Abstract
The collaborative demand in the Internet of Things (IoT) is becoming stronger. One of the collaborative challenges is the security of interoperability between different management domains. Although cross-domain access control mechanisms exist in IoT, the majority of them are based on a trusted third party. In addition, the heterogeneity of multidomain policies makes it difficult for authority delegation to satisfy the principle of least authority. In this paper, we propose a blockchain-based IoT cross-domain delegation access control method (CDDAC). The delegation-trajectory-on-blockchain strategy proposed enhances the scalability of the cross-domain delegation system. The presented multidomain delegation trajectory aggregation scheme supports the forensic analysis of the cross-domain delegation system. The performance of CDDAC is evaluated in the Ropsten, which is the Ethereum’s official public blockchain test network. The experimental results show that CDDAC has faster delegation verification speed and higher decision-making efficiency than existing work, demonstrating the lightweight and scalability of the method.
Highlights
Internet of ings (IoT) has been widely used in many fields, such as smart healthcare [1], smart transport [2], and smart homes [3]
We propose a goal-directed logging for cross-domain delegation access control method (CDDAC). e delegation trajectory of the cross-domain delegation is saved in the Delegation Trajectory Database (DTDB)
We introduce CDDAC, a blockchain-based IoT cross-domain delegation access control method. e capability token structure of CDDAC is more suitable for lightweight devices. e adopted trajectory-on-blockchain strategy greatly enhances the scalability of the system and has a simpler policy changing process
Summary
Internet of ings (IoT) has been widely used in many fields, such as smart healthcare [1], smart transport [2], and smart homes [3] Among these fields, some scenarios have begun to trend towards requiring IoT devices from different domains to share data or collaborate, which makes a significant difference from traditional single-domain applications. In a traditional single-domain application, IoT devices belong to the same domain, in which the domain administrator could manage the devices security policies overall. E domain administrator could define security policies to manage all the devices in the hospital, to specify which devices can be accessed by whom and under what circumstances; for example, a patient’s ECG monitor can be accessed by his family and nurses. Traditional singledomain access control mechanisms are difficult to meet this requirement, since each domain administrator cannot manage the other domain devices
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
