Using Ethereum Blockchain for Distributed Attribute-Based Access Control in the Internet of Things

Abstract

Access control has been recognized as a critical issue for preventing unauthorized access to the resources in Internet of Things (IoT) systems. This paper proposes an Attribute-Based Access Control (ABAC) framework for IoT systems by using the emerging Ethereum smart contract technology. The framework consists of one Policy Management Contract (PMC), one Subject Attribute Management Contract (SAMC), one Object Attribute Management Contract (OAMC) and one Access Control Contract (ACC). The PMC, SAMC and OAMC are responsible for storing and managing the ABAC policies, the attributes of subjects (i.e., entities accessing resources) and the attributes of objects (i.e., resources being accessed), respectively. When receiving access requests, the ACC retrieves the subject attributes and object attributes as well as the corresponding policy from the SAMC, OAMC and PMC to perform the access control. Combining the ABAC model and the blockchain technology, this framework is expected to achieve distributed, trustworthy and fine-grained access control for IoT systems. To show the feasibility of the proposed framework, we construct a local private Ethereum blockchain system to implement the four smart contracts and also conduct experiments to test the monetary and time cost.