Trust-Based Blockchain Authorization for IoT

Putra, Guntur Dharma; Dedeoglu, Volkan; Kanhere, Salil S.; Jurdak, Raja; Ignjatović, Aleksandar

doi:10.1109/tnsm.2021.3077276

Cited by 64 publications

(45 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We noted, among others, that building trust between various entities in a highly dynamic and scalable system like the IoT is a challenging task that is significant when sharing information and controlling their access. Most of the access control approaches at present enhance the traditional distributed trust management systems for the IoT, lacking the proper need for trust in an IoT context [124]. We argue that there is a need to investigate the fusion of multiple observations along with the distributed aspects of trust in decision making under multiple-sources for large-scale IoT systems.…”

Section: E Road Aheadmentioning

confidence: 99%

Blockchain for IoT Access Control: Recent Trends and Future Research Directions

Pal¹,

Dorri²,

Jurdak³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

With the rapid development of wireless sensor networks, smart devices, and traditional information and communication technologies, there is tremendous growth in the use of Internet of Things (IoT) applications and services in our everyday life. IoT systems deal with high volumes of data. This data can be particularly sensitive, as it may include health, financial, location, and other highly personal information. Finegrained security management in IoT demands effective access control. Several proposals discuss access control for the IoT, however, a limited focus is given to the emerging blockchainbased solutions for IoT access control. In this paper, we review the recent trends and critical needs for blockchain-based solutions for IoT access control. We identify several important aspects of blockchain, including decentralised control, secure storage and sharing information in a trustless manner, for IoT access control including their benefits and limitations. Finally, we note some future research directions on how to converge blockchain in IoT access control efficiently and effectively.

show abstract

Section: E Road Aheadmentioning

confidence: 99%

Blockchain for IoT Access Control: Recent Trends and Future Research Directions

Pal¹,

Dorri²,

Jurdak³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Nevertheless, similar to authentication procedures, standard authorisation methods in the IoT rely on existing approaches, which incur overhead and centralisation. However, proposing decentralised, dynamic, and adaptable access control mechanisms is a critical requirement for resolving conventional authorisation or access control systems issues [179,180]. -Accountability of Network Users and Resources: After successfully authenticating and authorising users, an accountability process monitors resources consumed by network or application users.…”

Section: Security Requirementsmentioning

confidence: 99%

A taxonomy study on securing Blockchain-based Industrial applications: An overview, application perspectives, requirements, attacks, countermeasures, and open issues

Hameed

Barika

Garg

et al. 2022

Journal of Industrial Information Integration

View full text Add to dashboard Cite

“…Blockchain is used instead of untrusted cloud servers to perform the outsourcing decryption on attributes determining the secure access to resources. To achieve the dynamic nature of authorisation mechanisms for IoT networks, Putra et al [40] presented a decentralised access control mechanism based on the ABAC model in conjunction with a trust and reputation system. The proposed mechanism sought to achieve dynamic access privileges by focusing on IoT device compromise scenarios.…”

Section: Smart Contracts-based Approachesmentioning

confidence: 99%

A Blockchain-based Decentralised and Dynamic Authorisation Scheme for the Internet of Things

Hameed¹,

Raza²,

Garg³

et al. 2022

Preprint

View full text Add to dashboard Cite

An authorisation has been recognised as an important security measure for preventing unauthorised access to critical resources, such as devices and data, within the Internet of Things (IoT) networks. To achieve authorisation, access control mechanisms are extensively utilised, restricting the user's actions within the network or system based on predetermined access control policies with specific control actions. Existing authorisation methods for the IoT network is based on traditional access control models, which have several drawbacks, including architecture centralisation, policy tampering, access rights validation, malicious third party policy assignment and control, and network-related overheads. The increasing trend of integrating Blockchain technology with IoT networks demonstrates its importance and potential to address the shortcomings of traditional IoT network authorisation mechanisms. However, existing Blockchain-based authorisation solutions for IoT networks overlook the importance of utilising the full potential of Blockchain technology and under-perform to handle the dynamicity of the underlying network in terms of malicious user behaviour, static policies, and auditability of user requests and resources. This paper proposes a decentralised secure, dynamic, and flexible authorisation scheme for IoT networks based on attribute-based access control (ABAC) fine-grained policies stored on a distributed immutable ledger. We design a Blockchain-based ABAC policy management framework divided into Attribute Management Authority (AMA) and Policy Management Authority (PMA) frameworks that use smart contract features to initialise, store, and manage attributes and policies on the Blockchain. To achieve flexibility and dynamicity in the authorisation process, we capture and utilise the environmental-related attributes in conjunction with the subject and object attributes of the ABAC model to define the policies. Furthermore, we designed the Blockchain-based Access Management Framework (AMF) to manage user requests to access IoT devices while maintaining the privacy and auditability of user requests and assigned policies. We implemented a prototype of our proposed scheme and executed it on the local Ethereum Blockchain. Finally, we demonstrated the applicability and flexibility of our proposed scheme for an IoT-based smart home scenario, taking into account deployment, execution and financial costs.

show abstract

Trust-Based Blockchain Authorization for IoT

Cited by 64 publications

References 27 publications

Blockchain for IoT Access Control: Recent Trends and Future Research Directions

Blockchain for IoT Access Control: Recent Trends and Future Research Directions

A taxonomy study on securing Blockchain-based Industrial applications: An overview, application perspectives, requirements, attacks, countermeasures, and open issues

A Blockchain-based Decentralised and Dynamic Authorisation Scheme for the Internet of Things

Contact Info

Product

Resources

About