Conference PaperPDF Available

Data Sharing System Integrating Access Control based on Smart Contracts for IoT

Authors:

Abstract and Figures

Development of Internet of Things (IoT) network brings new concept of Internet. The dramatic growth of IoT increased its usage. IoT network facilitates in several manners, more specifically, in access control and data sharing among IoT devices. However, it has many challenges, such as: security risks, data protection and privacy, single point of failure through centralization, trust and data integrity issues, etc. This work presented a blockchain based access control and sharing system. The main aim of this work is to overcome the issues in access control and sharing system in IoT network and to achieve authentication and trust-worthiness. Blockchain technology is integrated with IoT, which simplifies the access control and sharing. Multiple smart contracts: Access Control Contract (ACC), Register Contract (RC), Judge Contract (JC), are used that provide efficient access management. Furthermore, misbehaviour judging method utilizes with penalty mechanism. Additionally, permission levels are set for sharing resources between users. Simulation results show the cost consumption. Bar graphs illustrate the transaction and execution cost of smart contracts and functions of main contract.
Content may be subject to copyright.
Data Sharing System Integrating Access
Control Based on Smart Contracts for
IoT
Tanzeela Sultana, Abdul Ghaffar, Muhammad Azeem, Zain Abubaker,
Muhammad Usman Gurmani, and Nadeem Javaid(B
)
COMSATS University, Islamabad 44000, Pakistan
nadeemjavaidqau@gmail.com
http://www.njavaid.com
Abstract. Development of Internet of Things (IoT) network brings new
concept of Internet. The dramatic growth of IoT increased its usage. IoT
network facilitates in several manners, more specifically, in access control
and data sharing among IoT devices. However, it has many challenges,
such as: security risks, data protection and privacy, single point of failure
through centralization, trust and data integrity issues, etc. This work
presented a blockchain based access control and sharing system. The
main aim of this work is to overcome the issues in access control and
sharing system in IoT network and to achieve authentication and trust-
worthiness. Blockchain technology is integrated with IoT, which sim-
plifies the access control and sharing. Multiple smart contracts: Access
Control Contract (ACC), Register Contract (RC), Judge Contract (JC),
are used that provide efficient access management. Furthermore, misbe-
haviour judging method utilizes with penalty mechanism. Additionally,
permission levels are set for sharing resources between users. Simulation
results show the cost consumption. Bar graphs illustrate the transaction
and execution cost of smart contracts and functions of main contract.
1 Introduction
Development of Internet leads to the connection of devices. With the growth
of communication and networking technologies, devices are more likely to con-
nect to each other. Devices connected to Internet fasten the growth of Internet of
Things (IoT) network. The idea of IoT can be taken as “network of devices, which
are connected to each other, through Internet”. The main purpose of connection
of devices is to share data, information or resources with other devices. IoT net-
work is integrated with the physical world, over Internet. Growing connection of
IoT devices extend the application of IoT network in all fields. Applications of
IoT network includes vehicular network, where cars are integrated with enter-
tainment, traffic and navigation system; home automation (i.e., smart homes),
health-care system (i.e., transfer health data), supply chain system (asset track-
ing, forecasting, vendor relations, connected fleets), security system (i.e., sensors,
buzzer connected) and many other [1]. Because of its wide range of applications,
c
Springer Nature Switzerland AG 2020
L. Barolli et al. (Eds.): 3PGCIC 2019, LNNS 96, pp. 863–874, 2020.
https://doi.org/10.1007/978-3-030-33509-0_81
864 T. Sultana et al.
IoT devices are connected globally. According to the Gartner report, the rate
of connected devices over Internet will grow up to 2.4 billion by 2020. Connec-
tion of devices require efficient management of IoT network. As vast usage of IoT
results in growing challenges in network. Some of the major issues are: IoT device
management, data confidentiality, authentication and access control, malicious
attacks, centralization, etc. [2]. As IoT network consists of sensitive data, there
might be some solutions for network safety and security. IoT network is neces-
sary to be protected from attacks, unauthorized access to data and inappropriate
data sharing [3]. For security and efficiency of IoT network, access management
and data sharing are considered as major aspects of network performance [4].
Several strategies are proposed to eliminate the issues that IoT network
encounters. IoT network is also integrated with cloud and fog, for efficient utiliza-
tion of network for resource constrained devices. Moreover, to achieve efficiency,
accuracy and speed in IoT data processing. Besides the storage and processing
advantages of network, cloud and fog also brings the latency, security and pri-
vacy issues [5]. The challenging tasks of IoT network are considered to be as:
data sharing and access control. There must be some strategies to manage access
control and data sharing of IoT network [6,7]. To eliminate the challenges in IoT
network, blockchain technology is intended to be an effective solution. Blockchain
based solutions are more effective, which provide data integrity, security, audit-
ing, fairness, authenticity, distribution [8].
1.1 Blockchain
Blockchain is an ingenious technology, conceptualized by Satoshi Nakamoto. The
idea of blockchain is given in 2008, via a white paper. Blockchain technology was
introduced for secure transaction of cryptocurrency, i.e., bitcoin. Blockchain is
also considered as an underlying technology for bitcoin. Bitcoin is the first cryp-
tocurrency, which is introduced to eliminate the idea of central administration.
It is also considered as an application of blockchain. Blockchain is a decentral-
ized network technology. It is also called distributed public ledger technology. All
transactions done in blockchain network are recorded in a ledger. Ledger is main-
tained in form of blocks. Blocks in blockchain network are ordered chronologi-
cally. The basic structure of blockchain is shown in Fig.1. Blockchain is a peer-to-
peer (P2P) network technology, in which all nodes in network are interconnected.
To eliminate centralization, ledger is distributed and maintained by all nodes.
Fig. 1. Basic blockchain structure
Access Control and Data Sharing 865
Blockchain technology has great significances than traditional transaction sys-
tems. Blockchain is also considered as more efficient and reliable technology. Fea-
tures of blockchain over traditional system are: decentralization, immutability,
security, scalability, fault tolerance and trust-less nature. Demand of blockchain
is increasing day-by-day, because of its properties and features. Due to its increas-
ing demand, applications of blockchain are increasing in almost every field. For
example: blockchain is implementing rapidly in vehicular network [9]. Other
usage of blockchain technology are Artificial Intelligence (AI), economy, trans-
portation, health, identity management, supply chain management and smart
contract services [10]. Major features of blockchain that make it distinct from
existing systems are: smart contracts, consensus mechanisms, cryptography tech-
niques, etc.
1.2 Motivation
A lot of work is done in literature for efficient utilization of IoT devices. Many
strategies are proposed for access management and data sharing in IoT network
using blockchain technology. Some of the works considered access control and
other focused only on sharing. The work in [1] is based on access control man-
agement. Smart contracts are used to ensure the trustworthiness of the system.
Furthermore, authors in [2] proposed an access control system in order to prevent
from single point failure and unauthorized access to the network. For efficient
data sharing, multiple strategies are proposed. Trust based sharing system is
proposed in [7]. In this system, data sharing is integrated with access control,
for authorized access. Permission levels are used for authorization of access.
1.3 Problem Statement
Dramatic growth of IoT network results in numerous challenges like: sharing,
access control, security, trusworthiness, authentication, malicious attacks, cen-
tralization, etc. To manage access control in IoT network, authors in [5]proposed
a blockchain based cross chain framework. The main aim of this system is to pro-
vide a decentralized access model, which provides security and privacy protection
to IoT data. However, user information is not protected in an efficient manners.
In [6], an access control management is provided. A blockchain based key man-
agement scheme is proposed in terms of privacy, efficiency, decentralization and
scalability. The scheme improves the system performance in terms of scalabil-
ity. However, the system fails to provide full utilization of blockchain network.
Sharing of data and services is main aspect of the IoT network. To make data
sharing more efficient, many schemes are proposed. The authors in [9]proposeda
blockchain based service sharing system. The main goal of this scheme is to pro-
tect IoT terminals from unauthorized services. Also to prevent lightweight clients
from unauthorized services providers. In spite of its effectiveness, this scheme is
inefficient for non-cooperative scenarios. For sharing management, work in [10]
is based on data sharing in AI-powered networks. This scheme works on trust
based sharing strategy. Smart contracts are used to provide secure and trustless
866 T. Sultana et al.
sharing environment. However, the proposed strategy does not work well in all
sharing scenarios.
1.4 Contribution
By taking aforementioned limitations in literature into consideration, a system
is proposed for access control management and service sharing. The main con-
tributions of this work are as follows:
A blockchain based access control and data sharing model is proposed,
multiple smart contracts are used for efficient access management,
different permission levels are set for one user to access the data of other user
or IoT device,
the misbehaviour strategy is used in this model,
further penalty is determined for the user who misbehaves,
– in addition gas cost is examined for each smart contract and some of the
function in main smart contract.
Further sections are organized as follows. Section 2describes the literature review
in detail. Section 3gives whole understanding of proposed system model and its
work flow. Section 4presents simulation results and reasoning of graphs. Section
5provides the conclusion of the work.
2 Related Work
Several studies are presented in literature for access control management and
data sharing management in blockchain network.
The authors in [1] investigate the conflicts in access control systems in IoT.
To overcome the access control issue, authors proposed a smart contract based
access control system. The access control framework consists of multiple smart
contracts. The main goal is to achieve trustworthiness and validation of access
control. The validation is checked by the behavior of IoT device user in terms
of service requests to other users. The system is evaluated by providing the
case study using hardwares and softwares. The evaluation results show that the
system achieves better performance, by having less access time. However, in this
system IoT devices cannot directly interact with the system. Furthermore, the
time cost and overhead results does not match with real world IoT scenarios.
To further demonstrate the challenges in access management in IoT sys-
tem. [2] proposed a distributed IoT access management architecture. This work
aims to provide mobile, lightweight, scalable, concurrent, accessible, resilient
access control system. The system is compared with the state-of-art Lightweight
Machine to Machine (LwM2M) servers using WSN management hubs. The sys-
tem outperformed in terms of scalability, throughput rate, latency over tradi-
tional systems. However, the system does not perform well for the single man-
agement hub.
Access Control and Data Sharing 867
Traditional access control schemes are comprised of many issues such as:
security risks, centralization, access management complexity. To solve these chal-
lenges, [3] proposed an attribute based access control system for IoT. Blockchain
based decentralized system is proposed to issues like: single point failure problem,
data tampering issue. The performance of system is evaluated by using Proof of
Concept (PoC) mechanism. Through PoC, storage and computation overhead of
the system is examined. The IoT devices has less computational and communica-
tional overhead. The system also achieves the flexibility and future maintenance
and update. However, only some parts of consensus algorithms enhance the flex-
ibility of system and maintains the future management and updation.
In [4], blockchain consensus based user access strategy is proposed. The
authors investigate the data transmission and authenticity issues in data trans-
mission in wireless networks. A consensus based scheme is used to verify the
authenticity of the user and Channel State Information (CSI). The scheme also
intended to improve the efficiency of users. The CSI is authenticated for fraud
users, which intentionally use their CSI to get resources. CSI is encoded and
decoded by using the conventional Neural Network (NN). Simulations are done
by making a comparison of the proposed scheme with other algorithms. Results
show that proposed scheme enhanced the spectral efficiency. However, in this
scheme nodes are not such intelligent to perform several tasks simultaneously.
Multiple links and access in IoT network increased the issue of security and
privacy. Also the centralization problem in traditional IoT network brings chal-
lenges. For efficient and secure data management in IoT network, [5]proposeda
blockchain based cross chain framework. The framework is proposed for access
control. Multiple blockchains are also integrated with the framework. In this
work, the comparison between multiple blockchains is done. The results show
that integration of Fabric and IOTA is much efficient for IoT. The efficiency
of the system is tested virtually for throughput and latency. Security is also
achieved. However, the system does not guarantee the protection of user privacy
and user information.
Furthermore, to tackle the issues related to access control, privacy oriented
blockchain based key management system is proposed in [6]. Issues of third party
involvement and central authority are investigated. The main aim of the sys-
tem is to reduce latency, increase cross domain access. Blockchain technology is
used to bring decentralization. System performance is evaluated by simulations.
The interrelationship of parameters is also studied for testing performance. The
simulation results show that multi-blockchain structure improves system perfor-
mance and enhanced scalability. However, proposed scheme does not provides
full persistency of blockchain network.
The IoT data is considered as big data and the access management of this
data is a great challenge. To achieve trust, security and maximum access control,
multiple schemes are proposed in the literature. Also, there are storage issues,
which create overhead. Storage issues are also considered in different works.
To eliminate the storage issue, as well as security and access control issues, [7]
proposed an off-chain based sovereign blockchain system. In this work, the mon-
868 T. Sultana et al.
itoring, control and regulation of nodes is maintained by sovereign blockchain.
The performance of the system is evaluated against several existing techniques.
The evaluation is done by using PoC. Evaluation results show that the pro-
posed scheme solves many problems like: keeping excessive data on blockchain,
security and privacy concerns. The system increased the security and effective-
ness of access control. However, this system does not work well for market level
strategies. It lacks when companies intend to integrate with system.
The authors in [8] investigates an insecure data sharing system among smart
Mobile Terminals (MTs). Blockchain based data sharing system is proposed to
overcome the security and sharing issues. Deep Reinforcement Learning (DRL)
is used to achieve high quality data sharing system, among MTs and IoT appli-
cation. The system also aims to design an efficient scheme that provides secure
data sharing system. DRL is used for safe and reliable environment for MTs. The
security analyses are performed under multiple attacks: eclipse attack, majority
attack, terminal device failure. The results show that the proposed system can
withstand under attacks and achieved reliability and security. However, the sys-
tem neither provides the efficient trade-off in some parameters nor it supports
auditing and charging services.
For secure and trustworthy service sharing among IoT devices, [9]proposeda
service sharing system for resource constrained IoT devices. The sharing system
is based on blockchain technology. Blockchain is used to validate services of IoT
devices. The system aims to protect lightweight (Lw) IoT clients from insecure
service codes. To demonstrate the efficiency and effectiveness, proposed model is
tested using virtual cloud and edge nodes. Further comparative experiments for
throughput and latency are done by using Proof of Authority (PoA) and Proof
of Work (PoW). Evaluation results show that proposed system protects the Lw
clients from unauthorized services. In spite of this, the efficiency of proposed
scheme is lacked in non-cooperative scenarios.
Data sharing in mobile communication and network is becoming complex.
To manage data sharing, [10] proposed an Artificial Intelligence (AI) based net-
work operation framework. The authors also investigate problems in full power
exploitation of AI. To make data sharing system secure and trust-less, framework
combined smart contract based access control. Two blockchains are proposed in
this work, to improve efficiency and throughput rate. Further system is eval-
uated by making comparison with existing schemes in literature. The system
outperformed in terms of: security, privacy and scalability. However, the pro-
posed system is not efficient for all sharing scenarios. It also does not work for
market level strategies.
3 Proposed System Model
A blockchain based access control and data sharing system for IoT network is
proposed, which is being motivated from works in [1] and [10]. The proposed
system mo del is shown in Fig. 2.
Access Control and Data Sharing 869
Fig. 2. System model
3.1 Smart Contracts
In this system, three smart contracts are used: main smart contract, i.e., Access
Control Contract (ACC), Register Contract (RC) and Judge Contract (JC).
ACC controls the access control. RC is used to register the subject. It generates
a table that registers the required information of a subject. RC also maintains
authorization of user in the system. Moreover, role of JC is to manage misbe-
havior. Misbehavior happens from the side of subject. When subject sends too
many requests for any data service, it is considered as misbehavior. JC checks
for misbehavior, if the misbehavior occurs then penalty is imposed on subject. If
there is no misbehavior occur, then permission levels for the subject are checked
by smart contract. Subject can access required services, according to permission
level.
ACC. ACC is the main smart contract. It is deployed to manage overall access
control of system. When subject wants to access data services of object. It sends
request for that service using blockchain network. The ACC contract executes
and manages all access management of the system. In the proposed system, only
one ACC is used. ACC manages the access control for each request.
870 T. Sultana et al.
Table 1. Subject registration table
Subject Object Resource Time
User A User X File1 2019/5/17
11:12
User B User Y Program2 2019/6/14
1:15
User C User Z File3 2019/8/8
3:00
RC. RC is used to manage the access control of IoT device. Its main role is to
register the peer or subject that sends the service request. RC maintains a table
called register table [1], for registration. The register table is shown in Table 1.
In the register table, the required information of the subject is stored, such as:
subject, object, resource, time etc. RC also verifies and authenticate the subject
through a register table.
JC. JC implements a judging method that judges the misbehaviour of a sub-
ject. For further execution of service request, JC checks for misbehaviour. If the
misbehaviour is occurred then JC determines the penalty for subject. If there
is no misbehaviour occurred, JC sends the request next. JC generates following
alerts for access control (! is used for alert message):
Access Authorized!
Requests are Blocked!
Static Check Failed!
Misbehavior Detected!
Static Check failed & Misbehavior Detected!
If no misbehaviour occurs, the access is granted to subject and JC generates
message “Access Authorized”. If there is any misbehaviour happened by the
subject then other messages are generated by JC. In terms of misbehaviours,
the penalty is determined. The subject’s requests are blocked for sometimes as
a penalty for misbehaviour.
3.2 Misbehavior
Misbehavior is determined by the judge contract. Misbehaviour is tend to happen
when subject sends too many requests for data services, in a short period of time.
A misbehaviour field is maintained to record all the misbehaviours. Whenever
a misbehaviour happens, for that a penalty is decided by the JC. In a result,
requests of a subject are halted for a particular time. There are several types of
misbehavior, that are done by subject. Misbehavior types are:
Access Control and Data Sharing 871
subject sends too frequent requests,
subject sends multiple requests in particular time, i.e., 5 requests in 10 min,
and
when subject cancels the request.
In a result of a misbehavior, penalty is determined by the JC. In penalty, requests
of a subject are halted. Due to its halted state, subject is no more able to send
requests in network for a certain time period.
3.3 Data Permission Control
Data permission levels are used, to ensure the trustworthiness of access control.
Permission levels are set according to the data sensitivity and the subject who
wants to access that data. Data permission is divided into four levels, which are
as follows:
L0: Data is not accessible
L1: Data can be used in aggregated computation without revealing raw data
L2: Data is partly allowed
L3: Data or service is accessible.
4 Simulation Results and Reasoning
In this section, simulations of proposed system are discussed in detail. The pro-
posed system is evaluated for cost consumption in terms of gas usage. The gas
price of smart contracts and their functions is calculated.
4.1 Cost Consumption
In ethereum blockchain, cost consumption is evaluated in terms of gas. Gas is a
measurement unit, which is used to measure computational power of transaction
execution. Gas is defined by miners, at start of the transaction. Gas determines
that how much fee is to be paid for any transaction. Gas price is measured in
Gwei. The amount of gas units is calculated for: execution cost and transaction
cost, of functions of smart contract.
Functions Cost. transaction and execution cost of functions of smart contracts:
ACC, RC, JC, is calculated.
Functions of ACC: Figure 3shows transaction and execution cost of functions
in ACC. As ACC is the main function which controls the overall access control
of the system. The performance tasks of ACC functions are more than other
smart contracts functions. However, only main functions are considered for gas
calculation, such as: user registration, generating permission levels for the subject
and the data access function.
872 T. Sultana et al.
Fig. 3. ACC function cost
Transaction cost: the transaction cost of the functions is shown in the graph.
The transaction of ACC functions: user register, permission level and data access
is about 89000, 25000 and 30000 gas units, respectively.
Execution cost: the execution cost of smart contract functions is also illus-
trated in graph. The transaction cost of functions: user register, permission level
and data access is 65000, 5000 and 9000 gas units, respectively.
Functions of RC: the cost consumption of RC functions is shown in Fig. 4.
RC manages the registration tasks of the subject in the network and maintains
a registration table for user information.
Transaction cost: transaction cost for RC functions: user registration and
registration table creation is about 133000 and 45000 gas units, respectively.
Execution cost: the execution cost of user registration function and registra-
tion table generation function is 130000 and 23000 gas units, respectively.
Functions of JC: the cost consumption of JC functions is illustrated in Fig. 5.
JC functions are: misbehavior calculation function and misbehavior judge func-
tion.
Transaction cost: the transaction cost of JC functions: misbehavior calcula-
tion and misbehavior judge is 80000 and 195000 gas units, respectively.
Execution cost: the execution cost for JC functions is also shown in bar graph.
The cost for misbehavior calculation and misbehavior judge function is about
60000 and 165000 gas units, respectively.
Access Control and Data Sharing 873
Fig. 4. RC function cost
Fig. 5. JC function cost
874 T. Sultana et al.
5 Conclusion
In this work, blockchain based system is utilized to overcome challenges, in IoT
access management and data sharing system. With the aid of blockchain and its
features, many benefits could be bring into IoT network.
This work is intended to provide trustworthiness, authorization, authentica-
tion in access management and data sharing. This work is consist of multiple
smart contracts. Which are used to maintain authentication, authentication, reg-
istration. Furthermore, misbehavior is also implemented, whenever the subject
sends too many access requests at a short period of time. For misbehavior, the
corresponding penalty is defined for subject. If there is no misbehavior occurs,
then permission levels are checked for subject to access services of object. In
addition to that, simulations are done to calculate cost consumption of smart
contracts used in ethereum platform. The cost of smart contracts and their func-
tions is calculated. Both transaction and execution cost is checked. Simulation
results show that the proposed system is cost effective.
References
1. Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access
control for the internet of things. IEEE Internet Things J. 6, 1594–1605 (2018)
2. Novo, O.: Scalable access management in IoT using blockchain: a performance
evaluation. IEEE Internet Things J. (2018)
3. Ding, S., Cao, J., Li, C., Fan, K., Li, H.: A novel attribute-based access control
scheme using blockchain for IoT. IEEE Access 7, 38431–38441 (2019)
4. Lin, D., Tang, Y.: Blockchain consensus based user access strategies in D2D net-
works for data-intensive applications. IEEE Access 6, 72683–72690 (2018)
5. Jiang, Y., Wang, C., Wang, Y., Gao, L.: A cross-chain solution to integrating
multiple blockchains for IoT data management. Sensors 19, 2042 (2019)
6. Ma, M., Shi, G., Li, F.: Privacy-oriented blockchain-based distributed key manage-
ment architecture for hierarchical access control in the IoT scenario. IEEE Access
7, 34045–34059 (2019)
7. Sifah, E.B., Xia, Q., Agyekum, K.O.-B.O., Amofa, S., Gao, J., Chen, R., Xia, H.,
Gee, J.C., Du, X., Guizani, M.: Chain-based big data access control infrastructure.
J. Supercomput. 74, 4945–4964 (2018)
8. Liu, C.H., Lin, Q., Wen, S.: Blockchain-enabled data collection and sharing for
industrial IoT with deep reinforcement learning. IEEE Trans. Ind. Inform. (2018)
9. Xu, Y., Wang, G.., Yang, J., Ren, J., Zhang, Y., Cheng, Z.: Towards secure network
computing services for lightweight clients using blockchain. Wirel. Commun. Mob.
Comput. (2018)
10. Zhang, G., Li, T., Li, Y., Hui, P., Jin, D.: Blockchain-based data sharing system
for AI-powered network operations. J. Commun. Inform. Netw. 3, 1–8 (2018)
... Therefore, the real-world implementation of the system is not provided. The authors in [18] presented a bubble of trust mechanism to provide trustworthiness and confidentiality of data, identification and authentication of devices. The system is efficient in terms of cost; however, the communication between nodes in a bubble is not controlled. ...
Thesis
Full-text available
In this thesis, a blockchain-based data sharing and access control system is proposed, for communication between the Internet of Things (IoT) devices. The proposed system is intended to overcome the issues related to trust and authentication for access control in IoT networks. Moreover, the objectives of the system are to achieve trustfulness, authorization, and authentication for data sharing in IoT networks. Multiple smart contracts such as Access Control Contract (ACC), Register Contract (RC), and Judge Contract (JC) are used to provide efficient access control management. Where ACC manages overall access control of the system, and RC is used to authenticate users in the system, JC implements the behavior judging method for detecting misbehavior of a subject (i.e., user). After the misbehavior detection, a penalty is defined for that subject. Several permission levels are set for IoT devices' users to share services with others. In the end, performance of the proposed system is analyzed by calculating cost consumption rate of smart contracts and their functions. A comparison is made between existing and proposed systems. Results show that the proposed system is efficient in terms of cost. The overall execution cost of the system is 6,900,000 gas units and the transaction cost is 5,200,000 gas units.
... The environment attributes in this method are limited to the time attributes. Another similar system for data sharing in IoT is proposed by Sultana et al. [35], [36]. In this system, the user sends an access request to a central server. ...
Article
Full-text available
The dramatic rise in internet-based service provisioning has highlighted the importance of deploying scalable access control methods, facilitating service authorization for eligible users. Existing centralized methods suffer from single-point-of-failure, low scalability, and high computational overhead. In addition, in these methods, users pay for the service provider as well as the network provider independently for a specific service, imposing extra cost for the user. New business models are needed to resolve such shortcomings. The realization of these models calls for sophisticated access control methods which consider the requirements of all parties who want to: 1) access a service; 2) provide that service; and 3) provide the network connection. Blockchain is an enabling technology that provides unprecedented opportunities to novel distributed access control methods for new business models. We propose an Attribute-based access control solution by leveraging Blockchain to share network providers’ and service providers’ resources. Our solution offers access flexibility based on the requirements of the parties while fulfilling reliability, accountability, and immutability. Besides, it decreases the overall service cost which is beneficial for each party. Our solution makes it possible for service providers to outsource their access control procedures without requiring a trusted third party. The experiments confirm that our solution can provide a fast, comprehensive, and scalable access control mechanism.
... However, since one contract is responsible for the access control of only one subjectobject pair, this scheme suffers from heavy monetary cost of deploying contracts, especially in large-scale IoT systems. The authors in [27] extended the above framework with slight modification. The authors in [28] proposed a CapBAC scheme, which applies a smart contract to store the capability tokens and capability delegation tokens that record the delegation information among the subjects. ...
Preprint
Efficient and reliable access control in smart cities is critical for the protection of various resources for decision making and task execution. Existing centralized access control schemes suffer from the limitations of single point of failure, low reliability and poor scalability. This paper therefore proposes a distributed and reliable access control framework for smart cities by combining the blockchain smart contract technology and the Attribute-Based Access Control (ABAC) model. The framework consists of one Policy Management Contract (PMC) for managing the ABAC policies, one Subject Attribute Management Contract (SAMC) for managing the attributes of subjects (i.e., entities accessing resources), one Object Attribute Management Contract (OAMC) for managing the attributes of objects (i.e., resources being accessed), and one Access Control Contract (ACC) for performing the access control. To show the feasibility of the proposed framework, we construct a local private Ethereum blockchain system to implement the four smart contracts and also conduct experiments to evaluate the monetary cost as well as to compare the proposed framework with an existing Access Control List (ACL)-based scheme. The experimental results show that although the proposed scheme consumes more money than the ACL-based scheme at the deployment stage, it introduces less monetary cost during the system running especially for large-scale smart cities.
... Therefore, the real-world implementation of the system is not provided. The authors in [18] presented a bubble of trust mechanism to provide trustworthiness and confidentiality of data, identification and authentication of devices. The system is efficient in terms of cost; however, the communication between nodes in a bubble is not controlled. ...
Article
Full-text available
In this paper, a blockchain-based data sharing and access control system is proposed, for communication between the Internet of Things (IoT) devices. The proposed system is intended to overcome the issues related to trust and authentication for access control in IoT networks. Moreover, the objectives of the system are to achieve trustfulness, authorization, and authentication for data sharing in IoT networks. Multiple smart contracts such as Access Control Contract (ACC), Register Contract (RC), and Judge Contract (JC) are used to provide efficient access control management. Where ACC manages overall access control of the system, and RC is used to authenticate users in the system, JC implements the behavior judging method for detecting misbehavior of a subject (i.e., user). After the misbehavior detection, a penalty is defined for that subject. Several permission levels are set for IoT devices' users to share services with others. In the end, performance of the proposed system is analyzed by calculating cost consumption rate of smart contracts and their functions. A comparison is made between existing and proposed systems. Results show that the proposed system is efficient in terms of cost. The overall execution cost of the system is 6,900,000 gas units and the transaction cost is 5,200,000 gas units.
Article
Full-text available
With the rapid development of the internet of things (IoT), traditional industries are setting off a massive wave of digitization. In the era of the Internet of Everything, millions of devices and links in IoT pose more significant challenges to data management. Most existing solutions employ centralized systems to control IoT devices, which brings about the privacy and security issues in IoT data management. Recently, blockchain has attracted much attention in the field of IoT due to its decentralization, traceability, and non-tamperability. However, it is non-trivial to apply the current blockchain techniques to IoT due to the lack of scalability and high resource costs. Different blockchain platforms have their particular advantages in the scenario of IoT data management. In this paper, we propose a cross-chain framework to integrate multiple blockchains for efficient and secure IoT data management. Our solution builds an interactive decentralized access model which employs a consortium blockchain as the control station. Other blockchain platforms customized for specific IoT scenarios run as the backbone of all IoT devices. It is equivalent to opening the off-chain channels on the consortium blockchain. Our model merges transactions in these channels for confirmation based on the notary mechanism. Finally, we implement a prototype of the proposed model based on hyperledge Fabric and IOTA Tangle. We evaluate the performance of our method through extensive experiments. The results demonstrate the effectiveness and efficiency of our framework.
Article
Full-text available
The emerging network computing technologies have significantly extended the abilities of the resource-constrained IoT devices through the network-based service sharing techniques. However, such a flexible and scalable service provisioning paradigm brings increased security risks to terminals due to the untrustworthy exogenous service codes loading from the open network. Many existing security approaches are unsuitable for IoT environments due to the high difficulty of maintenance or the dependencies upon extra resources like specific hardware. Fortunately, the rise of blockchain technology has facilitated the development of service sharing methods and, at the same time, it appears a viable solution to numerous security problems. In this paper, we propose a novel blockchain-based secure service provisioning mechanism for protecting lightweight clients from insecure services in network computing scenarios. We introduce the blockchain to maintain all the validity states of the off-chain services and edge service providers for the IoT terminals to help them get rid of untrusted or discarded services through provider identification and service verification. In addition, we take advantage of smart contracts which can be triggered by the lightweight clients to help them check the validities of service providers and service codes according to the on-chain transactions, thereby reducing the direct overhead on the IoT devices. Moreover, the adoptions of the consortium blockchain and the proof of authority consensus mechanism also help to achieve a high throughput. The theoretical security analysis and evaluation results show that our approach helps the lightweight clients get rid of untrusted edge service providers and insecure services effectively with acceptable latency and affordable costs.
Article
Full-text available
The rise of the Internet of Things (IoT) implies new technical challenges such as managing a universally vast number of IoT devices. Despite the fact that there are already a variety of secure management frameworks for IoT, they are based on centralized models, which limits their applicability in scenarios with a large number of IoT devices. In order to overcome those limitations, we have developed a distributed IoT management system based on blockchain. In this paper, we compare the performance of our solution with the existing access management solutions in IoT. We study the delays and the throughput rate associated with the systems and analyze different configurations of our solution to maximize its scalability. The objective of the paper is to find out whether our solution can scale as well as the existing management systems in IoT.
Article
Full-text available
The explosive development of mobile communications and networking has led to the creation of an extremely complex system, which is difficult to manage. Hence, we propose an AI-powered network framework that uses AI technologies to operate the network automatically. However, due to the separation between different mobile network operators, data barriers between diverse operators become bottlenecks to exploit the full power of AI. In this paper, we establish a mutual trust data sharing framework to break these data barriers. The framework is based on the distributed and temper-proof attributes of blockchain. We implement a prototype based on Hyperledger Fabric. The proposed system combines supervision and fine-grained data access control based on smart contracts, which provides a secure and trustless environment for data sharing. We further compare our system with existing data sharing schemes, and we find that our system provides a better functionality.
Article
Full-text available
Technological advancements have brought about the rise of data and other digital assets in our world today. The major problems with data today are its security and management, more importantly access control. These factors when not tackled effectively can lead to many compromises. The blockchain is an effective technology that ensures utmost security, trust, and maximum access control in big data systems. However, almost all the transactions on a blockchain network are stored in the platform. This process reduces the data storage, as the storage of all transactions sometimes creates unnecessary overheads. In this paper, an off-chain-based sovereign blockchain is proposed, where a virtual container is created for parties to transact in. At the end of a transaction, and satisfying each party, the container is destroyed but the results are stored on the sovereign blockchain network. This effectively decreases the amount of data that would have been stored on the network. The effectiveness of our system is compared with other schemes, and we could infer that our proposed system outperforms the already-existing ones.
Article
With the sharp increase in the number of intelligent devices, the Internet of Things (IoT) has gained more and more attention and rapid development in recent years. It effectively integrates the physical world with the Internet over existing network infrastructure to facilitate sharing data among intelligent devices. However, its complex and large-scale network structure brings new security risks and challenges to IoT systems. To ensure the security of data, traditional access control technologies are not suitable to be directly used for implementing access control in IoT systems because of their complicated access management and the lack of credibility due to centralization. In this paper, we proposed a novel attribute-based access control scheme for IoT systems that greatly simplifies the access management. We use blockchain technology to record the distribution of attributes in order to avoid single point failure and data tampering. The access control process has also been optimized to meet the need of high efficiency and lightweight calculation for IoT devices. Security and performance analysis show that our scheme could effectively resist multiple attacks and be efficiently implemented in IoT systems.
Article
The rapid development of the Internet of Things (IoT) and the explosive growth of valuable data produced by user equipment have led to strong demand for access control, especially hierarchical access control, which is performed from a group communication perspective. However, the key management strategies for such a future Internet are based mostly on a trusted third party that requires full trust of the key generation center (KGC) or central authority (CA). Recent studies indicate that centralized cloud centers will be unlikely to deliver satisfactory services to customers because we place too much trust in third parties; therefore, these centers do not apply to user privacy-oriented scenarios. This paper addresses these issues by proposing a novel blockchain-based distributed key management architecture (BDKMA) with fog computing to reduce latency and multiblockchains operated in the cloud to achieve cross-domain access. The proposed scheme utilizes blockchain technology to satisfy the decentralization, fine-grained auditability, high scalability and extensibility requirements, as well as the privacy-preserving principles for hierarchical access control in IoT. We designed system operations methods and introduced different authorization assignment modes and group access patterns to reinforce the extensibility. We evaluated the performance of our proposed architecture and compared it with existing models using various performance measures. The simulation results show that the multiblockchain structure substantially improves system performance, and the scalability is excellent as the network size increases. Furthermore, dynamic transaction collection time adjustment enables the performance and system capacity to be optimized for various environments.
Article
With the rapid development of smart mobile terminals (MTs), various industrial IoT applications can fully leverage them to collect and share data for providing certain services. However, two key challenges still remain. One is how to achieve high quality data collection with limited energy and sensing range. Another is how to ensure security when sharing data among MTs, to prevent possible device failure, network communication failure, malicious attackers, etc. To this end, we propose a blockchain-enabled efficient data collection and secure sharing scheme combining Ethereum blockchain and deep reinforcement learning (DRL). In this scheme, DRL is used to achieve the maximum amount of collected data, and the blockchain technology is used to ensure security and reliability of data sharing. Extensive simulation results demonstrate that the proposed scheme can provide higher security level and stronger resistance to attack than a traditional database based data sharing scheme for different levels/types of attacks.
Article
A device-to-device (D2D) underlaying cellular network is pervasive to support various wireless applications. However, due to the dramatic increase of data transmission in the network with limited amount of wireless resource, a few users may be required to temporarily disconnect from the network to avoid the interruption of data transmission in the whole network. A critical issue of determining the user access in D2D underlaying networks is the authenticity of channel state information (CSI), and usually a user with a higher CSI can be allocated a larger amount of wireless resource or have a higher probability of staying in the network. In this paper, we propose a blockchain consensus based scheme to verify the authenticity of CSI, and add the users who intentionally advocate a higher value of CSI into a fraud chain. Also we consider both the cross-tier interference (CTI) caused by a mobile user and the presence of a user in the fraud chain to determine the access of a user. The analysis results show that our proposed user access scheme can enhance the network performance by efficiently controlling the use access in mobile applications.
Article
This paper investigates a critical access control issue in the Internet of Things (IoT). In particular, we propose a smart contract-based framework, which consists of multiple access control contracts (ACCs), one judge contract (JC) and one register contract (RC), to achieve distributed and trustworthy access control for IoT systems. Each ACC provides one access control method for a subject-object pair, and implements both static access right validation based on predefined policies and dynamic access right validation by checking the behavior of the subject. The JC implements a misbehavior-judging method to facilitate the dynamic validation of the ACCs by receiving misbehavior reports from the ACCs, judging the misbehavior and returning the corresponding penalty. The RC registers the information of the access control and misbehavior-judging methods as well as their smart contracts, and also provides functions (e.g., register, update and delete) to manage these methods. To demonstrate the application of the framework, we provide a case study in an IoT system with one desktop computer, one laptop and two Raspberry Pi single-board computers, where the ACCs, JC and RC are implemented based on the Ethereum smart contract platform to achieve the access control.