Abstract IoT security and privacy have proven to be a significant challenge. The traditional access control protocols are not suitable for IoT mainly due to a massive scale, ubiquitous connectivity and distributed nature. Blockchain based access control approaches provide decentralized security but they involve scalability problem, high transaction fees, a significant delay, and computational overhead that is not acceptable for resource-constrained IoT devices. Moreover, data published on the blockchain are public which is not ideal for many scenarios. In this paper, we proposed a new decentralized access control system based on the Tangle which empowers the users to dictate the access to their resource. In our proposed decentralized access control model the policies and access rights are published on the Tangle which guarantees distributed auditability and prevents the user from fraudulently denying the granted access rights. The main contribution of the paper is to provide privacy of the policy by leveraging Masked Authenticated Messaging (MAM) data communication protocol. The proposed work is validated by implementation and is tested with AVISPA tool which confirms security in the presence of the intruder.
Read full abstract