Due to the rapid penetration of the Internet of Things (IoT) into human life, illegal access to IoT resources (e.g., data and actuators) has greatly threatened our safety. Access control, which specifies who (i.e., subjects) can access what resources (i.e., objects) under what conditions, has been recognized as an effective solution to address this issue. To cope with the distributed and trust-less nature of IoT systems, we propose a decentralized and trustworthy Capability-Based Access Control (CapBAC) scheme by using the Ethereum smart contract technology. In this scheme, a smart contract is created for each object to store and manage the capability tokens (i.e., data structures recording granted access rights) assigned to the related subjects, and also to verify the ownership and validity of the tokens for access control. Different from previous schemes which manage the tokens in units of subjects, i.e., one token per subject, our scheme manages the tokens in units of access rights or actions, i.e., one token per action. Such novel management achieves more fine-grained and flexible capability delegation and also ensures the consistency between the delegation information and the information stored in the tokens. We implemented the proposed CapBAC scheme in a locally constructed Ethereum blockchain network to demonstrate its feasibility. In addition, we measured the monetary cost of our scheme in terms of gas consumption to compare our scheme with the existing Blockchain-Enabled Decentralized Capability-Based Access Control (BlendCAC) scheme proposed by other researchers. The experimental results show that the proposed scheme outperforms the BlendCAC scheme in terms of the flexibility, granularity, and consistency of capability delegation at almost the same monetary cost.
When large-scale disasters occur, evacuees have to evacuate to safe places quickly. They, however, may not be able to afford to obtain sufficient information for their evacuations under such emergent situations. In this paper, we propose an automatic evacuation guiding scheme using evacuees' mobile nodes, e.g., smart phones. The key idea to achieve automatic evacuation guiding is implicit interactions between evacuees and their mobile nodes. Each mobile node tries to navigate its evacuee by presenting an evacuation route. At the same time, it can also trace the actual evacuation route of the evacuee as the trajectory by measuring his/her positions periodically. The proposed scheme automatically estimates blocked road segments from the difference between the presented evacuation route and the actual evacuation route, and then recalculates the alternative evacuation route. In addition, evacuees also share such information among them through direct wireless communication with other mobile nodes and that with a server via remaining communication infrastructures. Through simulation experiments, we show that 1) the proposed scheme works well when the degree of damage is high and/or road segments are continuously blocked, 2) the average evacuation time can be improved even in small penetration ratio of the proposed system, and 3) the direct wireless communication can support many evacuations at almost the same level as the communication infrastructure when the number of evacuees becomes large.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.