Skip to main content
SpringerLink
Log in
Book cover

International Conference on Blockchain

ICBC 2021: Blockchain – ICBC 2021 pp 27–42Cite as

Decentralized Authorization in Web Services Using Public Blockchain

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12991))

Abstract

Web services often determine whether to provide access on their resources to a service requesting entity based on the latter’s credentials, which may not always be available with a single authority. More commonly, there is a need for getting them verified from multiple external sources in a decentralized manner. This kind of architecture is also more robust against security and privacy attacks as compared to a centralized system. However, it is imperative that authorization by the independent sources be done in a transparent and verifiable manner. In this paper, we propose a method for decentralized authorization using the Ethereum blockchain. We consider the underlying authorization model to be Attribute-based Access Control (ABAC) and hence, the credentials to be verified are the attributes of the users making access requests to the web service. In ABAC, a user is granted or denied access to an object based on her attributes as well as those of the requested object using a set of rules (called the ABAC policy). We use a public blockchain, namely Ethereum, for transparent authorization of attributes by multiple sources to allow the web service to take an access decision. It ensures that the authorization data is immutable and helps in building trust between the users, web service providers and attribute certifying authorities. We have made a prototype implementation of our proposed architecture on the Rinkeby Ethereum test network. Extensive experiments show its scalability in realistic scenarios.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Hu, V.C., et al.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication 800, 1–37 (2014)

    Google Scholar 

  2. Meshram, A., et al.: ABACaaS: attribute-based access control as a service. In: Ninth ACM Conference on Data and Application Security and Privacy, pp. 153–155 (2019)

    Google Scholar 

  3. Liu, Q., et al.: An access control model for resource sharing based on the role-based access control intended for multi-domain manufacturing internet of things. IEEE Access 5(2), 7001–7011 (2017)

    Article  Google Scholar 

  4. Yavari, A., et al.: Scalable role-based data disclosure control for the internet of things. In: 37th IEEE International Conference on Distributed Computing Systems, pp. 2226–2233 (2017)

    Google Scholar 

  5. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services, pp. 561–569 (2005)

    Google Scholar 

  6. Buterin, V., et al.: Ethereum white paper: a next generation smart contract and decentralized application platform. Etherum 1–36 (2014). https://ethereum.org/en/whitepaper/

  7. Dorri, A., et al.: Blockchain for IoT security and privacy: the case study of a smart home. In: IEEE PerCom Workshops, pp. 618–623 (2017)

    Google Scholar 

  8. Zhang, Y., et al.: Smart contract-based access control for the internet of things. IEEE Internet Things J. 6(2), 1594–1605 (2018)

    Google Scholar 

  9. Dukkipati, C., Zhang, Y., Cheng, L.C.: Decentralized, blockchain based access control framework for the heterogeneous internet of things. In: 3rd Workshop on Attribute Based Access Control, pp. 61–69 (2018)

    Google Scholar 

  10. Markus, I., et al.: DAcc: decentralized ledger based access control for enterprise applications. In: IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 345–351 (2019)

    Google Scholar 

  11. Putra, G.D., et al.: Trust management in decentralized IoT access control system. In: IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 1–9 (2020)

    Google Scholar 

  12. Di Francesco Maesa, D., et al.: Blockchain based access control services. In: IEEE International Conference on Internet of Things (iThings), pp. 1379–1386 (2018)

    Google Scholar 

  13. Hao, G., Meamari, E., Shen, C.C.: Multi-authority attribute-based access control with smart contract. In: International Conference on Blockchain Technology, pp. 6–11 (2019)

    Google Scholar 

  14. Almakhour, M., Sliman, L., Samhat, A.E., Mellouk, A.: On the verification of smart contracts: a systematic review. In: Chen, Z., Cui, L., Palanisamy, B., Zhang, L.-J. (eds.) ICBC 2020. LNCS, vol. 12404, pp. 94–107. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59638-5_7

    Chapter  Google Scholar 

  15. Hwang, G.-H., Chen, P.-H., Lu, C.-H., Chiu, C., Lin, H.-C., Jheng, A.-J.: InfiniteChain: a multi-chain architecture with distributed auditing of sidechains for public blockchains. In: Chen, S., Wang, H., Zhang, L.-J. (eds.) ICBC 2018. LNCS, vol. 10974, pp. 47–60. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94478-4_4

    Chapter  Google Scholar 

  16. Parizi, R.M., Amritraj, A.D.: Smart contract programming languages on blockchains: an empirical evaluation of usability and security. In: Chen, S., Wang, H., Zhang, L.J. (eds.) Blockchain - ICBC 2018. Lecture Notes in Computer Science, vol. 10974, pp. 75–91. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94478-4_6

  17. Bai, Q., Zheng, Y.: Study on the access control model. In: Cross Strait Quad-Regional Radio Science and Wireless Technology Conference, pp. 830–834 (2011)

    Google Scholar 

  18. Solworth, J.A., Sloan, R.H.: A layered design of discretionary access controls with decidable safety properties. In: IEEE Symposium on Security and Privacy, pp. 56–67 (2004)

    Google Scholar 

  19. Chatterjee, A., Pitroda, Y., Parmar, M.: Dynamic role-based access control for decentralized applications. In: Chen, Z., Cui, L., Palanisamy, B., Zhang, L.-J. (eds.) ICBC 2020. LNCS, vol. 12404, pp. 185–197. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59638-5_13

    Chapter  Google Scholar 

  20. Sandhu, R.S., et al.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  21. Wonohoesodo, R., Tari, Z.: A role based access control for web services. In: IEEE International Conference on Services Computing, pp. 49–56 (2004)

    Google Scholar 

  22. Remix IDE for Ethereum Smart Contract Programming. https://remix.ethereum.org/

  23. Rinkeby: Ethereum Test Network. https://www.rinkeby.io/#stats

  24. Solidity - Solidity 0.8.0 Documentation. https://docs.soliditylang.org/en/v0.8.0/

  25. Web3 - Web3 Documentation. https://web3py.readthedocs.io/en/stable/

  26. Bitcoin - Open Source P2P Money. https://bitcoin.org/en/

  27. Infura: Ethereum and IPFS API. https://infura.io/

Download references

Acknowledgments

The work of Shamik Sural is supported by CISCO University Research Program Fund, Silicon Valley Community Foundation under award number 2020–220329 (3696).

Author information

Authors and Affiliations

  1. Indian Institute of Technology Kharagpur, Kharagpur, India

    Maddipati Varun, Muthukur Venkata Akhil Vasishta & Shamik Sural

  2. University of Pittsburgh, Pittsburgh, USA

    Balaji Palanisamy

Authors
  1. Maddipati Varun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muthukur Venkata Akhil Vasishta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Balaji Palanisamy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shamik Sural
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shamik Sural .

Editor information

Editors and Affiliations

  1. Louisiana State University, Baton Rouge, LA, USA

    Kisung Lee

  2. Kingdee International Software Group Co., Ltd., Shenzhen, China

    Liang-Jie Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Varun, M., Vasishta, M.V.A., Palanisamy, B., Sural, S. (2022). Decentralized Authorization in Web Services Using Public Blockchain. In: Lee, K., Zhang, LJ. (eds) Blockchain – ICBC 2021. ICBC 2021. Lecture Notes in Computer Science(), vol 12991. Springer, Cham. https://doi.org/10.1007/978-3-030-96527-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-96527-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-96526-6

  • Online ISBN: 978-3-030-96527-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation