Abstract
The traditional access control model faces the problems of coarse granularity and poor management, and its centralized implementation architecture also leads to the emergence of security problems such as single point of failure and information leakage. In response to this problem, this paper proposes a token-based access control mechanism and uses blockchain technology for distributed implementation. In our scheme, the access control process consists of three steps: Policy upload, Token request and Resource request. It takes the token as the credentials of user access permissions as well as realizes fine-grained resource allocation and permission management through token control. In addition, we use blockchain technology for distributed implementation, which alleviates the security risks brought by the centralized architecture. The performance evaluation results show that the model can achieve reliable permission allocation and management and control the access request processing delay within 1 s.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chopra, K., Gupta, K., Lambora, A.: Future internet: the internet of things-a literature review. In: 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon), pp. 135–139. IEEE (2019) Location (1999)
Alaba, F.A., Othman, M., Hashem, I.A.T., Alotaibi, F.: Internet of Things security: a survey. J. Netw. Comput. Appl. 88, 10–28 (2017). https://doi.org/10.1016/j.jnca.2017.04.002
Shen, X.S., Liu, D., Huang, C., Xue, L., Yin, H., Zhuang, W., et al.: Blockchain for transparent data management toward 6G. Engineering 8, 74–85 (2022). https://doi.org/10.1016/j.eng.2021.10.002
Zhang, Y., Wu, X.: Access control in internet of things: a survey. arXiv preprint arXiv:1610.01065 (2016)
Ammar, M., Russello, G., Crispo, B.: Internet of Things: a survey on the security of IoT frameworks. J. Inf. Secur. Appl. 38, 8–27 (2018). https://doi.org/10.1016/j.jisa.2017.11.002
Cugini, J., Kuhn, R., Ferraiolo, D.: Role-based access control: features and motivations. In: Proceedings of the Annual Computer Security Applications Conference, Los Alamitos, Calif, (1995). https://doi.org/10.1145/266741.266758
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F., Voas, J.: Attribute-based access control. Computer 48(2), 85–88 (2015). https://doi.org/10.1109/MC.2015.33
Gusmeroli, S., Piccione, S., Rotondi, D.: A capability-based security approach to manage access control in the internet of things. Math. Comput. Model. 58(5–6), 1189–1205 (2013). https://doi.org/10.1016/j.mcm.2013.02.006
Gan, G., Chen, E., Zhou, Z., Zhu, Y.: Token-based access control. IEEE Access 8, 54189–54199 (2020). https://doi.org/10.1109/ACCESS.2020.2979746
Li, W., Meng, W., Liu, Z., Au, M.: Towards blockchain-based software-defined networking: security challenges and solutions. IEICE Trans. Inf. Syst. 103(2), 196–203 (2020). https://doi.org/10.1587/transinf.2019INI0002
Sun, S., Chen, S., Du, R.: Trusted and efficient cross-domain access control system based on blockchain. Sci. Program. 2020(10), 1–13 (2020). https://doi.org/10.1155/2020/8832568
Xu, R., Chen, Y., Blasch, E., Chen, G.: Blendcac: a blockchain-enabled decentralized capability-based access control for IoTs. In: 2018 IEEE International conference on Internet of Things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1027–1034. IEEE (2018). https://doi.org/10.1109/Cybermatics_2018.2018.00191
Acknowledgement
This paper was supported in part by the National Key R & D Program of China under Grant No. 2018YFA0701604, and in part by the Fundamental Research Funds for the Central Universities under Grant No. 2021YJS012.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yang, Y., Tu, Z., Song, H., Zhou, H. (2023). A Token-Based Access Control Mechanism for the Internet of Things Using Blockchain. In: You, I., Kim, H., Angin, P. (eds) Mobile Internet Security. MobiSec 2022. Communications in Computer and Information Science, vol 1644. Springer, Singapore. https://doi.org/10.1007/978-981-99-4430-9_14
Download citation
DOI: https://doi.org/10.1007/978-981-99-4430-9_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-4429-3
Online ISBN: 978-981-99-4430-9
eBook Packages: Computer ScienceComputer Science (R0)