Next Article in Journal
Integrated Circuit Angular Displacement Sensor with On-chip Pinhole Aperture
Previous Article in Journal
RTK/Pseudolite/LAHDE/IMU-PDR Integrated Pedestrian Navigation System for Urban and Indoor Environments
Previous Article in Special Issue
Reliable Task Management Based on a Smart Contract for Runtime Verification of Sensing and Actuating Tasks in IoT Environments
Open AccessArticle

Exploiting Smart Contracts for Capability-Based Access Control in the Internet of Things

Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan
*
Author to whom correspondence should be addressed.
This paper is an extended version of our paper published in Capability-Based Access Control for the Internet of Things: An Ethereum Blockchain-Based Scheme, In Proceedings of the the 2019 IEEE Global Communications Conference (IEEE GLOBECOM 2019), Waikoloa, HI, USA, 9–13 December 2019.
Sensors 2020, 20(6), 1793; https://doi.org/10.3390/s20061793
Received: 3 March 2020 / Revised: 16 March 2020 / Accepted: 19 March 2020 / Published: 24 March 2020
(This article belongs to the Special Issue Blockchain Security and Privacy for the Internet of Things)
Due to the rapid penetration of the Internet of Things (IoT) into human life, illegal access to IoT resources (e.g., data and actuators) has greatly threatened our safety. Access control, which specifies who (i.e., subjects) can access what resources (i.e., objects) under what conditions, has been recognized as an effective solution to address this issue. To cope with the distributed and trust-less nature of IoT systems, we propose a decentralized and trustworthy Capability-Based Access Control (CapBAC) scheme by using the Ethereum smart contract technology. In this scheme, a smart contract is created for each object to store and manage the capability tokens (i.e., data structures recording granted access rights) assigned to the related subjects, and also to verify the ownership and validity of the tokens for access control. Different from previous schemes which manage the tokens in units of subjects, i.e., one token per subject, our scheme manages the tokens in units of access rights or actions, i.e., one token per action. Such novel management achieves more fine-grained and flexible capability delegation and also ensures the consistency between the delegation information and the information stored in the tokens. We implemented the proposed CapBAC scheme in a locally constructed Ethereum blockchain network to demonstrate its feasibility. In addition, we measured the monetary cost of our scheme in terms of gas consumption to compare our scheme with the existing Blockchain-Enabled Decentralized Capability-Based Access Control (BlendCAC) scheme proposed by other researchers. The experimental results show that the proposed scheme outperforms the BlendCAC scheme in terms of the flexibility, granularity, and consistency of capability delegation at almost the same monetary cost. View Full-Text
Keywords: Ethereum Blockchain; Internet of Things; Capability-Based Access Control (CapBAC) Ethereum Blockchain; Internet of Things; Capability-Based Access Control (CapBAC)
Show Figures

Figure 1

MDPI and ACS Style

Nakamura, Y.; Zhang, Y.; Sasabe, M.; Kasahara, S. Exploiting Smart Contracts for Capability-Based Access Control in the Internet of Things. Sensors 2020, 20, 1793.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop