BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices...

Full description

Bibliographic Details
Main Authors: Ronghua Xu, Yu Chen, Erik Blasch, Genshe Chen
Format: Article
Language:English
Published: MDPI AG 2018-07-01
Series:Computers
Subjects:
decentralized access control
Internet of Things (IoT)
blockchain protocol
smart contract
federated delegation
capability-based access control
Online Access:http://www.mdpi.com/2073-431X/7/3/39
id doaj-b0c49ae341234a9ca17f28ea6288fb6d
record_format Article
spelling doaj-b0c49ae341234a9ca17f28ea6288fb6d2020-11-24T22:10:53ZengMDPI AGComputers2073-431X2018-07-01733910.3390/computers7030039computers7030039BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoTRonghua Xu0Yu Chen1Erik Blasch2Genshe Chen3Department of Electrical and Computer Engineering, Binghamton University, SUNY, Binghamotn, NY 13902, USADepartment of Electrical and Computer Engineering, Binghamton University, SUNY, Binghamotn, NY 13902, USAThe U.S. Air Force Research Lab, Rome, NY 13441, USAIntelligent Fusion Technology, Inc., Germantown, MD 20876, USAWhile Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.http://www.mdpi.com/2073-431X/7/3/39decentralized access controlInternet of Things (IoT)blockchain protocolsmart contractfederated delegationcapability-based access control
collection DOAJ
language English
format Article
sources DOAJ
author Ronghua Xu
Yu Chen
Erik Blasch
Genshe Chen
spellingShingle Ronghua Xu
Yu Chen
Erik Blasch
Genshe Chen
BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT
Computers
decentralized access control
Internet of Things (IoT)
blockchain protocol
smart contract
federated delegation
capability-based access control
author_facet Ronghua Xu
Yu Chen
Erik Blasch
Genshe Chen
author_sort Ronghua Xu
title BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT
title_short BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT
title_full BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT
title_fullStr BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT
title_full_unstemmed BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT
title_sort blendcac: a smart contract enabled decentralized capability-based access control mechanism for the iot
publisher MDPI AG
series Computers
issn 2073-431X
publishDate 2018-07-01
description While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.
topic decentralized access control
Internet of Things (IoT)
blockchain protocol
smart contract
federated delegation
capability-based access control
url http://www.mdpi.com/2073-431X/7/3/39
work_keys_str_mv AT ronghuaxu blendcacasmartcontractenableddecentralizedcapabilitybasedaccesscontrolmechanismfortheiot
AT yuchen blendcacasmartcontractenableddecentralizedcapabilitybasedaccesscontrolmechanismfortheiot
AT erikblasch blendcacasmartcontractenableddecentralizedcapabilitybasedaccesscontrolmechanismfortheiot
AT genshechen blendcacasmartcontractenableddecentralizedcapabilitybasedaccesscontrolmechanismfortheiot
_version_ 1725806561172914176

Similar Items