Abstract
Information security has become a hot topic in Internet of Things (IoT), and traditional centralized access control models are faced with threats such as single point failure, internal attack, and central leak. In this paper, we propose a model to improve the access control security of the IoT, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deploy attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration. Secondly, encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids attribute ownership exposure problem. Besides, the use of smart contracts solves the problem of low computing efficiency of IoT devices and the waste of blockchain computing power resources. Finally, a prototype of IoT access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.
Highlights
With the development of Internet of Things (IoT) devices, more and more important information is generated, including personal or corporate privacy information
Lack of trust in privacy will lead to a decline in user recognition [1], and the low computing power of traditional IoT devices makes them more vulnerable to attacks compared with Internet devices
This model: (1) mainly manages access control through fine-grained attribute information, (2) utilizes ethereum smart contracts for policy management, and designs zero-knowledge access tokens to improve access efficiency and reduce the computational pressure and time cost of the blockchain, (3) uses IoT gateway proxy devices to enhance the applicability of policies, and (4) uses the idea of off-chain computation and on-chain proof to further reduce the computational pressure on the chain and reduce the difficulty of implementing anonymous access
Summary
With the development of IoT devices, more and more important information is generated, including personal or corporate privacy information. Lack of trust in privacy will lead to a decline in user recognition [1], and the low computing power of traditional IoT devices makes them more vulnerable to attacks compared with Internet devices. In the past two years, there have been frequent candid incidents in some hotels and hostels, such as Taitang, Airbnb to Westin Hotel and Crowne Plaza hotel, which makes people who value privacy unbearable. In 2019, the Ring, a home surveillance camera owned by Amazon, was exposed as a security breach. Hackers could monitor users’ homes, and the Ring would expose their WiFi passwords. In June 2018, a 14-year-old hacker took control of a server after using a malware called Silex to trick up to 4000 insecure IoT devices.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
