Paper 2020/566

Reputation Driven Dynamic Access Control Framework for IoT atop PoA Ethereum Blockchain

Auqib Hamid Lone and Roohie Naaz

Abstract

Security and Scalability are two major challenges that IoT is currently facing. Access control to critical IoT infrastructure is considered as top security challenge that IoT faces. Data generated by IoT devices may be driving many hard real time systems, thus it is of utmost importance to guarantee integrity and authenticity of the data and resources at the first place itself. Due to heterogeneous and constrained nature of IoT devices, traditional IoT security frameworks are not able to deliver scalable, efficient and manageable mechanisms to meet the requirements of IoT devices. On the other hand Blockchain technology has shown great potential to bridge the missing gap towards building a truly decentralized, trustworthy, secure and scalable environment for IoT. Allowing access to IoT resources and data managed through Blockchain will provide an additional security layer backed by the strongest cryptographic algorithms available. In this work we present a reputation driven dynamic access control framework for small scale IoT applications based on Proof of Authority Blockchain, we name it as Rep-ACM. In RepACM framework we build two major services, one for Reputation building (for better IoT device behaviour regulations) and other for Misbehaviour detection (for detecting any Misbehaviour on object resource usage). Both of these services work in coordination with other services of proposed framework to determine who can access what and under what conditions access should be granted. For Proof of Concept (PoC) we created private Ethereum network consisting of two Raspberry Pi single board computers, one desktop computer and a laptop as nodes. We configured Ethereum protocol to use Istanbul Byzantine Fault Tolerance (IBFT) as Proof of Authority (PoA) consensus mechanism for performance optimization in constrained environment. We deployed our model on private network for feasibility and performance analysis.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
ReputationAccess ControlIoTPermissioned BlockchainProof of authority
Contact author(s)
ahl @ nitsri net
History
2021-02-21: last of 2 revisions
2020-05-15: received
See all versions
Short URL
https://ia.cr/2020/566
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/566,
      author = {Auqib Hamid Lone and Roohie Naaz},
      title = {Reputation Driven Dynamic Access Control Framework for {IoT} atop {PoA} Ethereum Blockchain},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/566},
      year = {2020},
      url = {https://eprint.iacr.org/2020/566}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.