A Blockchain-Based Cross-Domain and Autonomous Access Control Scheme for Internet of Things

Abstract

The volume, variety and value of data generated by Internet of Things (IoT) devices are expected to increase significantly in foreseeable future, hence, reinforcing the importance of secure and efficient access control solutions for these devices and their networks. However, existing access control solutions are not generally lightweight or scalable, particularly for geographically disperse, inexpensive resource constrained IoT devices. To tackle above challenges, we propose a lightweight consortium blockchain based architecture to enable intelligent autonomous access control for IoT devices. In our architecture, intelligent blockchain facilitates the storing of access policies, provision of authentication services for data access control, and trust evaluation for access request nodes through token accumulation mechanism. Specifically, the user's access request is approved only after it is confirmed by the blockchain network. To ensure the reliability of authenticity, a compromised resistant consensus algorithm is adapted and implemented to defend against at most <inline-formula><tex-math notation="LaTeX">$1/3$</tex-math></inline-formula> compromised authenticators. In addition, a cross-domain and flexible access control model is not only used to support data sharing among various users but can also be used for access control for exceptional blockchain situations. We explain how our system meets our design goals of reliability, availability, confidentiality, integrity, lightweight, security and scalability. In addition, we also analyze the proposed system's performance from computational, storage and network overheads (e.g., running cryptographic algorithms on a Raspberry Pi 4B), and the findings suggest that the time to run typical cryptographic algorithms is in the microsecond range.