多域物联网中基于区块链和权能的访问控制机制

doi:10.3969/j.issn.0255-8297.2021.01.005

Abstract

Abstract: Data in Internet of things (IoT) usually contains a large amount of personal privacy information, In order to prevent privacy data leakage due to unauthorized access during device collaboration, this article proposes a set of access control mechanisms for multi-domain IoT device collaboration scenarios. By combining distributed capabilitybased access control (CapAC) with blockchain technology, this article designs a capability token stored in the blockchain and a token management contract based on smart contracts. According to CapACs access decision-making method, a blockchain-based token verification method is designed. The blockchain lightweight node is optimized for the characteristics of IoT. Finally, a blockchain system is built to implement the mechanism proposed in the article. Experimental test results show that compared to centralized access control mechanisms, this solution can safely and accurately execute access decisions in large-scale IoT scenarios and has more stable processing performance. Lightweight design can greatly reduce node storage burden.

Key words: blockchain, access control, Internet of things (IoT), smart contract

CLC Number:

WANG Siyuan, ZOU Shihong. Blockchain and Capability Based Access Control Mechanism in Multi-domain IoT[J]. Journal of Applied Sciences, 2021, 39(1): 55-69.

References

[1] Sandhu R S, Coyne E J, Feinstein H L, et al. Role-based access control models[J]. Computer, 1996, 29(2):38-47.
[2] De Souza L M S, Spiess P, Guinard D, et al. Socrades:a Web service based shop floor integration infrastructure[M]//The Internet of Things. Heidelberg, Berlin:Springer, 2008:5067.
[3] Spiess P, Karnouskos S, Guinard D, et al. SOA-based integration of the Internet of things in enterprise services[C]//IEEE International Conference on Web Services, 2009:968-975.
[4] Zhang G, Tian J. An extended role based access control model for the Internet of things[C]//International Conference on Information, Networking and Automation, 2010, 1:319323.
[5] Smari W W, Clemente P, Lalande J F. An extended attribute based access control model with trust and privacy:application to a collaborative crisis management system[J]. Future Generation Computer Systems, 2014, 31:147-168.
[6] Yuan E, Tong J. Attributed based access control (ABAC) for Web services[C]//IEEE International Conference on Web Services, 2006:74-79.
[7] Ning Y E, Zhu Y, Wang R C, et al. An efficient authentication and access control scheme for perception layer of Internet of things[J]. Applied Mathematics & Information Sciences, 2014, 8(4):1-8.
[8] Mahalle P N, Anggorojati B, Prasad N R, et al. Identity authentication and capability based access control for the Internet of things[J]. Journal of Cyber Security and Mobility, 2013, 1(4):309-348.
[9] 沈海波, 刘少波. 面向物联网的基于上下文和权能的访问控制架构[J]. 武汉大学学报(理学版), 2014, 60(5):424-428. Shen H B, Liu S B. A context-aware capability-based access control framework for the Internet of things[J]. Journal of Wuhan University (Natural Science Edition), 2014, 60(5):424-428. (in Chinese)
[10] Hernández-Ramos J L, Jara A J, Marin L, et al. Distributed capability-based access control for the Internet of things[J]. Journal of Internet Services and Information Security, 2013, 3(3/4):1-16.
[11] Gusmeroli S, Piccione S, Rotondi D. A capability-based security approach to manage access control in the Internet of things[J]. Mathematical and Computer Modelling, 2013, 58(5/6):1189-1205.
[12] Anggorojati B, Mahalle P N, Prasad N R, et al. Capability-based access control delegation model on the federated IoT network[C]//The 15th International Symposium on Wireless Personal Multimedia Communications, IEEE, 2012:604-608.
[13] Zhang Y, Kasahara S, Shen Y, et al. Smart contract-based access control for the Internet of things[J]. IEEE Internet of Things Journal, 2018, 6(2):1594-1605.
[14] Nakamoto S. Bitcoin:a peer-to-peer electronic cash system[R/OL]. 2009[2020-10-15]. https://bitcoin.org/bitcoin.pdf.
[15] Back A. Hashcash-a denial of service counter-measure[OL]. 2002[2020-10-15]. https://www.researchgate.net/publication/2482110_Hashcash_-_A_Denial_of_Service_CounterMeasure.
[16] Wood G. Ethereum:a secure decentralised generalised transaction ledger[J]. Ethereum Project Yellow Paper, 2014, 151:1-32.
[17] Androulaki E, Barger A, Bortnikov V, et al. Hyperledger Fabric:a distributed operating system for permissioned blockchains[C]//Proceedings of the Thirteenth EuroSys Conference, 2018:1-15.
[18] 袁勇, 倪晓春, 曾帅, 等. 区块链共识算法的发展现状与展望[J]. 自动化学报, 2018, 44(11):20112022. Yuan Y, Ni X C, Zeng S, et al. Blockchain consensus algorithms:the state of the art and future trends[J]. Acta Automatica Sinica, 2008, 44(11):2011-2022. (in Chinese)
[19] Aitzhan N Z, Svetinovic D. Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 15(5):840-852.
[20] Feng Q, He D, Zeadally S, et al. A survey on privacy protection in blockchain system[J]. Journal of Network and Computer Applications, 2019, 126:45-58.
[21] Herlihy M. Atomic cross-chain swaps[C]//Proceedings of 2018 ACM Symposium on Principles of Distributed Computing, 2018:245-254.
[22] Spanos N, Martin A R, Dixon E T, et al. System and method for creating a multi-branched blockchain with configurable protocol rules:U.S. Patent 9608829[P]. 2017-03-28.
[23] Zamani M, Movahedi M, Raykova M. Rapidchain:scaling blockchain via full sharding[C]//Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018:931-948.
[24] Dang H, Dinh T T A, Loghin D, et al. Towards scaling blockchain systems via sharding[C]//Proceedings of 2019 ACM International Conference on Management of Data, 2019:123140.
[25] Benet J. IPFS-content addressed, versioned, P2P file system[OL].[2020-10-15]. https://arxiv.org/abs/1407.3561.
[26] Gilad Y, Hemo R, Micali S, et al. Algorand:scaling Byzantine agreements for cryptocurrencies[C]//Proceedings of the 26th ACM Symposium on Operating Systems Principles, 2017:51-68.
[27] Kalra S, Goel S, Dhawan M, et al. ZEUS:analyzing safety of smart contracts[C]//Network and Distributed System Security Symposium, 2018.
[28] Cebe M, Erdin E, Akkaya K, et al. Block4forensic:an integrated lightweight blockchain framework for forensics applications of connected vehicles[J]. IEEE Communications Magazine, 2018, 56(10):50-57.
[29] Dorri A, Kanhere S S, Jurdak R, et al. LSB:a lightweight scalable blockchain for IoT security and anonymity[J]. Journal of Parallel and Distributed Computing, 2019, 134:180-197.
[30] Liu Y, Wang K, Lin Y, et al. LightChain:a lightweight blockchain system for industrial Internet of things[J]. IEEE Transactions on Industrial Informatics, 2019, 15(6):3571-3581.

Blockchain and Capability Based Access Control Mechanism in Multi-domain IoT

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

[1]	ZHAO Yingqi, ZHU Xueyang, LI Guangyuan, GAO Ya, BAO Yulong. Verification of Smart Contracts with Time Constraints [J]. Journal of Applied Sciences, 2021, 39(1): 1-16.
[2]	FAN Junsong, CHEN Jianhai, SHEN Rui, LIU Zhenguang, HE Qinming, HUANG Butian. SGX-Based Approach for Blockchain Transactions Security and Privacy Protection [J]. Journal of Applied Sciences, 2021, 39(1): 17-28.
[3]	ZHAO Xiaoqi, LI Yong. Auditable and Traceable Blockchain Anonymous Transaction Scheme [J]. Journal of Applied Sciences, 2021, 39(1): 29-41.
[4]	ZHANG Xuewang, FENG Jiaqi, YIN Zijie, LIN Jinzhao. Trusted Query Method for Data Provenance Based on Blockchain [J]. Journal of Applied Sciences, 2021, 39(1): 42-54.
[5]	FANG Junjie, LEI Kai. Blockchain for Edge AI Computing: A Survey [J]. Journal of Applied Sciences, 2020, 38(1): 1-21.
[6]	HE Zhengyuan, DUAN Tiantian, ZHANG Ying, ZHANG Hanwen, SUN Yi. Blockchain in Internet of Things: Application and Challenges [J]. Journal of Applied Sciences, 2020, 38(1): 22-33.
[7]	BAO Zhenshan, WANG Kaixuan, ZHANG Wenbo. A Practical Byzantine Fault Tolerance Consensus Algorithm Based on Tree Topological Network [J]. Journal of Applied Sciences, 2020, 38(1): 34-50.
[8]	LI Zhongcheng, HUANG Jianhua, TANG Ruicong, HU Qingchun, XIA Xu. A Scalable Consensus Protocol Based on Equity Representation [J]. Journal of Applied Sciences, 2020, 38(1): 51-64.
[9]	ZOU Xiuqing, LUO Decun, LIN Ping, SHEN Shiping, XIE Zhenping, WANG Yujue, DING Yong. System of River Chief-Oriented Water Quality Information Certification Based on Blockchain [J]. Journal of Applied Sciences, 2020, 38(1): 65-80.
[10]	YUAN Chenjuan, SUN Guozi, LI Huakang, WANG Jitao. Credible Depository Chain System of Card Games [J]. Journal of Applied Sciences, 2020, 38(1): 81-92.
[11]	JIANG Yunchao, HE Xiaowei, CUI Yiju. Blockchain Node Storage Optimization Scheme [J]. Journal of Applied Sciences, 2020, 38(1): 119-126.
[12]	PAN Heng, PAN Lei, YAO Zhongyuan, SI Xueming. A Patient-Controlled Security Access Mechanism for Electronic Health Records [J]. Journal of Applied Sciences, 2020, 38(1): 127-138.
[13]	SHE Wei, CHEN Jiansen, GU Zhihao, TIAN Zhao, XU Li, LIU Wei. Location Information Protection Model for IoT Nodes Based on Blockchain [J]. Journal of Applied Sciences, 2020, 38(1): 139-151.
[14]	LEI Kai, HUANG Shuokang, FANG Junjie, HUANG Jiyue, XIE Yingying, PENG Bo. Intelligent Eco Networking (IEN): Knowledge-Driven and Value-Oriented Future Internet Infrastructure [J]. Journal of Applied Sciences, 2020, 38(1): 152-172.
[15]	ZHANG Lihua, HU Fangzhou, HUANG Yang, WAN Yuanhua, LI Jingjing. Identity Authentication Protocol of Micro-grid Power Based on Consortium Blockchain [J]. Journal of Applied Sciences, 2020, 38(1): 173-183.