Attribute-Based Access Control for Smart Cities: A Smart Contract-Driven Framework

While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

Download Full-text

BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for IoT

10.20944/preprints201805.0079.v1 ◽

2018 ◽

Cited By ~ 2

Author(s):

Ronghua Xu ◽

Yu Chen ◽

Erik Blasch ◽

Genshe Chen

Keyword(s):

Access Control ◽

Large Scale ◽

Smart Cities ◽

Single Point ◽

Raspberry Pi ◽

Role Based Access Control ◽

Privacy And Security ◽

Smart Contract ◽

Attribute Based Access Control ◽

Role Based

While the Internet of Things (IoT) technology has been widely recognized as the essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today's AC is the centralized authorization server, which can be the performance bottleneck or the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable an effective protection for devices, services and information in large scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registering, propagating and revocating of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI node) and more powerful computing devices (i.e., laptops), and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

Download Full-text

ABSAC: Attribute-Based Access Control Model Supporting Anonymous Access for Smart Cities

Security and Communication Networks ◽

10.1155/2021/5531369 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Runnan Zhang ◽

Gang Liu ◽

Shancang Li ◽

Yongheng Wei ◽

Quan Wang

Keyword(s):

Internet Of Things ◽

Access Control ◽

Private Information ◽

Smart Cities ◽

Control Model ◽

User Privacy ◽

Access Control Models ◽

The Subject ◽

Attribute Based Access Control ◽

Iot Devices

Smart cities require new access control models for Internet of Things (IoT) devices that preserve user privacy while guaranteeing scalability and efficiency. Researchers believe that anonymous access can protect the private information even if the private information is not stored in authorization organization. Many attribute-based access control (ABAC) models that support anonymous access expose the attributes of the subject to the authorization organization during the authorization process, which allows the authorization organization to obtain the attributes of the subject and infer the identity of the subject. The ABAC with anonymous access proposed in this paper called ABSAC strengthens the identity-less of ABAC by combining homomorphic attribute-based signatures (HABSs) which does not send the subject attributes to the authorization organization, reducing the risk of subject identity re-identification. It is a secure anonymous access framework. Tests show that the performance of ABSAC implementation is similar to ABAC’s performance.

Download Full-text

Multi-Authority Attribute-Based Access Control with Smart Contract

Proceedings of the 2019 International Conference on Blockchain Technology - ICBCT 2019 ◽

10.1145/3320154.3320164 ◽

2019 ◽

Cited By ~ 8

Author(s):

Hao Guo ◽

Ehsan Meamari ◽

Chien-Chung Shen

Keyword(s):

Access Control ◽

Smart Contract ◽

Attribute Based Access Control

Download Full-text

Privacy Preservation for On-Chain Data in the Permission less Blockchain using Symmetric Key Encryption and Smart Contract

Mehran University Research Journal of Engineering and Technology ◽

10.22581/muet1982.2102.05 ◽

2021 ◽

Vol 40 (2) ◽

pp. 305-313

Author(s):

Riaz Ahmad Ziar ◽

Syed Irfanullah ◽

Wajid Ullah Khan ◽

Abdus Salam

Keyword(s):

Access Control ◽

Data Privacy ◽

Smart Cities ◽

Smart Contracts ◽

Validation Data ◽

Secret Information ◽

Data Provider ◽

Access Control List ◽

Smart Contract ◽

Data Consumer

Blockchain technology provides several suitable characteristics such as immutability, decentralization and verifiable ledger. It records the transactions in a decentralized way and can be integrated into several fields like eHealth, e-Government and smart cities etc. However, blockchain has several privacy and security issues, one of them is the on-chain data privacy. To deal with this issue we provide a privacy-preserving solution for permission less blockchain to empower the user to take control of transaction data in the open ledger. This work focuses on designing and developing the peer-to-peer system using symmetric cryptography and ethereum smart contract. In this scheme, we create smart contracts for the interaction of the data provider, data consumer, and access control list. Data providers register authorized users in the access control list. Data consumers can check their validity in the access control list. After successful validation, data consumers can request the security key from data providers to access secret information. Based on successful validation, a smart contract that is created between the data provider and data consumer is executed to send a key to the data consumer for accessing the secret information. The smart contracts of this proposed model are modeled in solidity, and the performance of the contracts is assessed in the Ropsten test network.

Download Full-text

A Blockchain-Based Medical Data Sharing Mechanism with Attribute-Based Access Control and Privacy Protection

Wireless Communications and Mobile Computing ◽

10.1155/2021/6685762 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Yingwen Chen ◽

Linghang Meng ◽

Huan Zhou ◽

Guangtao Xue

Keyword(s):

Access Control ◽

Data Sharing ◽

Privacy Protection ◽

Rapid Development ◽

Medical Data ◽

Searchable Encryption ◽

Prototype System ◽

Smart Contract ◽

Medical Institutions ◽

Attribute Based Access Control

The rapid development of wearable sensors and the 5G network empowers traditional medical treatment with the ability to collect patients’ information remotely for monitoring and diagnosing purposes. Meanwhile, the health-related mobile apps and devices also generate a large amount of medical data, which is critical for promoting disease research and diagnosis. However, medical data is too sensitive to share, which is also a common issue for IoT (Internet of Things) data. The traditional centralized cloud-based medical data sharing schemes have to rely on a single trusted third party. Therefore, the schemes suffer from single-point failure and lack of privacy protection and access control for the data. Blockchain is an emerging technique to provide an approach for managing data in a decentralized manner. Especially, the blockchain-based smart contract technique enables the programmability for participants to access the data. All the interactions are authenticated and recorded by the other participants of the blockchain network, which is tamper resistant. In this paper, we leverage the K-anonymity and searchable encryption techniques and propose a blockchain-based privacy-preserving scheme for medical data sharing among medical institutions and data users. To be specific, the consortium blockchain, Hyperledger Fabric, is adopted to allow data users to search for encrypted medical data records. The smart contract, i.e., the chaincode, implements the attribute-based access control mechanisms to guarantee that the data can only be accessed by the user with proper attributes. The K-anonymity and searchable encryption ensure that the medical data is shared without privacy leaking, i.e., figuring out an individual patient from queries. We implement a prototype system using the chaincode of Hyperledger Fabric. From the functional perspective, security analysis shows that the proposed scheme satisfies security goals and precedes others. From the performance perspective, we conduct experiments by simulating different numbers of medical institutions. The experimental results demonstrate that the scalability and performance of our scheme are practical.

Download Full-text