An Attribute-Based Access Control Model in RFID Systems Based on Blockchain Decentralized Applications for Healthcare Environments

The growing adoption of Radio-frequency Identification (RFID) systems, particularly in the healthcare field, demonstrates that RFID is a positive asset for healthcare institutions. RFID offers the ability to save organizations time and costs by enabling data of traceability, identification, communication, temperature and location in real time for both people and resources. However, the RFID systems challenges are financial, technical, organizational and above all privacy and security. For this reason, recent works focus on attribute-based access control (ABAC) schemes. Currently, ABAC are based on mostly centralized models, which in environments such as the supply chain can present problems of scalability, synchronization and trust between the parties. In this manuscript, we implement an ABAC model in RFID systems based on a decentralized model such as blockchain. Common criteria for the selection of the appropriate blockchain are detailed. Our access control policies are executed through the decentralized application (DApp), which interfaces with the blockchain through the smart contract. Smart contracts and blockchain technology, on the one hand, solve current centralized systems issues as well as being flexible infrastructures that represent the relationship of trust and support essential in the ABAC model in order to provide the security of RFID systems. Our system has been designed for a supply chain environment with an use case suitable for healthcare systems, so that assets such as surgical instruments containing an associated RFID tag can only access to specific areas. Our system is deployed in both a local and Testnet environment in order to stablish a deep comparison and determining the technical feasibility.

[1]  Christian Floerkemeier,et al.  RFID Application Development With the Accada Middleware Platform , 2007, IEEE Systems Journal.

[2]  H. Janicke,et al.  Rifidi Toolkit: Virtuality for Testing RFID Systems , 2012 .

[3]  Santiago Figueroa Lorenzo,et al.  A Comprehensive Review of RFID and Bluetooth Security: Practical Analysis , 2019, Technologies.

[4]  Nadia Ben Azzouna,et al.  Trust-ABAC Towards an Access Control System for the Internet of Things , 2017, GPC.

[5]  Nora Cuppens-Boulahia,et al.  Fine-grained privacy control for the RFID middleware of EPCglobal networks , 2013, MEDES.

[6]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[7]  Fabrizio Lamberti,et al.  To Blockchain or Not to Blockchain: That Is the Question , 2018, IT Professional.

[8]  Irfan Ul Haq,et al.  A Comparative Analysis of DAG-Based Blockchain Architectures , 2018, 2018 12th International Conference on Open Source Systems and Technologies (ICOSST).

[9]  Michael Haynes How to choose , 2017, Nature.

[10]  Ralph Deters,et al.  Using REST based protocol to enable ABAC within IoT systems , 2016, 2016 IEEE 7th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON).

[11]  Junya Nakamura,et al.  Ultralightweight Mutual Authentication RFID Protocol for Blockchain Enabled Supply Chains , 2019, IEEE Access.

[12]  Naoto Yanai,et al.  RBAC-SC: Role-Based Access Control Using Smart Contract , 2018, IEEE Access.

[13]  Florian Michahelles,et al.  Technology, Standards, and Real-World Deployments of the EPC Network , 2009, IEEE Internet Computing.

[14]  Phillip H. Griffin Secure authentication on the Internet of Things , 2017, SoutheastCon 2017.

[15]  Laura Ricci,et al.  Blockchain Based Access Control , 2017, DAIS.

[16]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[17]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[18]  Ki-Hyung Kim,et al.  Dynamic Access Control Scheme for IoT Devices using Blockchain , 2018, 2018 International Conference on Information and Communication Technology Convergence (ICTC).

[19]  Lemuria Carter,et al.  literature review of RFID-enabled healthcare applications and issues amuel , 2013 .

[20]  William C. Chu,et al.  TBAC: Transaction-Based Access Control on Blockchain for Resource Sharing with Cryptographically Decentralized Authorization , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[21]  Edward J. Coyne,et al.  ABAC and RBAC: Scalable, Flexible, and Auditable Access Management , 2013, IT Professional.