Attribute-Based Access Control Using Smart Contracts for the Internet of Things

摘要

Access control is one of the most important security concerns, which is critical in resource and information protection over IoT devices. This paper proposes a new scheme that combines attribute-based access control (ABAC) model with blockchain technology and uses smart contracts for access control judgment. This scheme can realize dynamic, distributed and reliable access control in the open IoT environment. The IoT access control system based on this scheme consists of five functional modules. The information registration point registers information for each device that joins the system. Policy enforcement point (PEP) is responsible for managing agent-devices in the system and processing original access requests from access subjects. Policy decision point (PDP) makes access control right decision through smart contracts. Policy administration point (PAP) is used to manage smart contract information. Policy information point (PIP) is used to manage key attribute information of devices used for access control judgment. The scheme also includes three types of smart contracts, one management contract (MC) is used to manage other contracts in the system, one policy decision contract (PDC) is responsible for obtaining attribute information from PIP and making final access control right decision, and a large number of policy contracts (PCs) which composed of a public policy contract (PPC) and a large number of exclusive policy contracts (EPCs). These PCs are used to implement specific attribute-based access control policies. To demonstrate the application of the scheme, we simulated a scenario of access control in a home IoT environment and verified the feasibility of access control decisions using our proposed scheme through three experiments.