Abstract
Since the last few decades, information security has become a significant challenge for organizations’ system administrators. However, the Role-Based Access Control (RBAC) model has emerged as a viable solution for organizations to meet the security requirement due to its less administrative overhead. Blockchain technology is distributive and can be used effectively in user authentication and authorization challenges. This paper proposes an RBAC model using a blockchain-based smart contract for managing user-role permissions in the organization. We design a threat and security model to resist attacks such as man-in-the-middle attacks in an organization scenario. The proposed approach uses the Ethereum blockchain platform and its smart contract functionalities to model user-resource communications. The proposed method is tested on Ropsten Ethereum Test Network and evaluated to analyze user authentication, verification, cost, and security.
Similar content being viewed by others
References
Chen Y, Bellavitis C (2020) Blockchain disruption and decentralized finance: the rise of decentralized business models. J Bus Ventur Insights 13:e00151
Bhardwaj A, Shah SBH, Shankar A, Alazab M, Kumar M, Gadekallu TR (2020) Penetration testing framework for smart contract blockchain. Peer-to-Peer Networking and Applications pp 1–16
Solidity (2020) Solidity. [Online]. Available:. URL https://solidity.readthedocs.io/en/develop/
Park JS, Costello KP, Neven TM, Diosomito JA (2004) A composite RBAC approach for large, complex organizations. In: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 163–172
Bera P, Ghosh SK, Dasgupta P (2010) Integrated security analysis framework for an enterprise network–a formal approach. IET Inf Secur 4(4):283–300
He X (2014) Role security access control of the distributed object systems. In: 11th international computer conference on wavelet Actiev media technology and information processing (ICCWAMTIP), IEEE, pp 389–392
Kamboj P, Trivedi MC, Yadav VK, Singh VK (2017) Detection techniques of DDoS attacks: a survey. In: 4th IEEE Uttar Pradesh section international conference on electrical, Computer and Electronics (UPCON), IEEE, pp. 675–679
Scholer K (2016) An introduction to Bitcoin and Blockchain technology. Kaye Scholer LLP pp 3–22
Gao W, Hatcher WG, Yu W (2018) A survey of blockchain: techniques, applications, and challenges. In: 27th international conference on computer communication and networks (ICCCN), IEEE, pp 1–11
Vujiˇci’c D, Jagodi’c D, Rani’c S (2018) Blockchain Technology, Bitcoin, and Ethereum: A Brief Overview. In: 17th International Symposium INFOTEH-JAHORINA (INFOTEH), pp 1–6, DOI 10.1109/INFOTEH.2018.8345547
Ding Y, Sato H (2020) Bloccess: towards fine-grained access control using blockchain in a distributed untrustworthy environment. In: 2020 8th IEEE international conference on Mobile cloud computing, services, and engineering (MobileCloud), IEEE, pp 17–22
Perlman R (1999) An overview of PKI trust models. IEEE Netw 13(6):38–43
Kosba A, Miller A, Shi E, Wen Z, Papamanthou C (2016) Hawk: The Blockchain model of Cryptography and Privacy-Preserving Smart Contracts. In: IEEE symposium on security and privacy (SP), IEEE, pp 839–858
Matsumoto S, Reischuk RM (2017) IKP: turning a PKI around with decentralized automated incentives. In: IEEE symposium on security and privacy (SP), IEEE, pp 410–426
Zhang R, Xue R, Liu L (2019) Security and privacy on Blockchain. ACM Computing Surveys (CSUR) 52(3):1–34
Feng C, Yu K, Bashir A, AI-Otaibi Y, Lu Y, Chen S, Zhang D (2020) Efficient and secure data sharing for 5G flying drones: a BlockchainEnabled approach. IEEE Netw
Hunt R (2001) Technological infrastructure for PKI and digital certification. Comput Commun 24(14):1460–1471
Kamboj P, Raj G (2016) Analysis of role-based access control in softwaredefined networking. In: Proceedings of Fifth International Conference on Soft Computing for Problem Solving, Springer, pp. 687–697
Cruz JP, Kaji Y, Yanai N (2018) RBAC-SC: role-based access control using smart contract. IEEE Access 6:12240–12251
Shi N, Tan L, Yang C, He C, Xu J, Lu Y, Xu H (2020) Bacs: a blockchainbased access control scheme in distributed internet of things. Peer-to-peer networking and applications pp 1–15
Fuchs L, Pernul G, Sandhu R (2011) Roles in information security–a survey and classification of the research area. Computers & security 30(8):748–769
Zyskind G, Nathan O, et al. (2015) Decentralizing privacy: Using blockchain to protect personal data. In: 2015 IEEE security and privacy workshops, IEEE, pp 180–184
Yu KP, Tan L, Aloqaily M, Yang H, Jararweh Y (2021) BlockchainEnhanced data sharing with traceable and direct revocation in IIoT. IEEE transactions on industrial informatics pp 1–1, DOI https://doi.org/10.1109/TII.2021.3049141
Ma G, Ge C, Zhou L (2020) Achieving reliable timestamp in the bitcoin platform. Peer-to-Peer Networking and Applications pp 1–9
Maesa DDF, Mori P, Ricci L (2017) Blockchain based access control. In: International Conference on Distributed Applications and Interoperable Systems, Springer, pp. 206–220
Ouaddah A, Abou Elkalam A, Ait Ouahman A (2016) FairAccess: a new Blockchain-based access control framework for the internet of things. Secur Commun Netw 9(18):5943–5964
Calero JA, Perez GM, Skarmeta AG (2010) Towards an authorisation model for distributed systems based on the semantic web. IET Inf Secur 4(4):411–421
Li X, Jiang P, Chen T, Luo X, Wen Q (2020) A survey on the security of blockchain systems. Futur Gener Comput Syst 107:841–853
Shi N, Tan L, Li W, Qi X, Yu K (2020) A blockchain-empowered AAA scheme in the large-scale HetNet. Digital Communications and Networks
Yu K, Tan L, Shang X, Huang J, Srivastava G, Chatterjee P (2020) Efficient and privacy-preserving medical research support platform against COVID-19: a Blockchain-based approach. IEEE Consumer Electronics Magazine
Ghazal R, Malik AK, Qadeer N, Raza B, Shahid AR, Alquhayz H (2020) Intelligent role-based access control model and framework using semantic business roles in multi-domain environments. IEEE Access 8:12253–12267
Contiu S, Pires R, Vaucher S, Pasin M, Felber P, Reveillere L (2018) IBBE-SGX: Cryptographic Group Access Control using Trusted Execution Environments. In: 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, pp 207–21
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47
Zhou L, Wang Q, Sun X, Kulicki P, Castiglione A (2018) Quantum technique for access control in cloud computing II: encryption and key distribution. J Netw Comput Appl 103:178–184
Karbasi AH, Shahpasand S (2020) A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks. Peer-to-peer networking and applications pp 1–19
Astorga J, Jacob E, Huarte M, Higuero M (2012) Ladon: end-to-end authorisation support for resource-deprived environments. IET information security 6(2):93–101 5
Choi N, Kim H (2019) A Blockchain-based user authentication model using MetaMask. Journal of Internet Computing and Services 20(6):119–127
Anilkumar C, Subramanian S (2020) A novel predicate based access control scheme for cloud environment using open stack swift storage. Peer-toPeer networking and applications pp 1–13
Ropsten (2020) The Ethereum Block Explorer: ROPSTEN (Revival) TESTNET. Etherscan. [Online]. Available:. https://ropsten.etherscan.io
Jha S, Sural S, Atluri V, Vaidya J (2018) Security analysis of abac under an administrative model. IET Inf Secur 13(2):96–103
Al-Bassam M (2017) SCPKI: a smart contract-based PKI and identity system. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 35–40
Nakamoto S (2008) Bitcoin: A Peer-to-Peer Electronic Cash System,” http://bitcoin.org/bitcoin.pdf
Paci F, Squicciarini A, Zannone N (2018) Survey on access control for community-centered collaborative systems. ACM Comput Surv (CSUR) 51(1):1–38
Ferraiolo D, Richard D (1992) Role-based access controls. In: proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland
Community E (2020) Ethereum Homestead Documentation. [Online]. Available:. URL https://readthedocs.org/projects/ethereum-homestead/downloads/pdf/latest/
Zheng Z, Xie S, Dai H, Chen X, Wang H (2017) An overview of Blockchain technology: architecture, consensus, and future trends. In: IEEE international congress on big data (BigData congress), IEEE, pp 557–564
Wood G et al (2014) Ethereum: a secure decentralised generalised transaction ledger. Ethereum project yellow paper 151:1–32
Tariq U, Ibrahim A, Ahmad T, Bouteraa Y, Elmogy A (2019) Blockchain in internet-of-things: a necessity framework for security, reliability, transparency, immutability and liability. IET Commun 13(19):3187–3192
Rouhani S, Deters R (2019) Blockchain based access control systems: state of the art and challenges. In: IEEE/WIC/ACM International Conference on Web Intelligence, pp. 423–428
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection: Special Issue on Blockchain for Peer-to-Peer Computing
Guest Editors: Keping Yu, Chunming Rong, Yang Cao, and Wenjuan Li
Appendix
Appendix
The role-issuer SC was deployed on Ropsten Ethereum Test Network using the below address:
0xAF2C389Da75dE14e368132b6aA144841f7271b4B.
The resource owner SC was deployed on Ropsten Ethereum Test Network using the given address:
0xF600AC5b557d56DF8784fB751962c5bDB19566dD.
With the given address, the reader can see the transactions at:
Rights and permissions
About this article
Cite this article
Kamboj, P., Khare, S. & Pal, S. User authentication using Blockchain based smart contract in role-based access control. Peer-to-Peer Netw. Appl. 14, 2961–2976 (2021). https://doi.org/10.1007/s12083-021-01150-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-021-01150-1