Skip to main content
SpringerLink
Log in

Bloccess: Enabling Fine-Grained Access Control Based on Blockchain

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Access control is a fundamental security aspect and has been adopted in diverse systems. Particularly, fine-grained access control models present good flexibility and scalability to adapt to complicated systems. However, building a trustworthy fine-grained access control mechanism in untrustworthy distributed environments such as Internet of Things (IoT) environments is challenging. Conventional access control mechanisms encounter security and privacy issues caused by centralized entities, such as single point of failure and data tampering. To address these issues, we have proposed Bloccess, a fine-grained access control framework based on the consortium blockchain, in our previous work. By leveraging blockchain technology, we formulate a set of protocols to enforce a tamper-proof access control mechanism in untrustworthy distributed environments. In this paper, we refine our previous work and present the extended version of Bloccess. We optimize our protocols and extend them to support a hybrid blockchain structure. We also formulate complete identification protocols for the administration mechanism in Bloccess. Besides, we show Bloccess in practice with a Bloccess-enabled IoT system. Furthermore, we conduct a semi-formal analysis to prove the security properties of Bloccess and evaluate its security through a security model and a threat model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)

    Article  Google Scholar 

  2. Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-based access control (RBAC): features and motivations. In: Proceedings of 11th annual computer security application conference, pp. 241–48 (1995)

  3. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE international conference on web services (ICWS’05). IEEE, Orlando, FL, USA (2005)

  4. Krebs, B.: Hacked cameras. DVRs powered today’s massive internet outage. Krebs on Security (2016)

  5. Dabbagh, M., Rayes, A.: Internet of things security and privacy. In: Internet of things from hype to reality, pp. 211–238. Springer, Cham (2019)

    Google Scholar 

  6. Hernández-Ramos, J.L., Jara, A.J., Marín, L., Skarmeta Gómez, A.F.: DCapBAC: embedding authorization logic into smart things through ECC optimizations. Int. J. Comput. Math. 93(2), 345–366 (2016)

    Article  MATH  Google Scholar 

  7. Hussein, D., Bertin, E., Frey, V.: A community-driven access control approach in distributed IoT environments. IEEE Commun. Mag. 55(3), 146–153 (2017)

    Article  Google Scholar 

  8. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Decentralized Business Review (2008)

  9. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum project yellow paper 151(2014), 1–32 (2014)

    Google Scholar 

  10. Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Enyeart, D., Ferris, C., Laventman, G., Manevich, Y.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the thirteenth EuroSys conference, p. 30. ACM (2018)

  11. Ding, Y., Sato, H.: Bloccess: towards fine-grained access control using blockchain in a distributed untrustworthy environment. In: 2020 8th IEEE international conference on mobile cloud computing. Services, and engineering (MobileCloud), pp. 17–22. IEEE, Oxford, UK (2020)

  12. Chuen, D.L.K.: Handbook of digital currency: bitcoin, innovation, financial instruments, and big data. Academic Press, Cambridge (2015)

    Google Scholar 

  13. Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Annual international cryptology conference, pp. 139–147. Springer, Berlin (1992)

    Google Scholar 

  14. King, S., Nadal, S.: Ppcoin: peer-to-peer crypto-currency with proof-of-stake. Self-published paper, August 19(1) (2012)

  15. Castro, M., Liskov, B.: Practical Byzantine fault tolerance. OSDI 99, 173–186 (1999)

    Google Scholar 

  16. Ongaro, D., Ousterhout, J.: In search of an understandable consensus algorithm. In: 2014 USENIX annual technical conference (USENIX ATC 14), pp. 305–319. (2014)

  17. Ding, Y., Sato, H.: Self-sovereign identity as a service: architecture in practice. In: 2022 IEEE 46th annual computers, software, and applications conference (COMPSAC), pp. 1536–1543. IEEE, Piscataway (2022)

  18. Dimitriou, T.: Efficient, coercion-free and universally verifiable blockchain-based voting. Comput. Netw. 174, 107234 (2020)

    Article  Google Scholar 

  19. Ding, Y., Sato, H.: Dagbase: a decentralized database platform Using DAG-based consensus. In: 2020 IEEE 44th annual computers. Software, and applications conference (COMPSAC), pp. 798–807. IEEE, Madrid, Spain (2020)

  20. Ding, Y., Sato, H.: Derepo: a distributed privacy-preserving data repository with decentralized access control for smart health. In: 2020 7th IEEE international conference on cyber security and cloud computing (CSCloud)/2020 6th IEEE international conference on edge computing and scalable cloud (EdgeCom), pp. 29–35. IEEE, Piscataway (2020)

  21. Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: FairAccess: a new Blockchain-based access control framework for the Internet of Things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)

    Article  Google Scholar 

  22. Sandhu, R.: Engineering authority and trust in cyberspace: the OM-AM and RBAC way. In: Proceedings of the fifth ACM workshop on role-based access control, pp. 111–119. ACM, New York (2000)

  23. Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things. IEEE Internet Things J. 6(2), 1594–1605 (2018)

    Article  Google Scholar 

  24. Cruz, J.P., Kaji, Y., Yanai, N.: RBAC-SC: role-based access control using smart contract. IEEE Access 6, 12240–12251 (2018)

    Article  Google Scholar 

  25. Egala, B.S., Pradhan, A.K., Badarla, V., Mohanty, S.P.: Fortified-chain: a blockchain-based framework for security and privacy-assured internet of medical things with effective access control. IEEE Internet Things J. 8(14), 11717–11731 (2021)

    Article  Google Scholar 

  26. Tan, L., Shi, N., Yu, K., Aloqaily, M., Jararweh, Y.: A blockchain-empowered access control framework for smart devices in green internet of things. ACM Trans. Internet Technol. (TOIT) 21(3), 1–20 (2021)

    Article  Google Scholar 

  27. Dagher, G.G., Mohler, J., Milojkovic, M., Marella, P.B.: Ancile: privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain. Cities Soc. 39, 283–297 (2018)

    Article  Google Scholar 

  28. Nchinda, N., Cameron, A., Retzepi, K., Lippman, A.: MedRec: a network for personal information distribution. In: 2019 international conference on computing, networking and communications (ICNC), pp. 637–641. IEEE, Piscataway (2019)

  29. Singla, A., Bertino, E.: Blockchain-based PKI solutions for IoT. In: 2018 IEEE 4th international conference on collaboration and internet computing (CIC), pp. 9–15. IEEE, Piscataway (2018)

  30. Krasner, G.E., Pope, S.T.: A description of the model-view-controller user interface paradigm in the smalltalk-80 system. J. Object Oriented Program. 1(3), 26–49 (1988)

    Google Scholar 

  31. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE symposium on security and privacy (SP’07), pp. 321–334. IEEE, Piscataway (2007)

  32. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MATH  Google Scholar 

  33. Ding, Y., Sato, H.: Formalism-driven development: concepts, taxonomy, and practice. Appl. Sci. 12(7), 3415 (2022)

    Article  Google Scholar 

  34. Ding, Y., Sato, H.: Formalism-driven development of decentralized systems. In: 2022 26th international conference on engineering of complex computer systems (ICECCS), pp. 81–90. IEEE, Hiroshima, Japan (2022)

  35. Cimatti, A., Clarke, E., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: Nusmv 2: an opensource tool for symbolic model checking. In: International conference on computer aided verification, pp. 359–364. Springer, Berlin (2002)

    Chapter  Google Scholar 

  36. Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027–2051 (2016)

    Article  Google Scholar 

  37. Douceur, J.R.: The sybil attack. In: International workshop on peer-to-peer systems, pp. 251–260. Springer, Berlin (2002)

    Chapter  Google Scholar 

  38. Lau, F., Rubin, S.H., Smith, M.H., Trajkovic, L.: Distributed denial of service attacks. In: Smc 2000 conference proceedings. 2000 IEEE international conference on systems, man and cybernetics.’cybernetics evolving to systems, humans, organizations, and their complex interactions’(cat. No. 0, vol. 3, pp. 2275–2280. IEEE, Nashville, TN, USA (2000)

  39. Ye, N., Zhu, Y., Wang, R.-C., Malekian, R., Qiao-Min, L.: An efficient authentication and access control scheme for perception layer of internet of things. Appl. Math. Inf. Sci. 8(4), 1617 (2014)

    Article  Google Scholar 

  40. Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5(3), 2130–2145 (2018)

    Article  Google Scholar 

  41. Zheng, Z., Xie, S., Dai, H.-N., Chen, X., Wang, H.: Blockchain challenges and opportunities: a survey. Int. J. Web Grid Serv. 14(4), 352–375 (2018)

    Article  Google Scholar 

  42. Ding, Y., Sato, H.: Sunspot: A decentralized framework enabling privacy for authorizable data sharing on transparent public blockchains. In: International conference on algorithms and architectures for parallel processing, pp. 693–709. Springer, Xiamen, China (2021)

Download references

Acknowledgements

This research was partially supported by KAKENHI (Grant-in-Aid for JSPS Fellows) 21J21087 and KAKENHI (Grants-in-Aid for Scientific Research) (C) 19K11958.

Author information

Authors and Affiliations

  1. Department of Electrical Engineering and Information Systems, The University of Tokyo, Tokyo, 113-8654, Japan

    Yepeng Ding & Hiroyuki Sato

Authors
  1. Yepeng Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hiroyuki Sato
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yepeng Ding.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ding, Y., Sato, H. Bloccess: Enabling Fine-Grained Access Control Based on Blockchain. J Netw Syst Manage 31, 6 (2023). https://doi.org/10.1007/s10922-022-09700-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-022-09700-5

Keywords

Search

Navigation