The Internet of Things (IoT) providers serve better IoT services each year while producing more IoT gateways and devices to expand their services. However, the security of the IoT ecosystem remains an afterthought for most IoT providers. This action results in many cybersecurity breaches in the field, most likely due to the lack of access control mechanisms. In this paper, we propose BorderChain, an access control framework based on blockchain for IoT endpoints. The security protocol guarantees two properties. First, our proposal assures IoT users and services that they communicate with approved IoT gateways as endpoints, holding verified IoT devices that they need. Second, BorderChain also generates access tokens that the IoT service and users can use to query IoT resources legitimately inside the IoT domains. As a result, the protocol can convince IoT domain owners that the system will only authorize IoT requests that they approve. We realize our protocol in the form of a smart contract to allow many IoT entities such as IoT domain owners, IoT devices, IoT gateways, IoT vendors, IoT services, IoT users, and Internet Service Provider (ISP) to collaborate in a unified environment. We then implement entities in BorderChain as Node JS applications connecting to the Ethereum blockchain as our peer-to-peer platform. Based on our performance evaluation using several Raspberry Pi hardware and our private server, we show that BorderChain can process entities’ authentication and authorization requests efficiently using all hardware resources. Finally, we release BorderChain for public use.
Read full abstract