen,et al.  BlendCAC: A BLockchain-Enabled Decentralized Capability-Based Access Control for IoTs , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[6]  Melanie Swan,et al.  Blockchain: Blueprint for a New Economy , 2015 .

[7]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[8]  Abdellah Ait Ouahman,et al.  Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT , 2017 .

[9]  Giuseppe Ateniese,et al.  From Pretty Good to Great: Enhancing PGP Using Bitcoin and the Blockchain , 2015, NSS.

[10]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[11]  С. В. Иванов,et al.  Анализ результатов лечения больных хроническим панкреатитом , 2016 .

[12]  Yu Zhang,et al.  An IoT electric business model based on the protocol of bitcoin , 2015, 2015 18th International Conference on Intelligence in Next Generation Networks.

[13]  Chunhua Su,et al.  A Blockchain Connected Gateway for BLE-Based Devices in the Internet of Things , 2018, IEEE Access.