An Attribute-Based Access Control for IoT Using Blockchain and Smart Contracts

: With opportunities brought by the Internet of Things (IoT), it is quite a challenge to main-tain concurrency and privacy when a huge number of resource-constrained distributed devices are involved. Blockchain have become popular for its beneﬁts, including decentralization, persistence, immutability, auditability, and consensus. Great attention has been received by the IoT based on the construction of distributed ﬁle systems worldwide. A new generation of IoT-based distributed ﬁle systems has been proposed with the integration of Blockchain technology, such as the Swarm and Interplanetary File System. By using IoT, new technical challenges, such as Credibility, Harmoniza-tion, large-volume data, heterogeneity, and constrained resources are arising. To ensure data security in IoT, centralized access control technologies do not provide credibility. In this work, we propose an attribute-based access control model for the IoT. The access control lists are not required for each device by the system. It enhances access management in terms of effectiveness. Moreover, we use blockchain technology for recording the attribute, avoiding data tempering, and eliminating a single point of failure at edge computing devices. IoT devices control the user’s environment as well as his or her private data collection; therefore, the exposure of the user’s personal data to non-trusted private and public servers may result in privacy leakage. To automate the system, smart contracts are used for data accessing, whereas Proof of Authority is used for enhancing the system’s performance and optimizing gas consumption. Through smart contracts, ciphertext can be stored on a blockchain by the data owner. Data can only be decrypted in a valid access period, whereas in blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. Scalability issues can also be resolved by using the multichain blockchain. Eventually, it is concluded from the simulation results that the proposed system is efﬁcient for IoT. Author Contributions: Conceptualization, M.A.S. and H.A.K.; Formal analysis, A.M.E.-S. and M.A.E.-M.; Funding acquisition, A.M.E.-S. and M.A.E.-M.; Investigation, M.A.S.; Methodology, H.A.K. and H.T.R.; Resources, C.M.; Supervision, H.A.K.; Validation, H.T.R.; Writing—original


Introduction
IoT has become the most promising technology in industry and academia. Some of the aims of IoT are enabling, sharing, and collecting data anonymously from home appliances, vehicles, and physical and intelligent devices. In 2017, more than 8.4 billion devices joined this worldwide network, which shows the increased limit of 31% from 2016 [1]. On the contrary, Gartner [2] forecasts that it will reach 25 billion by 2021, and by 2023, the buying and selling of IoT data will become an essential part of many IoT systems. With a large number of devices involved, storage-related challenges also arise, and along with that, data protection and large-scale efficient data storage are significant issues [3].
New challenges and security risks keep increasing due to the increasing amount of connected devices,as shown in Figure 1. Security devices are becoming vulnerable to privacy-threatening attacks launched by malicious users, and because of these attacks, it is difficult to completely control the widely distributed IoT devices. For controlling the data leakage from IoT devices, an authorized access mechanism is needed to protect sensitive and valuable information [4].
There is rapid technological advancement for user's data sharing between the enterprises. By using data sharing applications, user experiences are improving in terms of functionality. Approaches based on standard security techniques while sharing user data without using any trusted authority have been addressed by Sherstha et al. [5]. The questions regarding what type of data and when or whom has been discussed by Meadows et al. [6], in which the data sharing with increasing incentive is a matter of intense research. For personal data storing, certain privacy and security issues, such as data theft and breaches, are present. When using the centralized authority, the deletion of user data and not delivering user's data are major problems [7].
Various technologies for the collection of data and sharing user data have been deployed using cloud computing, Federated learning [8], and RFID (Radio Frequency Identification). In strong privacy legislation, e.g., GDPR, the data owner's consent needs to be asked. The consent of data sharing and its use needs to be renewed, which provides meaningful incentives [9].
To provide effective unauthorized control, one of the most important and useful technologies is an access control system. Discretionary access control (DAC), which is known as traditional access control, and identity-based access control (IBAC) both fail to provide an appropriate result for the implementation of access control in IoT systems since the access control list of each unknown identity in the IoT system is almost impossible to make. Mandatory access control (MAC) is another technique that suffers from a single point failure due to the central administrator's imposition [10].

Attribute-Based Access Control (ABAC)
A new type of dynamic, fine-grained, and flexible access control has been provided by attribute-based access control (ABAC), in which the attribute authorities issue the identities or roles to a set of attributes; therefore, making separate access control lists for every entity present in the system is not required. It effectively simplifies access management due to the smaller number of attributes compared to the number of users in the system [11].
The costs associated with the storage devices have been decreasing due to the advancement of storage technology. As compared to blockchains, the cost of cloud storage services based on a centralized system are gradually increasing. From this point of view, the future requires a decentralized storage system, which is independent of third-party interference, that honestly stores and transmits the user's data. After the advent of Bitcoin, its underlying blockchain technology provides a kind of decentralized storage facility [12,13]. The implementation of distributed file systems is expected to become a promising research field because of the peer-to-peer study, such as Napster [14], Morpheus [15], Gnutella [16], and Kazaa [17]. On the contrary, Bitcoin [18] is one of the most popular P2P network systems and supports up to 100 million users. Blockchain is a hot topic for the business community and technology giants [19]. In the network, system clients and storage resources are dispersed to form a distributed file system, where every user is a consumer and creator of stored data.
The expectation of ensuring trust and reducing overhead for IoT systems [20,21] has led the combination of Blockchain technology with IoT to become a promising trend, through which a publicly verifiable, decentralized, and credible database can be established, and a distributed trust of billions of connected things can also be achieved. In our daily lives, the involvement of electronic devices are increasing day by day. For example, an automatically repairing order by the coffee machine, the identification of parking lot usage, and the detection of rubbish bin fullness are all electronic devices used daily [22].

Paper Contributions
In our proposed work, we propose a blockchain-based architecture similar to the one proposed in [23] for enhancing the IoT security and privacy and to overcome the authentication and access control issues present in existing IoT systems. Moreover, the main contributions are as follows: • We propose a blockchain-based network for reliable data sharing between resourceconstrained IoTs. • Storing the huge data generated by IoTs, a distributed file system, i.e., IPFS or swarm, is used. • Proof of Authority (PoA) is used instead of Proof of Work (PoW), which increases throughput and reduces the system latency. • A smart-contract-based access control mechanism is implemented to securely share data. • Through smart contracts, the data ciphertext can be stored in the blockchain by the data owner. • Data can only be decrypted in a valid access period given by the data owner. • In blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. • Validating the effectiveness of cpabe and the access model, extensive simulations are performed in pylab, and the performance parameters are the total cost consumption and cpu utilization. • To resolve the scalability issues, different kinds of blockchains have been used for data storing and data sharing. • The simulation results show that our proposed scheme significantly reduces the execution and transaction cost as well as the verification time of the transaction in a blockchain.
The rest of the paper is organized as follows: Background information and the motivation behind the study are provided in Section 2. Preliminaries are discussed in Section 3. Section 4 shows the literature review, whereas the system model and proposed methodology are demonstrated in Sections 5. Section 6 gives a description of our policy model. The attacker model, security assumptions, and security features of the proposed model are to be considered in Section 7. In Section 8, implementations related to the performance evaluation have been provided, and finally, future work and conclusions are provided in Section 9.

Background and Motivation
Over the past few years, the efforts and interest of using sensors and devices in our daily life have been increasing. The smart and socially skilled objects' development is also increasing, which revolutionizes IoT [24] aspects, such as social interaction modeling research and human management investigations. To address these aspects, many architectures have been proposed by researchers. The latest three architectures are the social IoT (SIoT [25]), multiple IoT [26], and multiple IoT environment [27]. With the evolution of these architectures, severe privacy and security issues have been caused. To address these issues, in the last decade, different solutions have been proposed in terms of access control [27,28], intrusion detection [29,30], and privacy [31].
IoT's privacy and security with interconnected internet cause particular challenges in areas of the computing network. It means that at every moment, from everywhere, an attack can be created on the internet resources. As a result, numerous threats, such as denial of service, fabrication of identity, physical threats, communication channel targeting, and many more, have emerged. The biggest challenge in this research field is power resource consumption and computational overheads on IoT devices. Many solutions have been proposed by researchers, where strategies based on blockchain, homomorphic encryption with data collecting objects, and attribute-based encryption for achieving integrity, are provided [32].
IoT devices play a huge role in different aspects of life, e.g., security, energy, safety, healthcare, smart grid, vanets, industry, entertainment, and can directly impact the quality of life. However, in terms of battery power, network protocol, high-level computation, and their infrequent connectivity, they have fundamentally constrained resources. Due to these constraints, sustaining user privacy impacts the applicability of using advanced technology. The huge risk of interconnected devices on the internet without having any standard security scheme implementation is also present, from which security concerns, such as data misuse, arise [33].
IoT devices collect personal information of users, such as their identity, contact number, energy consumption, and location, which is more dangerous than simple security threats. These devices reveal users' information about their daily activities (e.g., watching movies, playing, home activities, and gatherings).
Recently, the interest and efforts in IoT security have been growing. IoT can offer a variety of services, whether they are of safety or non-safety applications. The most important objective of enhanced safety in IoTs is to enhance the user's security by providing location privacy in a comfortable environment. From a non-safety perspective, many applications and services, such as internet access, geo-location information, the weather forecast for the comfort of user's convenience as well as infotainment, are considered nonsafety services [34,35]. However, in terms of power consumption, network connectivity, high-level computation, and their infrequent connectivity, they are have fundamentally constrained resources [36,37].
Due to these constraints, sustaining user privacy may impact the applicability of using advanced technologies [38]. The huge risk of interconnected devices on the internet without having any standard security scheme is data misuse [39,40]. The challenging task for the researchers in this research domain is power resource consumption and computational overheads of IoT devices [41,42]. Many solutions to the mentioned challenges have been proposed by researchers [43,44]. However, the solutions that are based on blockchains, homomorphic encryption with data collecting objects, attribute-based encryption for achiev-ing integrity are dominant. We address the user transparency, security, privacy, and data sharing incentive issues by proposing a new smart-contract-based technique that relies on data sharing and user control privacy policies [32].

Existing Access Control IoT Architectures and Related Challenges
In a constrained environment, the application of lightweight security mechanisms is required by the integration of physical objects. However, solutions designed with the current access control and security standards are not meeting the requirement of nascent ecosystems. Lightness, interoperability, end-to-end security, and scalability issues have recently attracted researchers' attention. Existing IoT architectures are outlined below.

Centralized Architecture
This approach consists of a trusted third party's involvement for providing outsource access control operations. The devices are managed by a gateway or back-end server known as the Policy Decision Point (PDP). In stored access policies, the access requests are analyzed by the server, as shown in Figure 2. To access the end device's data, the requesters should ask to pass by those trusted third parties. This architecture relieves the processing burden of constrained IoT devices (actuators, sensors, etc.). However, major disadvantages are seen in the context of IoT architecture. By the use of a trusted third party, its end-to-end security drops. In the decision-making process, the IoT devices role is strictly limited. The authorization requests of users and resource owner (RO) access control policies are revealed by the trusted third party. The privacy of the resource requester or owner is corrupted due to these conditions.

Trust Entity with Decentralized Architecture
The partial participation of IoT devices in access control decisions are present. From the surrounding environment, the contextual information was sent to a trusted third party that was gathered by IoT devices (e.g., power level, location, etc). The decision made by the trusted third party was based on the access control requests with pre-defined policies and the smart objects' contextual information collection, as shown in Figure 3. To transfer the information in a secure communication channel between the end devices and the trusted third party, the additional security measures are required. In real-time scenarios, such as healthcare, it is not suitable because of the nature of the contextual information transfer; thus, it will not help in real-time access decisions. The requester and data owner's privacy is also not considered.

Distributed Architecture
In the device side, the processing of access control decisions is done in a distributed manner. Due to the absence of a trusted third party, it shows impressive advantages regarding the requester and resource owner privacy. The end users obtain more power in defining their own policies and access control decisions with its edge intelligence principle. Real-time smart access control decisions are also possible. The generated data of IoT devices are less expensive in terms of cost management because the cloud back-end for each device is not provided. The devices only have the authority to transmit information in necessary conditions, and the achievement of end-to-end security makes it more secure than the previous approaches.

Issues Faced by the Present Architectures
As shown in Figure 4, cloud-based servers, which have large storage capacities and processing power, are connected with trusted entities that can have either decentralized or centralized approaches. IoT devices' authenticated and identification techniques are discussed in [45], which are useful for small-scale IoT networks. However, it is not useful for large IoT networks for the following reasons [46,47].

•
Cost: Due to two main reasons, the IoT solutions are expensive: -Infrastructure cost: There are billions of connected IoT devices that generate and store a huge amount of data, while the servers are required for their interconnected communication costs and the analytical processing.
-High maintenance: Updating the software in the millions of IoT devices that have a centralized cloud architecture and huge network equipment requires a high maintenance cost.
• Scalability: The huge amount of IoT devices' data generation and processing (big data) causes a bottleneck to scaling the centralized IoT architectures. Data acquisition, transmission, and storage can be handled by these application platforms. • Single point of failure: In critical healthcare systems, it is very important to collect the data timely. However, in cloud servers, a single point of failure may cause the whole network to shut down. • Lack of Transparency: Transparent security architecture needs to be developed because of service providers' irrefutable lack of trust for data collection by the millions of IoT devices in centralized models. • Insufficient security: A huge amount of connected insecure devices on the internet is a major challenge in IoT privacy and security due to recent DoS attacks [48].

Blockchain
In the simple form, a blockchain is a distributed and decentralized ledger. Blockchain is a technology based on a distributed ledger initially developed for crypto-currencies, such as Bitcoin. In 2008, Satoshi Nakamoto introduced blockchain technology, which gained attention over the years for its decentralized nature of data sharing and distributed network of computing [49].
Blockchain consists of three main components: nodes, miners, and blocks, as shown in Figure 5. Each block contains the nonce, hash, and data, but it does not have fixed block limits. To secure the blockchain transactions, the nonce is joined with the data for the collection of hash. The block is added after the mining process, in which a complex mathematical problem is solved by the miners to find the nonce. To hack the blockchain, high computational power is required, which is difficult for hackers. Due to its distributed nature, as the number of blocks increases, it becomes more and more secure. The genesis block is the first block of every blockchain. With the consensus mechanism, the addition of blocks to a blockchain network with the majority of nodes' approval is done.

Multichain
Multichain is a platform for the deployment and creation of a private blockchain between organizations. It aims to overcome the control and privacy obstacles present in the deployment of blockchain structures. For easy integration with existing systems, it can easily work with windows and UNIX servers with the addition of a simple command line and simple API interface. A multichain's three main objectives to solve the problems of openness via the integrated management of user permissions, privacy, and mining are: • To permit the selected transactions only; • To permit the selected participants to see the blockchain's activities; • To conduct mining securely and without the associated costs of proof of work.
To resolve the scalability issues, multichain allows the users to set all the parameters and the maximum block size of the blockchain in a configuration file [50]. Because the blockchain contains the participant's selected transactions that are of interest, it contains hash up to 1 GB of off-chain data with auto delivery in the peer-to-peer network. The genesis block's miner can automatically receive administrative privileges, including the management of other users and their accessing permissions.

Smart Contracts
Computer programs and codes that can work anonymously are known as smart contracts. In a public blockchain network, all participating nodes have the privilege of deploying the smart contract without any specific requirements. For this functionality, the network participants pay a certain fee and agree on explicit conditions. In Ethereum, solidity language is used for creating the contracts, while Metamask [51] is used for Id creation. Finally, Remix IDE [52] is used for its online demonstration and application results. Banking, supply chain, IoT, and insurance industries are deploying permissioned smart contracts. A smart contract is also considered an agreement or consensus between the two parties. Users cannot alter or delete the smart contract once it is published on the blockchain network. No central authority involvement is needed for the validation of tasks. The results computed by the vehicles and nodes do not have any interference from outside the network. Through smart contracts, mobility services and smart transportation are implemented and defined in IPFS by J Benet et al. [53], in which an infrastructure based on distributed ledger technology (DLT) with distributed data management technologies has been used for data sharing and smart services. In IPFS, an Ethereum smart contract and an IOTA-based architecture for authenticity have been proposed by Zichichi et al. [54], in which the entities' coordination, access authorization, and users' privacy have been achieved. Zero-knowledge proof was used for the privacy offer, and a proof of location guarantee was used. The rules stored by a smart contract include the following.

•
The negotiation of terms; • Automatic verification; • Agreed terms execution.
Different kinds of functions that a smart contract consists of might be extracted from other smart contracts or outside the blockchain. The reliance between transaction parties on a central system can be removed due to the combination of smart contract and blockchain technology. All the parties present in the blockchain network have a copy of the stored smart contracts. The execution of agreed terms present in the smart contract are triggered by an authorized event. Every transaction's audit trail of events is stored. All the parties present in the network can detect the changes in the transaction or contract. Therefore, it creates a large secure system without having a centralized model's trust, costs, and risks issues.
To write the smart contracts, solidity programming language has been used due to its lightweight coding condition. For the representation of each operation in the contracts, Ethereum Virtual Machine code is used. The message data with the amount of Wei is sent in the transaction as output, and a byte array is returned. A truffle framework is used for testing and the deployment of Ethereum-based smart contracts.

Related Work
With the significant growth in the number of IoT devices, it has become a challenge to store IoT data and an even bigger challenge to protect that data from unauthorized access and harm. Another issue is trust; centralized servers are not always honest. These issues are addressed in [55]. In order to remove these central servers from the system, the authors have used blockchain and certificateless cryptography for storing and protecting the data. Edge computing has been used for data storage management, whereas an un-validated IoT framework has been presented [22].

Ethereum-Based Existing Access Control Schemes
In [56], a scheme is proposed for data storage and sharing using an encryption based on Ethereum blockchains and attributes. A keyword search utility is provided using a smart contract. An attribute-based access control mechanism is designed in [57] for IoTs to simplify access management. To avoid a single point of failure and the loss of integrity, a blockchain is deployed. The access control mechanism is deployed for low-cost computations across IoT systems.
A scheme for providing availability and a keyword search is proposed in [57] using blockchains. This keyword search function is different from that of [56] since the permission for the keyword search is granted by the data owner in this scheme.
An attribute-based encryption scheme for encryption, keygen, and decryption with verified outsourcing is proposed by Wang et al. The ciphertext complexity and size was increased with the number of attributes in the access policy. It successfully reduces the execution time but suffers from a high communication cost because computationally expensive operations are performed by the encryption proxy server [58].
Many access control solutions that have a centralized model have been designed for IoTs [59][60][61]. As a result of adopting a centralized system, there have been a lot of issues, such as low scalability, no transparency for users information, and built-in interoperability is also not provided. Access to a distant centralized server mostly requires connectivity, and the access control decisions were moved away from the edge nodes. Many of these issues are resolved by using the decentralized approaches presented in Table 1. In the recent proposals presented in Table 2, the decentralized-based access control systems in IoTs by using blockchain technology have been listed.

Cipher-Text-Policy-Based Attribute-Based Encryption (CP-ABE) Schemes
A CP-ABE-based outsource ABE scheme was proposed by Nguyen et al. [71]. In this scheme, the users only specify the access policy before passing it to the delegatee (DG), and the key generation center is responsible for the delegation key generation. Encryption of data with an access policy is done by the delegatee.
By storing and pre-computing tuples, the authors in [72] speed up the encryption process. The number of attributes in an access policy is directly proportional to the number of tuples created during pre-computation. This requires extra memory to re-run precomputation after modifying the access policy. The size of the cipher text increases with the number of attributes.
The access policy hiding in CP-ABE is an active research area. It supports many kinds of access policies, such as Tree-based [73], threshold-based [74], AND-based [75], and the linear secret-sharing systems matrix (LSSS) [76]. The access policy hiding in CP-ABE was first introduced by Nishade et al. [75]. Multiple values of AND gates have been used that have a limited range of expression. To reduce the cipher text size and hide the access policy, schemes based on AND gates have been proposed in [77,78].
Sarhan and Carr proposed a distributed cryptographic agent-based secure multiparty computation (ADB-SMC) access control, in which secure multiparty computation and active data bundles can be combined with ABE. Instead of using the blockchain infrastructure, distributed hash tables have been used, which affect the infrastructure costs but do not reduce the communication and computation overheads.
Cipher text policy-based Attribute-Based Encryption (CP-ABE) enforces the policies in an encrypted format that is useful for sensitive information. Most of the existing CP-ABE schemes generate large-sized cipher text and secret keys. The cipher text and key size is linear with the involved attributes, and the number of bilinear mapping pairs is directly proportional to the attribute size. Because bilinear pairings are used in ABE, its use is challenging for IoT devices due to the heavy computation for their small storage and computation capacities. The use of CP-ABE with timely and minimal bilinear pairings affects the access control computation in our work. Therefore, a comparison chart with other access control schemes has been presented in Table 3, in which the features of our model are illustrated.

System Model and Proposed Methodology
In our solution, we propose an attribute-based access control mechanism for IoT devices. By using Blockchain technology with cipher-text-policy-based attribute-based encryption (CP-ABE), we avoid data tempering and eliminate a single point failure. For lightweight authentication and meeting the high efficiency in IoT, we optimize the access control process by creating smart contracts. We use two kinds of blockchain networks: a public blockchain for authentication purposes of the IoT devices, attribute servers, and storing the user-defined policies, as shown in Figure 6. Conversely, in the consortium blockchain, the hashes of transactions have been stored after the validation of user and devices.
A typical IoT scenario is depicted in Figure 6. In an IoT system, three entities are evolved-IoT devices, attribute servers, and the gateway. Devices, such as mobile phones, computers, and smartwatches, can easily access the direct wire or WiFi connection. Con-versely, the dedicated gateway is required by certain lightweight devices. The registration server is responsible for the collection and authorization of IoT devices and users. After the server authentication, numerous data access requests and exchanges can be performed by such entities.
In our blockchain network, each node has its own account through which the trade transactions are performed. A pair of public and private keys are assigned by the registration server for the signing and addressing of transactions, which proves the identity of the user and cannot be altered by any entity. Smart contracts and transactions are recorded on unique addresses by the distributed blockchain. Therefore, every interaction of the user will be considered as a transaction and recorded in the blockchain, which provides transparent user access and traceability. To resolve scalability issues, multiple blockchains are used for the generation of transactions and the deployment of smart contracts.
By using smart contracts, the access control management and authorization are provided. Every device requires its own credentials, and a user owns one or more IoT devices. Therefore, each device would be individually authenticated by the user. This would create an authentication overhead; however, by using smart contracts, the users with their devices can be registered in a public Ethereum blockchain. By using a wallet address, the user and its devices can be verified by attribute authority, and then the transactions are performed. By using access control smart contracts, a single authorization server can be replaced by a distributed authorization server.

Smart Contract System
The mechanism consists of four smart contracts, as shown in Figure 7, that are implemented on the Ethereum blockchain. The access control contract (ACC) consists of the object attribute management contract (OAMC) and the subject attribute management contract (SAMC), whereas the policy management contract (PMC) holds the policies of each subject and object with their specified actions. The addition and deletion of attributes is handled by the ACC and PMC.

Access Control Contract (ACC)
In IoT systems, the requests from subjects to objects can be controlled by the ACC. Subjects can execute the ACC by sending the required request information of transactions. After successful authentication is provided by the PMC, OAMC, and SAMC, the ACC can retrieve the subject and object attributes with the concerned policy information and verify the results.

Subject Attribute Management Contract (SAMC)
SAMC is deployed for the management and storage of IoT system attributes. Subject administrators only have the authority to execute smart contracts. For example, the administrators are owners in the case of IoT, whereas in the case of citizens, the city office acts as an administrator. Each subject can be represented by a unique identifier in the system. In our paper, we use an Ethereum account as an ID of a subject. Multiple attributes are associated with each subject ID, as shown in Figure 7. In addition, deleting and updating subject attributes can also be handled by the SAMC.

Object Attribute Management Contract (OAMC)
Object administrators manage and store the attributes of an object with the execution of the OAMC. Multiple attributes are associated with uniquely identified Ethereum accounts. Table 4 shows the attributes involved in our model.
In addition, deleting and updating object attributes can also be handled by the OAMC through the application binary interfaces (ABIs) of objectdelete() and objectadd().

Policy Management Contract (PMC)
Attribute-based access control policies can be managed and executed by the policy management contract (PMC). Only the policy administrators have the authority to execute the policies. A policy is a combination of subject and objects attributes with their specified actions, as shown in Table 5. For example, subject attributes are Depart-ment=B:Organization=C, and object attributes are Department=B:Organization=C . Then, Policy=Read only states that the user can only have read access.

Data Sharing Model
In this section, as shown in the Figure 8, a user can upload the data after verification from the public blockchain through the attribute server by implementing attribute-related policies. Once completed, a user can extract the information if he/she satisfies the predefined conditions. The contract also provides policy updating, revocation of a policy, and an ownership transfer. The contract for managing the attribute-based access control system is written in Solidity and compiled using compiler version 0.4.20. For this purpose, we use multichain to resolve the scalability issues present in the blockchain technology. In the policy model, the detailed terminology has been defined. On the request of the data user, encryption based on the cipher text policy has been done in a timely manner. Multichain allows the users to set all the parameters and the maximum block size of a blockchain in a configuration file [50]. A blockchain with the participant's selected transactions contains hash up to 1 GB of off-chain data with auto delivery in the peer-to-peer network. The administrative privileges can be automatically received by the genesis block's miner, including the management of other users and their accessing permissions.

Policy Model
In our scheme, encrypted files can be stored using smart contracts. By running encryption and decryption algorithms, the data owners can store and retrieve their data through the implementation of smart contracts. On the blockchain, every contract call has been recorded. Therefore, the information between the data owner and user is nontempered and non-repudiated. In our model, four entities have been evolved: the data owner, the data retriever, IPFS, and the Ethereum blockchain.

1.
Data owner: Upload encrypted data with assigning attributes sets and access control policies and is responsible for the creation and deployment of smart contracts.

2.
Data user: Access the encrypted data stored on IPFS. After satisfying access control polices and attribute sets, the secret key is obtained, which decrypts the encrypted data.

3.
IPFS: Used for the storage of encrypted data that can be stored by the data owners.

4.
Ethereum: To store and retrieve the data, smart contracts have been deployed on the Ethereum blockchain.
The process in Figure 8 is as follows: • After the device and user registration process using blockchain technology [65], the data owner uploads the encrypted data with access control policies in smart contracts. • The returned contract address with the encrypted data hash would be stored on IPFS. • The path of data stored in the IPFS location can be returned to the data owner. • In Ethereum, the encrypted data key has been stored in ciphertext format. • When the data retriever sends the access request using the timely CP-ABE, the data owner adds the policies under the effective period, encrypts the secret key, and stores it in a smart contract. • The data retriever that satisfies the access policies in an effective period of time downloads the data and obtains the secret key from the contract.

Attribute-Based Encryption
We have implemented the cipher-text-policy-based attribute-based encryption (CP-ABE). Ciphertexts are attached to access policies, and attribute sets are associated with secret keys. The secret key is used for recovering the cipher text if attribute sets satisfy the access policy. The encryption of data in attribute-based encryption can be handled under an access policy with certain attributes. During data encryption, the cipher text contains a part of the access policy in the CP-ABE. Data encryption in classic public key cryptography can be done for a specific individual entity using its private key. In this case, the sender must know about the receiver and his public key. During the continuous changes in such constructions, the addition and removal of the collaborator is done with every encrypted dataset. Therefore, the encryption has to be done for every legitimate identity. For such cases, the hybrid schemes have been proposed, but these schemes contain the limitation of handling increasing participants.
CP-ABE allows a user to encrypt the data using attribute-based encryption instead of knowing the respective individuals of those attributes. Through the cryptographic mechanism, traditional access control systems' trust issues can be solved, which is a silent feature of attribute-based encryption. In that case, only legitimate users can decrypt and access the data stored publicly. Individually generated private keys and attributes assignment has to be done by the key management authority. However, the absolute trust needed by a key server to issue a private key to only legitimate users and to revoke a user's key is a major drawback in existing schemes. Access rights transparency has also not been provided. We address these issues in this paper. An example of encryption has been presented in which the user who satisfies both notations can decrypt the data.

•
Access policy P is a rule in ABE that returns either 0 or 1. • Attributes set is A (A1, A2, . . . , Am). • If P answers 1 on A, only then can we say A satisfies P. • Usually, to represent the fact that A satisfies P, the notation A = P is used. • The case that A does not satisfy R is denoted as A!= P. • We consider the AND gate policy in our construction. • If Ai = Pi or Pi=* for all 1 <= i <= m, we say A = P; otherwise, A!= P. • It is noted that the wildcard * in P plays the role of a "do not care" value. The access control with data storage has been composed based on the following algorithms: 1.

Setup (PK, SK):
Data owners execute the algorithm with the inputs, universal attributes set A, and security parameter P, resulting in a public and secret key pair. Afterwards, the data can encrypt with the AES encryption algorithm and hash using the SHA 256 algorithm as H(data). Along with these attributes, the encrypted data can be uploaded, and in return, the address or path of those data can be returned by the IPFS server.

Encrypt (PK, T, sek)-> CT
The public key, symmetric encryption key, and access tree structure can be used as inputs, and the generated cipher text will be stored in a smart contract.

KeyGen(sk, A) -> PrK
The data owner executes the key generation algorithm after the collection of access requests by the data retriever. The data owner assigns the data retriever a set of attributes with the effective period of time. The algorithm outputs the private key Prk in return for entering the secret key sk and set A attributes and stores it in the smart contract.

Decrypt (PK,sk,CT) -> sek
The data retriever executes the decryption algorithm after obtaining the effective access period from the smart contract. It can only be performed within the valid access period. By obtaining the cipher text CT and secret key from the smart contract and entering them into the decryption algorithm with its public key PK, the data retriever can only get the symmetric encryption key sek when it satisfies the access policy T. Afterwards, the data can be decrypted with this key; otherwise, the data owner would change the policy, and no one can access the information.

Security Assumptions and Attacker Model
In data accessing and sharing among IoTs, privacy and security are the main issues in the existing models. The prevention of privacy leakage and potential security threats are the main concern of our model. For our proposed model, the following attack and security assumptions are considered. The attacker model for our research is given below.
• Privilege Elevation: The attacker convinces the device by declaring himself an authenticated attribute entity and promoting a fake attribute-issuing entity. He also replays a valid transaction previously performed by an attribute entity. • Identity Revealing Attack: To reveal the real identity of authorized devices and personal data collection, the malicious entity tries to target the devices. •

Man-in-the-Middle Attack:
The interception of shared data and data tempering by the malicious node between the IoT nodes and attribute servers. • Forgery Attack: The malicious attribute server has fake keys and signatures of an authentic user and transfers it to other entities to affect the network.
Security features of our proposed model are given below.
• Privacy preservation: Crypto ID has been used for the communication between the entities present in our model. To enhance the privacy, we are not using the device's real identification number as its identity. All the transactions are done in an encrypted format that preserves the identities of the users and devices. • Data Confidentiality: Using symmetric key encryption, the communication between the IoT devices are encrypted, which enhances the security and prevents tempering of communication data. • Data Integrity: Data generated by IoT devices are encrypted using symmetric key encryption and stored in IPFS (an example of distributed file system). To provide data integrity, we encrypt the data under a certain cipher-text-policy-based encryption, and its hashes are stored in the blockchain so that data tempering is not possible. • Single Point of Failure: A distributed file system and multiple attribute servers have been used in our model, which eliminate the single point of failure. The attribute servers only interact with the devices of their associated identities, which enhances the system security.

Performance Evaluation
To analyze the performance and feasibility of our model, the Ubuntu 16.04 system with 4GB RAM, Intel core i3 has been used for the implementation of the prototype. For smart contracts, solidity language and C++ has been used. The simulation of smart contracts are performed using Remix IDE. Ganache [80] is used for providing virtual accounts and for executing smart contracts, and Metamask, the extension of the chrome browser, is used for Remix and Ganache connectivity. The PBC library is used for computing parings. For testing, we use Truffle for smart contract testing at the development level and use Testnets, e.g., Ganache(local blockchain) and Ropsten (online), for free smart contract deployment. To validate the analysis of the ABE program, we implement the cipher text policy in attribute-based encryption by using a cpabe toolkit. The algebraic operations are done with the PBC library. For the implementation of crypto operations, libbswabe is used, and for user interface and high level functions, cpabe is used.

An Attribute-Based Access Control Model for IoTs
User and device registration, storing data on distributed file systems, such as IPFS, information and the management of data under specified policies, and its results are shown in Figure 10. In Ethereum, gas is a small unit of cryptocurrency. The unit is deducted from the users' accounts when performing a transaction in the Ethereum. Figure 11 shows the gas consumption of a smart contract's operation. There are four different functions in the smart contract that are used in the proposed work, which are: (a) grant, (b) init, (c) policy, and (d) request. The gas consumption depends on the complexity of the smart contract. The deployment of the smart contract is an expensive operation in Ethereum.
However, the transaction cost is incurred when sending the smart contract to the Ethereum. The execution cost depends on the operations that are executed as a result of the transaction. Therefore, the execution cost is included in the transaction cost.  Figure 12 shows the processing time for encryption and decryption operations of our scheme. In our scheme, each user's private key is associated with a group of attributes that represent their capabilities. A decryption can only be done when satisfying a certain policy requirement, which is why it took less time than encryption. As the number of attributes increases, the processing time also increases. We used three attributes in the simulation and used the AND-gate-based access structure for ensuring each attribute. The execution details of our system are shown in Figure 13, and the details of sharing data with the owner are also provided. In the registration setup, the web3j library has been used for access control. If the port combination that contained the device name and service name under certain policies successfully verified the transaction, the receiver can access the data.

Cost Evaluation and Comparison
For the deployment of smart contracts on the blockchain, the execution fee is required from the users for the execution of contracts' ABIs. To perform the tasks on Ethereum, a gas unit will be used to measure the operations amount. More gas will be consumed for more complex tasks. With the passage of time, the gas prices of Ethereum change. The total cost for performing a task depend on the gas price and the amount of consumed gas. We set the gas price to 5 Gwei, where 1 ETH = 1 × 10 9 (1,000,000,000) gwei. For example, if we have a transaction of 20,000 gas, then its cost will be 20,000 × 5 = 100,000 gwei (0.000100 ETH). 1 ether = 226.6946 gas = USD 357.839639 (as we accessed on September 2020), but now, Ethereum is sold as the world's most expensive non-fungible token (NFT). For evaluation, we compare our proposed model with [55,70]. The comparison charts are given in Figures 14 and 15. Instead of using RC and JC in [70] and DR and VT in [55], we are calculating the deployment cost of ACC, PMC, OAMC, and SAMC. The actual access cost of the proposed scheme is 262,531 gas, which is almost USD 4.54325. The chart in Figure 14 shows that our model consumes more cost than [55,70], but there is a monetary gap in the US dollars. In one access control of [55,70], only one-to-one pairing has been done; thus, as the number of subjects and objects increases, the monetary cost of the system also increases. However, many-to-many subjects and objects pairing in the access control are achieved in our model. In the case of [55,70], when subject and object pairs increase, the gas consumption also increases, which costs more than that of our model. Due to the attribute-based encryption and the complex interaction between the access control and other contracts on Ethereum, it takes more time than other schemes, as shown in Figure 15. It also depends on various factors, such as the computational power of system. Additionally, the computational time in Ethereum may also vary time to time, so the time of mining also affects the results. The network architecture also affects the system performance. To evaluate the performance of our proposal, we compare the simple access control with the cipher text policy-based attribute-based encryption and its implementation with blockchain.
Verification costs of access control with respect to the number of attributes used in the policy are shown in Figure 16. We used three architectures to evaluate the results: one is for centralized verification of the access control with timely cpabe; a decentralized access control with timely cpabe and blockchain; and the last one is a timely access control list using blockchain technology. The results show that an additional cost has been adopted by the decentralized architecture. The timely access control list is less efficient than timely cpabe and increases the verification cost. Rather than not providing access verification by the access control list, cpabe provides decentralized access management in a more efficient way.

Conclusions
We propose an attribute-based access control mechanism for IoTs that provides local access, authorization of clients, privacy, and interoperability by using smart contract data sharing and user-controlled encoded policies. The user can own their data and have authority to share it with other users. No scheme fulfills the requirements of our proposed model. We used the ABAC model for its high compatibility and expressiveness.
We overcome the issues presented in [55,70], which are high computational time and overhead from deploying the number of smart contracts for every additional user with a single point failure and un-authentication of present users, using blockchain for authentication and smart contracts for the data access process in our mechanism. To overcome the data-transfer-related communication assumptions, a secure mechanism of data storage has been introduced. We also made an ownership contract of each user with its own devices to enhance the privacy of our model. It is not feasible for actual user data to be exposed by any entity in our blockchain architecture. The off-chain data are stored in an encrypted format, which makes data tempering impossible. Only a consumer who meets the specific policies can access the data after the invocation of smart contracts. In the future, we will work on the security and privacy of IoT data from unauthenticated edge nodes. Although the blockchain is providing reliability and decentralization, it has a few drawbacks: scalability and monetary cost issues. We will be considering scalability and reliability aspects using IOTA.