FairAccess2.0: a smart contract-based authorisation framework for enabling granular access control in IoT

Abstract

In this paper, we explore access control area as one of the most crucial aspect of security and privacy in IoT. Actually, conventional security and privacy solutions tend to be less tailored for IoT. Then, designing a distributed access control with user-driven approach and privacy-preserving awareness in an IoT environment is of paramount importance. In this direction, we have investigated in our previous work a new way to build a distributed access control framework based on the blockchain technology through our proposed framework, FairAccess. The first version of FairAccess was based on the Bitcoin's UTXO model. However, this version presented limitations in expressing more granular access control policies. To tackle this issue, this paper upgrades the proposed framework to FairAccess2.0 that uses SmartContract concept instead of the locking/unlocking scripts. Thus, we show a possible working implementation based on ABAC policies, deployed on the ethereum blockchain. The obtained results show the efficiency of FairAccess2.0 and its compatibility with a wide range of existing access control models mainly the ABAC model. Finally, a performance and cost evaluation, discussion and future work are elaborated.