Next Article in Journal
Phase Calibrated Ring Oscillator PUF Design and Application
Next Article in Special Issue
Deploying CPU-Intensive Applications on MEC in NFV Systems: The Immersive Video Use Case
Previous Article in Journal
ASIR: Application-Specific Instruction-Set Router for NoC-Based MPSoCs
Previous Article in Special Issue
Improving Efficiency of Edge Computing Infrastructures through Orchestration Models
Open AccessFeature PaperArticle

BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

1
Department of Electrical and Computer Engineering, Binghamton University, SUNY, Binghamotn, NY 13902, USA
2
The U.S. Air Force Research Lab, Rome, NY 13441, USA
3
Intelligent Fusion Technology, Inc., Germantown, MD 20876, USA
*
Author to whom correspondence should be addressed.
Computers 2018, 7(3), 39; https://doi.org/10.3390/computers7030039
Received: 2 May 2018 / Revised: 3 July 2018 / Accepted: 11 July 2018 / Published: 13 July 2018
(This article belongs to the Special Issue Mobile Edge Computing)
While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems. View Full-Text
Keywords: decentralized access control; Internet of Things (IoT); blockchain protocol; smart contract; federated delegation; capability-based access control decentralized access control; Internet of Things (IoT); blockchain protocol; smart contract; federated delegation; capability-based access control
Show Figures

Figure 1

MDPI and ACS Style

Xu, R.; Chen, Y.; Blasch, E.; Chen, G. BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT. Computers 2018, 7, 39.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop