BloAC: A blockchain-based secure access control management for the Internet of Things

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2024-10-30 DOI:10.1016/j.jisa.2024.103897

Utsa Roy, Nirnay Ghosh

{"title":"BloAC: A blockchain-based secure access control management for the Internet of Things","authors":"Utsa Roy, Nirnay Ghosh","doi":"10.1016/j.jisa.2024.103897","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT) paradigm has widespread applications across many fields in which private and sensitive user or environmental data are sensed and shared. Most present-day IoT applications depend on centralized cloud servers for authentication and access control. Validating the identity of a user and determining the legitimacy of his/her access requests require multiple rounds of data communications over the untrusted Internet, exposing sensitive data to potential attacks. Thus, protecting these data from security and privacy attacks and ensuring legitimate access is imperative. To address this challenge, we adopt an emerging technology called blockchain to propose a decentralized security framework called <em>BloAC</em>. It ensures secure access control in IoT networks without the intervention of the back-end cloud. We have used the <em>Hyperledger Fabric</em>, an open-source, permissioned blockchain platform, for implementing a prototype system using customized <em>attribute-based access control (ABAC)</em> policies. We have performed simulated and real test bed-based experiments to illustrate that <em>BloAC</em> outperforms the cloud–server-based access control in latency and scalability, significantly reducing latency by up to 42.45% compared to cloud-based solutions. Finally, we conduct a security analysis to formally verify the ABAC policies used in <em>BloAC</em> and establish its robustness against attacks theoretically and using the <em>AVISPA</em> tool.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"87 ","pages":"Article 103897"},"PeriodicalIF":3.8000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001996","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) paradigm has widespread applications across many fields in which private and sensitive user or environmental data are sensed and shared. Most present-day IoT applications depend on centralized cloud servers for authentication and access control. Validating the identity of a user and determining the legitimacy of his/her access requests require multiple rounds of data communications over the untrusted Internet, exposing sensitive data to potential attacks. Thus, protecting these data from security and privacy attacks and ensuring legitimate access is imperative. To address this challenge, we adopt an emerging technology called blockchain to propose a decentralized security framework called BloAC. It ensures secure access control in IoT networks without the intervention of the back-end cloud. We have used the Hyperledger Fabric, an open-source, permissioned blockchain platform, for implementing a prototype system using customized attribute-based access control (ABAC) policies. We have performed simulated and real test bed-based experiments to illustrate that BloAC outperforms the cloud–server-based access control in latency and scalability, significantly reducing latency by up to 42.45% compared to cloud-based solutions. Finally, we conduct a security analysis to formally verify the ABAC policies used in BloAC and establish its robustness against attacks theoretically and using the AVISPA tool.

查看原文本刊更多论文

BloAC：基于区块链的物联网安全访问控制管理

物联网（IoT）模式在许多领域都有广泛的应用，在这些领域中，私人和敏感的用户或环境数据被感知和共享。目前，大多数物联网应用都依赖于集中式云服务器进行身份验证和访问控制。验证用户身份和确定其访问请求的合法性需要在不受信任的互联网上进行多轮数据通信，从而将敏感数据暴露在潜在攻击之下。因此，保护这些数据免受安全和隐私攻击并确保合法访问势在必行。为了应对这一挑战，我们采用了一种名为区块链的新兴技术，提出了一种名为 BloAC 的去中心化安全框架。它能确保物联网网络中的安全访问控制，而无需后端云的干预。我们使用 Hyperledger Fabric（一个开源、经过许可的区块链平台）实现了一个使用定制的基于属性的访问控制（ABAC）策略的原型系统。我们进行了模拟和基于真实测试平台的实验，结果表明 BloAC 在延迟和可扩展性方面优于基于云服务器的访问控制，与基于云的解决方案相比，延迟显著降低了 42.45%。最后，我们进行了安全分析，正式验证了 BloAC 中使用的 ABAC 策略，并利用 AVISPA 工具从理论上确定了其抵御攻击的鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.