Bloccess: Towards Fine-Grained Access Control Using Blockchain in a Distributed Untrustworthy Environment

Abstract

Access control plays a crucial role in constructing trust in a system. Particularly, it is imperative to enforce a fine-grained access control mechanism to make the access control framework flexible due to the high complexity of untrustworthy environments such as the Internet of Things (IoT) environments. However, traditional access control techniques can be hardly trusted on account of their centralized enforcements and improper distributed computing mechanisms while facing diverse and intricate threats. Although existing solutions based on public blockchain technology have addressed some issues, new challenges derived from public blockchain technology become noticeable such as low consensus efficiency and delicate incentive mechanism. In this paper, we propose Bloccess, a fine-grained access control framework using permissioned blockchain techniques, which enhances the trust in untrustworthy environments by enforcing a trustworthy access control mechanism. Bloccess provides a unified and user-centric solution for access control in distributed untrustworthy environments and optimizes the decentralized access control management, which significantly ensures the security properties of protected environments in terms of the threat model structured in this paper. We also prove the feasibility and effectiveness of Bloccess by security analysis and the comparison with some related frameworks.