Capability-based access control in IoT environments using blockchain technology

Abstract

Traditional access control models, such as role-based access control and attribute-based access control, are not suitable for Internet of Things (IoT) environments, because they are inflexible and not scalable due to their static characteristic. A promising access control model for IoT environments is capability-based access control (CapBAC). In contrast to traditional access controls, CapBAC is dynamic, scalable and offers fine-grained access policies by nature. Here, the user needs to provide a capability which is an unforgeable key associated with certain rights to access the data. The user might lose the privilege of owning the capability, so the capability has to be revoked. Several solutions using a centralized service for capability revocation have been proposed. However, the centralization leads to single point of failures and a lack of trust and transparency in the data as their is always an intermediary system of the capability revocation service provider between the user and the actual data. This thesis proposes an approach to decentralize the capability revocation by utilizing the blockchain technology. Moreover, we have implemented our proposed approach, and conducted a set of experiments to show the effectiveness of applying the blockchain technology to access control in IoT environments. The evaluation results show that our proposed approach indeed solves the centralization issue removing single point of failures and the lack of trust and transparency. In addition, the performance measurement results show that granting and revoking rights takes relatively long time. Nevertheless, capability verification is fast which would be suitable for real-world usage. As our proposed approach relies heavily on blockchain, the proposed approach also faces the same issues and attacks, such as the 51% attack and the sybil attack. Lastly, we analyze and describe the consequences of successful attacks on our proposed approach.