Blockchain and smart-contract for scalable access control in Internet of Things

Managing security access control has been becoming one of the open issues in Internet of Things (IoT) since the idea of IoT was introduced. The reasons being that the IoT system is built upon large numbers of constrained devices, with limited power, computing resources, and memory. Therefore, the access management needs to be highly distributed in order to ensure the scalability when many IoT nodes are connected in the system, and the cryptographic operation and other algorithms performed along with the access control mechanism have to be lightweight to fit the constrained device characteristics of IoT. The existing access controls proposed for IoT, such as Role-based Access Control (RBAC), Attribute-based Access Control (ABAC) and Capability-based Access Control (CapBAC) are not truly distributed. As for the resource limitation in the IoT devices, recent developments of more powerful microprocessors or System on Chip (SoC) allow advanced cryptographic implementation on the chip itself, e.g. public key cryptography, with the cost of performance degradation. Recently, blockchain technology which is based on distributed ledger system, gains a lot of attention from the industries and researchers. Coupled with the smart contract and various distributed consensus mechanisms, blockchain can be a good solution for providing distributed access control in IoT. This paper proposed an architecture and mechanism of blockchain and smart-contract based access control for IoT. A proof-of-concept is implemented to validate the proposed idea and its performance is evaluated to gain some preliminary sights for further developments.

[1]  Ramjee Prasad,et al.  Capability-Based Access Control with ECC Key Management for the M2M Local Cloud Platform , 2017, Wireless Personal Communications.

[2]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[3]  Kautsarina,et al.  A Conceptual Model for Promoting Positive Security Behavior in Internet of Things Era , 2018, 2018 Global Wireless Summit (GWS).

[4]  Markus Kraft,et al.  Blockchain technology in the chemical industry: Machine-to-machine electricity market , 2017 .

[5]  Pieter Wuille,et al.  Enabling Blockchain Innovations with Pegged Sidechains , 2014 .

[6]  André Ricardo Abed Grégio,et al.  ControlChain: Blockchain as a Central Enabler for Access Control Authorizations in the IoT , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[7]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[8]  Jong-Hyouk Lee,et al.  Blockchain-based secure firmware update for embedded devices in an Internet of Things environment , 2016, The Journal of Supercomputing.

[9]  Nir Kshetri,et al.  Can Blockchain Strengthen the Internet of Things? , 2017, IT Professional.

[10]  Douglas C. Schmidt,et al.  Providing privacy, safety, and security in IoT-based transactive energy systems using distributed ledgers , 2017, IOT.

[11]  Xiaohong Jiang,et al.  Smart Contract-Based Access Control for the Internet of Things , 2018, IEEE Internet of Things Journal.

[12]  Yacine Atif,et al.  Securing the Web of Things with Role-Based Access Control , 2015, C2SI.

[13]  Ru-chuan Wang,et al.  An efficient authentication and access control scheme for perception layer of Internet of Things , 2014 .

[14]  Guoping Zhang,et al.  An extended role based access control model for the Internet of Things , 2010, 2010 International Conference on Information, Networking and Automation (ICINA).

[15]  Gianluca Dini,et al.  BRUSCHETTA: An IoT Blockchain-Based Framework for Certifying Extra Virgin Olive Oil Supply Chain , 2019, 2019 IEEE International Conference on Smart Computing (SMARTCOMP).

[16]  Neeli R. Prasad,et al.  BETaaS: A Platform for Development and Execution of Machine-to-Machine Applications in the Internet of Things , 2016, Wirel. Pers. Commun..

[17]  Fabio Antonelli,et al.  IoT data privacy via blockchains and IPFS , 2017, IOT.

[18]  D. Culler,et al.  WAVE : A Decentralized Authorization System for IoT via Blockchain Smart Contracts , 2017 .

[19]  Anas Abou El Kalam,et al.  FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.

[20]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[21]  David Lee Kuo Chuen,et al.  Blockchain – From Public to Private , 2018 .

[22]  Rupsha Bagchi,et al.  Using Blockchain Technology and Smart Contracts for Access Management in IoT devices , 2017 .

[23]  Salil S. Kanhere,et al.  Secure Wireless Automotive Software Updates Using Blockchains: A Proof of Concept , 2017 .