Next Article in Journal
Phase Calibrated Ring Oscillator PUF Design and Application
Next Article in Special Issue
Deploying CPU-Intensive Applications on MEC in NFV Systems: The Immersive Video Use Case
Previous Article in Journal
ASIR: Application-Specific Instruction-Set Router for NoC-Based MPSoCs
Previous Article in Special Issue
Improving Efficiency of Edge Computing Infrastructures through Orchestration Models
Article Menu
Issue 3 (September) cover image

Export Article

Open AccessFeature PaperArticle
Computers 2018, 7(3), 39; https://doi.org/10.3390/computers7030039

BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

1
Department of Electrical and Computer Engineering, Binghamton University, SUNY, Binghamotn, NY 13902, USA
2
The U.S. Air Force Research Lab, Rome, NY 13441, USA
3
Intelligent Fusion Technology, Inc., Germantown, MD 20876, USA
*
Author to whom correspondence should be addressed.
Received: 2 May 2018 / Revised: 3 July 2018 / Accepted: 11 July 2018 / Published: 13 July 2018
(This article belongs to the Special Issue Mobile Edge Computing)
Full-Text   |   PDF [1365 KB, uploaded 13 July 2018]   |  

Abstract

While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems. View Full-Text
Keywords: decentralized access control; Internet of Things (IoT); blockchain protocol; smart contract; federated delegation; capability-based access control decentralized access control; Internet of Things (IoT); blockchain protocol; smart contract; federated delegation; capability-based access control
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Xu, R.; Chen, Y.; Blasch, E.; Chen, G. BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT. Computers 2018, 7, 39.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Computers EISSN 2073-431X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top