Data in Internet of things (IoT) usually contains a large amount of personal privacy information, In order to prevent privacy data leakage due to unauthorized access during device collaboration, this article proposes a set of access control mechanisms for multi-domain IoT device collaboration scenarios. By combining distributed capabilitybased access control (CapAC) with blockchain technology, this article designs a capability token stored in the blockchain and a token management contract based on smart contracts. According to CapACs access decision-making method, a blockchain-based token verification method is designed. The blockchain lightweight node is optimized for the characteristics of IoT. Finally, a blockchain system is built to implement the mechanism proposed in the article. Experimental test results show that compared to centralized access control mechanisms, this solution can safely and accurately execute access decisions in large-scale IoT scenarios and has more stable processing performance. Lightweight design can greatly reduce node storage burden.
[1] Sandhu R S, Coyne E J, Feinstein H L, et al. Role-based access control models[J]. Computer, 1996, 29(2):38-47.
[2] De Souza L M S, Spiess P, Guinard D, et al. Socrades:a Web service based shop floor integration infrastructure[M]//The Internet of Things. Heidelberg, Berlin:Springer, 2008:5067.
[3] Spiess P, Karnouskos S, Guinard D, et al. SOA-based integration of the Internet of things in enterprise services[C]//IEEE International Conference on Web Services, 2009:968-975.
[4] Zhang G, Tian J. An extended role based access control model for the Internet of things[C]//International Conference on Information, Networking and Automation, 2010, 1:319323.
[5] Smari W W, Clemente P, Lalande J F. An extended attribute based access control model with trust and privacy:application to a collaborative crisis management system[J]. Future Generation Computer Systems, 2014, 31:147-168.
[6] Yuan E, Tong J. Attributed based access control (ABAC) for Web services[C]//IEEE International Conference on Web Services, 2006:74-79.
[7] Ning Y E, Zhu Y, Wang R C, et al. An efficient authentication and access control scheme for perception layer of Internet of things[J]. Applied Mathematics & Information Sciences, 2014, 8(4):1-8.
[8] Mahalle P N, Anggorojati B, Prasad N R, et al. Identity authentication and capability based access control for the Internet of things[J]. Journal of Cyber Security and Mobility, 2013, 1(4):309-348.
[9] 沈海波, 刘少波. 面向物联网的基于上下文和权能的访问控制架构[J]. 武汉大学学报(理学版), 2014, 60(5):424-428. Shen H B, Liu S B. A context-aware capability-based access control framework for the Internet of things[J]. Journal of Wuhan University (Natural Science Edition), 2014, 60(5):424-428. (in Chinese)
[10] Hernández-Ramos J L, Jara A J, Marin L, et al. Distributed capability-based access control for the Internet of things[J]. Journal of Internet Services and Information Security, 2013, 3(3/4):1-16.
[11] Gusmeroli S, Piccione S, Rotondi D. A capability-based security approach to manage access control in the Internet of things[J]. Mathematical and Computer Modelling, 2013, 58(5/6):1189-1205.
[12] Anggorojati B, Mahalle P N, Prasad N R, et al. Capability-based access control delegation model on the federated IoT network[C]//The 15th International Symposium on Wireless Personal Multimedia Communications, IEEE, 2012:604-608.
[13] Zhang Y, Kasahara S, Shen Y, et al. Smart contract-based access control for the Internet of things[J]. IEEE Internet of Things Journal, 2018, 6(2):1594-1605.
[14] Nakamoto S. Bitcoin:a peer-to-peer electronic cash system[R/OL]. 2009[2020-10-15]. https://bitcoin.org/bitcoin.pdf.
[15] Back A. Hashcash-a denial of service counter-measure[OL]. 2002[2020-10-15]. https://www.researchgate.net/publication/2482110_Hashcash_-_A_Denial_of_Service_CounterMeasure.
[16] Wood G. Ethereum:a secure decentralised generalised transaction ledger[J]. Ethereum Project Yellow Paper, 2014, 151:1-32.
[17] Androulaki E, Barger A, Bortnikov V, et al. Hyperledger Fabric:a distributed operating system for permissioned blockchains[C]//Proceedings of the Thirteenth EuroSys Conference, 2018:1-15.
[18] 袁勇, 倪晓春, 曾帅, 等. 区块链共识算法的发展现状与展望[J]. 自动化学报, 2018, 44(11):20112022. Yuan Y, Ni X C, Zeng S, et al. Blockchain consensus algorithms:the state of the art and future trends[J]. Acta Automatica Sinica, 2008, 44(11):2011-2022. (in Chinese)
[19] Aitzhan N Z, Svetinovic D. Security and privacy in decentralized energy trading through multi-signatures, blockchain and anonymous messaging streams[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 15(5):840-852.
[20] Feng Q, He D, Zeadally S, et al. A survey on privacy protection in blockchain system[J]. Journal of Network and Computer Applications, 2019, 126:45-58.
[21] Herlihy M. Atomic cross-chain swaps[C]//Proceedings of 2018 ACM Symposium on Principles of Distributed Computing, 2018:245-254.
[22] Spanos N, Martin A R, Dixon E T, et al. System and method for creating a multi-branched blockchain with configurable protocol rules:U.S. Patent 9608829[P]. 2017-03-28.
[23] Zamani M, Movahedi M, Raykova M. Rapidchain:scaling blockchain via full sharding[C]//Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018:931-948.
[24] Dang H, Dinh T T A, Loghin D, et al. Towards scaling blockchain systems via sharding[C]//Proceedings of 2019 ACM International Conference on Management of Data, 2019:123140.
[25] Benet J. IPFS-content addressed, versioned, P2P file system[OL].[2020-10-15]. https://arxiv.org/abs/1407.3561.
[26] Gilad Y, Hemo R, Micali S, et al. Algorand:scaling Byzantine agreements for cryptocurrencies[C]//Proceedings of the 26th ACM Symposium on Operating Systems Principles, 2017:51-68.
[27] Kalra S, Goel S, Dhawan M, et al. ZEUS:analyzing safety of smart contracts[C]//Network and Distributed System Security Symposium, 2018.
[28] Cebe M, Erdin E, Akkaya K, et al. Block4forensic:an integrated lightweight blockchain framework for forensics applications of connected vehicles[J]. IEEE Communications Magazine, 2018, 56(10):50-57.
[29] Dorri A, Kanhere S S, Jurdak R, et al. LSB:a lightweight scalable blockchain for IoT security and anonymity[J]. Journal of Parallel and Distributed Computing, 2019, 134:180-197.
[30] Liu Y, Wang K, Lin Y, et al. LightChain:a lightweight blockchain system for industrial Internet of things[J]. IEEE Transactions on Industrial Informatics, 2019, 15(6):3571-3581.
