OAuth 2.0 meets Blockchain for Authorization in Constrained IoT Environments

Siris, Vasilios A.; Dimopoulos, Dimitrios; Fotiou, Nikos; Voulgaris, Spyros; Polyzos, George C.

doi:10.1109/wf-iot.2019.8767223

Cited by 20 publications

(14 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, it requires a client, the protected resource, the RO, and the AS to be online at the moment of the access request, which is often difficult to fulfill when the protected resource is an IoT device with intermittent network access. As a potential solution, Siris et al proposed a variant of OAuth 2.0 for IoT devices: a two-fold scheme which uses blockchain and smart contract technology [14]. Firstly, they proposed a scheme in which the client requests the access for an IoT to an AS.…”

Section: A Iot Access Managementmentioning

confidence: 99%

Recent Advances in Smart Contracts: A Technical Overview and State of the Art

et al. 2020

View full text Add to dashboard Cite

Smart contracts, as an added functionality to blockchain, have received increased attention recently. They are executable programs whose instance and state are stored in blockchain. Hence, smart contracts and blockchain enable a trustable, trackable, and irreversible protocol without the need for trusted third parties which generally constitute a single point of failure. If a user creates and distributes a smart contract, others will be able to interact with it while the underlying blockchain ensures a trustable execution. In this paper, we aim to introduce state-of-the-art technologies of the smart contract protocol. We firstly introduce the history of blockchain and smart contracts followed by their step-by-step operations. Then, we introduce the survey results which are classified into four categories based on their purposes: cryptography, access management, social application, and smart contract structure. By presenting the most recent knowledge, this paper will contribute to the advances and proliferation of smart contracts.

show abstract

Section: A Iot Access Managementmentioning

confidence: 99%

Recent Advances in Smart Contracts: A Technical Overview and State of the Art

et al. 2020

View full text Add to dashboard Cite

show abstract

“…The work in this paper is related to our previous work published in [13]- [15]. However, in these papers we considered constrained devices not capable of accessing the blockchain.…”

Section: Related Workmentioning

confidence: 99%

“…Smart contracts are ideal for performing "fair exchange" of digital goods [19]. In our previous work, published in [15], we used smart contracts to exchange an access token for money. In a nutshell, with the solution presented in [15] the authorization server encrypts a token, the client "deposits" some money in the form of escrow, and the server receives the escrow only if it reveals the "correct" decryption key.…”

Section: Fair Exchangementioning

confidence: 99%

OAuth 2.0 Authorization using Blockchain-based Tokens

Fotiou¹,

Pittaras²,

Siris³

et al. 2020

Proceedings 2020 Workshop on Decentralized IoT Systems and Security

Self Cite

View full text Add to dashboard Cite

OAuth 2.0 is the industry-standard protocol for authorization. It facilitates secure service provisioning, as well as secure interoperability among diverse stakeholders. All OAuth 2.0 protocol flows result in the creation of an access token, which is then used by a user to request access to a protected resource. Nevertheless, the definition of access tokens is transparent to the OAuth 2.0 protocol, which does not specify any particular token format, how tokens are generated, or how they are used. Instead, the OAuth 2.0 specification leaves all these as design choices for integrators. In this paper, we propose a new type of OAuth 2.0 token backed by a distributed ledger. Our construction is secure, and it supports proof-of-possession, auditing, and accountability. Furthermore, we provide added-value token management services, including revocation, delegation, and fair exchange, by leveraging smart contracts. We realized a proof-ofconcept implementation of our solution using Ethereum smart contracts and the ERC-721 token specification.

show abstract

“…Siris et al 18 proposed an authorization framework based on blockchain and OAuth 2.0 to provide delegation of authorization for constrained IoT nodes. In this work, the authors combined OAuth 2.0 with blockchain to allow authorizations to be linked to payments so that the OAuth 2.0 message flow for the payments remains on the blockchain.…”

Section: Introductionmentioning

confidence: 99%

AFaaS: Authorization framework as a service for Internet of Things based on interoperable OAuth

Kim

2020

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Internet of Things has become a fundamental paradigm in our everyday lives. However, standards and technologies are often designed without considering interoperability, which is a critical issue for Internet of Things. Internet of Things environment requires interoperability to share resources (e.g. data and services) between heterogeneous Internet of Things domains. The open authorization (OAuth) 2.0 framework that is actively used in Internet of Things (as well as in conventional web environments) also did not focus on interoperability. In other words, the systems that implement the same OAuth 2.0 standard cannot interoperate without additional support. For this reason, we propose an authorization framework as a service. Authorization framework as a service provides an additional authorization layer to support standard authorization capabilities as an interoperable secure wrapper between different domains. Besides, authorization framework as a service supports the four extended authorization grant flow types to issue an interoperable access token, which has a global access scope across multiple heterogeneous domains. With the authorization framework as a service, interoperability can be supported for heterogeneous domains, and token management can also be simple because an interoperable access token can represent several existing access tokens that have local access scopes. Furthermore, this article presents a feasible interoperability scenario, implementation, and security considerations for authorization framework as a service, focusing on Internet of Things platforms.

show abstract

OAuth 2.0 meets Blockchain for Authorization in Constrained IoT Environments

Cited by 20 publications

References 12 publications

Recent Advances in Smart Contracts: A Technical Overview and State of the Art

Recent Advances in Smart Contracts: A Technical Overview and State of the Art

OAuth 2.0 Authorization using Blockchain-based Tokens

AFaaS: Authorization framework as a service for Internet of Things based on interoperable OAuth

Contact Info

Product

Resources

About