Blockchain based permission delegation and access control in Internet of Things (BACI)

Abstract Access control with permission delegation mechanism allows fine granular access to secure resources. In the literature, existing architectures for permission delegation and access control are either event-based or query-based. These previous works assume a single trusted delegation service, which however is likely biased or fails to service. Also, they fail to allow users to verify delegation service operations, as such cannot be directly applied to IoT (Internet of Things) due to low power, low-bandwidth, ad-hoc and decentralized nature. This paper proposes a novel decentralized architecture for permission delegation and access control for IoT application, with demands on event and query base permission delegation. We further apply Blockchain (BC) technology to make delegation services secure, trusted, verifiable and decentralized. We investigate our proposed approach in Simple PROMELA INterpreter (SPIN) model checker using PROMELA (Process Meta Language). The “Platform Verification”, “Delegation”, “Mutual Exclusion” properties written in Linear Temporal Logic (LTL) are also verified against the PROMELA model.

[1]  Priyadarsi Nanda,et al.  Proof-of-Authentication for Scalable Blockchain in Resource-Constrained Distributed Systems , 2019, 2019 IEEE International Conference on Consumer Electronics (ICCE).

[2]  Andreas Pitsillides,et al.  Survey in Smart Grid and Smart Home Security: Issues, Challenges and Countermeasures , 2014, IEEE Communications Surveys & Tutorials.

[3]  Abdellah Ait Ouahman,et al.  Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT , 2017 .

[4]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[5]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[6]  Francesco Longo,et al.  Blockchain-Based IoT-Cloud Authorization and Delegation , 2018, 2018 IEEE International Conference on Smart Computing (SMARTCOMP).

[7]  Anas Abou El Kalam,et al.  FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.

[8]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[9]  Laura Ricci,et al.  Blockchain Based Access Control , 2017, DAIS.

[10]  J. Büchi Weak Second‐Order Arithmetic and Finite Automata , 1960 .

[11]  Xinwen Zhang,et al.  xDAuth: a scalable and lightweight framework for cross domain access control and delegation , 2011, SACMAT '11.

[12]  Xiaojiang Du,et al.  An Out-of-band Authentication Scheme for Internet of Things Using Blockchain Technology , 2018, 2018 International Conference on Computing, Networking and Communications (ICNC).

[13]  Giacomo Verticale,et al.  BlAsT: Blockchain-Assisted Key Transparency for Device Authentication , 2018, 2018 IEEE 4th International Forum on Research and Technology for Society and Industry (RTSI).

[14]  Ahmed Serhrouchni,et al.  Bubbles of Trust: A decentralized blockchain-based authentication system for IoT , 2018, Comput. Secur..

[15]  Domenico Rotondi,et al.  IoT Access Control Issues: A Capability Based Approach , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[16]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[17]  Genshe Chen,et al.  BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT , 2018, Comput..

[18]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[19]  Oscar Novo,et al.  Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT , 2018, IEEE Internet of Things Journal.

[20]  Hong Chen,et al.  On the Security of Delegation in Access Control Systems , 2008, ESORICS.

[21]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[22]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[23]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[24]  Geir M. Køien,et al.  Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks , 2015, J. Cyber Secur. Mobil..