Smart contract-based access control architecture and verification for internet of things

doi:10.11772/j.issn.1001-9081.2021040553

Journal of Computer Applications ›› 2022, Vol. 42 ›› Issue (6): 1922-1931.DOI: 10.11772/j.issn.1001-9081.2021040553

• Cyber security • Previous Articles

Smart contract-based access control architecture and verification for internet of things

Yang LI¹, Long XU¹, Yanqiang LI¹^,²(), Shaopeng LI¹

^1.Qilu University of Technology（Shandong Academy of Sciences），Institute of Automation，Shandong Academy of Sciences，Jinan Shandong 250014，China
^2.School of Control Sciences and Engineering，Shandong University，Jinan Shandong 250061，China

Received:2021-04-12 Revised:2021-07-08 Accepted:2021-07-08 Online:2022-06-22 Published:2022-06-10
Contact: Yanqiang LI
About author:LI Yang，born in 1980，M. S.，associate research fellow. Her research interests include internet of things security，blockchain.
XU Long，born in 1995，M. S. candidate. His research interests include blockchain
LI Shaopeng，born in 1985，M. S.，associate research fellow. His research interests include intelligent sensing.
Supported by:
National Key Research and Development Program of China(2018YFE0197700);Shandong Major Scientific and Technological Innovation Project(2020CXGC010203);Study Abroad Program of Shandong Provincial Government(201802026)

基于智能合约的物联网访问控制架构与验证

李杨¹, 徐龙¹, 李研强¹^,²(), 李绍鹏¹

^1.齐鲁工业大学（山东省科学院）山东省科学院自动化研究所，济南 250014
^2.山东大学控制科学与工程学院，济南 250061

通讯作者: 李研强
作者简介:李杨（1980—），女，山东济宁人，副研究员，硕士，主要研究方向：物联网安全、区块链
徐龙（1995—），男，安徽合肥人，硕士研究生，主要研究方向：区块链
李绍鹏（1985—），男，山东济南人，副研究员，硕士，主要研究方向：智能感测。
基金资助:
国家重点研发计划项目(2018YFE0197700);山东省重大科技创新工程项目(2020CXGC010203);山东省政府留学基金资助项目(201802026)

Abstract

Abstract:

Concerning the problem that the traditional access control methods face single point of failure and fail to provide trusted， secure and dynamic access management， a new access control model based on blockchain and smart contract for Wireless Sensor Network （WSN） was proposed to solve the problems of access dynamics and low level of intelligence of existing blockchain-based access control methods. Firstly， a new access control architecture based on blockchain was proposed to reduce the network computing overhead. Secondly， a multi-level smart contract system including Agent Contract （AC）， Authority Management Contract （AMC） and Access Control Contract （ACC） was built， thereby realizing the trusted and dynamic access management of WSN. Finally， the dynamic access generation algorithm based on Radial Basis Function （RBF） neural network was adopted， and access policy was combined to generate the credit score threshold of access node to realize the intelligent， dynamic access control management for the large number of sensors in WSN. Experimental results verify the availability， security and effectiveness of the proposed model in WSN secure access control applications.

Key words: blockchain, access control, smart contract, dynamic access management, Wireless Sensor Network (WSN)

摘要：

针对传统的访问控制方法存在单点故障，不能提供可信、安全、动态化权限管理的问题，提出了一种面向无线传感器网（WSN）的基于区块链和智能合约的新型访问控制方法，以解决现有的基于区块链的访问控制方法存在的访问动态化、智能化水平不高等问题。首先，提出一种基于区块链的新型访问控制管理架构，降低网络运算开销；其次，搭建多层次智能合约体系，设计代理合约（AC）、权限管理合约（AMC）和访问控制合约（ACC），以实现对WSN的可信化、动态化的权限管理；最后，采用基于径向基函数（RBF）神经网络的动态权限生成算法，并结合访问政策动态生成访问节点的信用度阈值，实现面向WSN海量传感器的智能化、动态化的访问控制管理。实验结果表明，所提模型在WSN安全访问控制应用上具有可行性、安全性和有效性。

关键词: 区块链, 访问控制, 智能合约, 动态权限管理, 无线传感器网

CLC Number:

TP391

Yang LI, Long XU, Yanqiang LI, Shaopeng LI. Smart contract-based access control architecture and verification for internet of things[J]. Journal of Computer Applications, 2022, 42(6): 1922-1931.

李杨, 徐龙, 李研强, 李绍鹏. 基于智能合约的物联网访问控制架构与验证[J]. 《计算机应用》唯一官方网站, 2022, 42(6): 1922-1931.

Figures/Tables 13

Fig. 1 Operating mechanism of smart contract

Fig. 2 Blockchain-based system structure

Fig. 3 System framework of smart contracts

Fig. 4 RBF neural network-based credit evaluation

Fig. 5 Flowchart of interaction work of system nodes

Fig. 6 Petri net model of system

Tab. 1 System transaction description of operation flow

代码	描述	代码	描述
$t 1$	Start process	$t 12$	Send sensor access request
$t 2$	Register manager	$t 13$	Query the ledger through the unique address
$t 3$	Manger registration write into the ledger	$v 6$	Ledger query consensus
$v 1$	Manager registration consensus	$t 14$	Query failed， request failed
$t 4$	Send sensor registration request	$t 15$	Query success through sensor request
$t 5$	Check whether it is the only identifier	$v 7$	Ledger query consensus
$v 2$	Ledger query consensus	$t 16$	Identity authentication failed， request failed
$t 6$	Query failed， request failed	$t 17$	Identity authentication success， request failed
$t 7$	Sensor registration write into the ledger	$t 18$	Authentication failure be written in the ledger
$v 3$	Sensor Registration consensus	$v 8$	Authentication failure consensus
$t 8$	Add the initial access policy	$t 19$	Monitor abnormal access
$t 9$	Query the ledger through the unique address	$t 20$	Write the abnormal access message into the ledger if any
$v 4$	Ledger query consensus	$v 9$	Abnormal access consensus
$t 10$	Query failed， request failed	$t 21$	Authentication success， get the access credit value
$t 11$	Write the access policy into the ledger	$t 22$	Get the final access result
$v 5$	Policy registration consensus

Tab. 1 System transaction description of operation flow

代码	描述	代码	描述
$t 1$	Start process	$t 12$	Send sensor access request
$t 2$	Register manager	$t 13$	Query the ledger through the unique address
$t 3$	Manger registration write into the ledger	$v 6$	Ledger query consensus
$v 1$	Manager registration consensus	$t 14$	Query failed， request failed
$t 4$	Send sensor registration request	$t 15$	Query success through sensor request
$t 5$	Check whether it is the only identifier	$v 7$	Ledger query consensus
$v 2$	Ledger query consensus	$t 16$	Identity authentication failed， request failed
$t 6$	Query failed， request failed	$t 17$	Identity authentication success， request failed
$t 7$	Sensor registration write into the ledger	$t 18$	Authentication failure be written in the ledger
$v 3$	Sensor Registration consensus	$v 8$	Authentication failure consensus
$t 8$	Add the initial access policy	$t 19$	Monitor abnormal access
$t 9$	Query the ledger through the unique address	$t 20$	Write the abnormal access message into the ledger if any
$v 4$	Ledger query consensus	$v 9$	Abnormal access consensus
$t 10$	Query failed， request failed	$t 21$	Authentication success， get the access credit value
$t 11$	Write the access policy into the ledger	$t 22$	Get the final access result
$v 5$	Policy registration consensus

Fig. 7 Test results of main functions of system

Fig. 8 Error change curve

Fig. 9 Model input/output comparison

Fig. 10 Response time of node registration request

Fig. 11 Response time of access control request

Fig. 12 Malicious node detection results

References 35

1	MANYIKA J， CHUI M. By 2025， Internet of things applications could have ＄11 trillion impact ［EB/OL］. （2015-07-22）［2020-12-25］..
2	FERRAIOLO D， CUGINI J， KUHN D R. Role-Based Access Control （RBAC）： features and motivations［C/OL］// Proceedings of 11th Annual Computer Security Application Conference. ［2020-12-25］..
3	YUAN E， TONG J. Attributed Based Access Control （ABAC） for web services［C］// Proceedings of the 2005 IEEE International Conference on Web Services. Piscataway： IEEE， 2005： 561-569. 10.1109/icws.2005.25
4	GUSMEROLI S， PICCIONE S， ROTONDI D. IoT access control issues： a capability based approach［C］// Proceedings of the 6th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing. Piscataway： IEEE， 2012： 787-792. 10.1109/imis.2012.38
5	PARK J， SANDHU R. Towards usage control models： beyond traditional access control［C］// Proceedings of the 7th ACM Symposium on Access Control Models and Technologies. New York： ACM， 2002： 57-64. 10.1145/507711.507722
6	KHAN M A， SALAH K. IoT security： review， blockchain solutions， and open challenges［J］. Future Generation Computer Systems， 2018， 82： 395-411. 10.1016/j.future.2017.11.022
7	HAMMI M T， HAMMI B， BELLOT P， et al. Bubbles of Trust： a decentralized blockchain-based authentication system for IoT［J］. Computers and Security， 2018， 78： 126-142. 10.1016/j.cose.2018.06.004
8	XU R H， CHEN Y， BLASCH E， et al. BlendCAC： a smart contract enabled decentralized capability-based access control mechanism for the IoT［J］. Computers， 2018， 7（3）： No.39. 10.3390/computers7030039
9	OUADDAH A， ABOU ELKALAM A， OUAHMAN A AIT. FairAccess： a new Blockchain‐based access control framework for the Internet of Things［J］. Security and Communication Networks， 2016， 9（18）： 5943-5964. 10.1002/sec.1748
10	OUADDAH A， ABOU ELKALAM A， OUAHMAN A AIT. Towards a novel privacy-preserving access control model based on blockchain technology in IoT［M］// ROCHA Á， SERRHINI M， FELGUEIRAS C. Europe and MENA Cooperation Advances in Information and Communication Technologies， AISC 520. Cham： Springer， 2017： 523-533.
11	EKBLAW A， AZARIA A， HALAMKA J D， et al. A case study for blockchain in healthcare： “MedRec” prototype for electronic health records and medical research data［R/OL］. （2016-08）［2020-12-25］..
12	HAMMI M T， BELLOT P， SERHROUCHNI A. BCTrust： a decentralized authentication blockchain-based mechanism［C］// Proceedings of the 2018 IEEE Wireless Communications and Networking Conference. Piscataway： IEEE， 2018： 1-6. 10.1109/wcnc.2018.8376948
13	CUI Z， FEI X U E， ZHANG S， et al. A hybrid BlockChain-based identity authentication scheme for multi-WSN［J］. IEEE Transactions on Services Computing， 2020， 13（2）： 241-251. 10.1109/tsc.2020.2964537
14	NOVO O. Blockchain meets IoT： an architecture for scalable access management in IoT［J］. IEEE Internet of Things Journal， 2018， 5（2）： 1184-1195. 10.1109/jiot.2018.2812239
15	LADIA A. Privacy centric collaborative machine learning model training via blockchain［C］// Proceedings of the 2019 International Congress on Blockchain and Applications， AISC 1010. Cham： Springer， 2020： 62-70.
16	NAKAMOTO S. Bitcoin： a peer-to-peer electronic cash system［EB/OL］. ［2020-12-25］.. 10.2139/ssrn.3440802
17	曹傧，林亮，李云，等. 区块链研究综述［J］. 重庆邮电大学学报（自然科学版）， 2020， 32（1）：1-14.
	CAO B， LIN L， LI Y， et al. Review of blockchain research［J］. Journal of Chongqing University of Posts and Telecommunications （Natural Science Edition）， 2020， 32（1）： 1-14.
18	KING S， NADAL S. PPcoin： peer-to-peer crypto-currency with proof-of-stake［EB/OL］. （2012-08-19）［2020-12-25］..
19	CASTRO M， LISKOV B. Practical Byzantine fault tolerance［C］// Proceedings of the 3rd Symposium on Operating Systems Design and Implementation. Berkeley： USENIX Association， 1999： 173-186. 10.1109/dsn.2001.941437
20	SUN Y， ZHANG L， FENG G， et al. Blockchain-enabled wireless Internet of Things： performance analysis and optimal communication node deployment［J］. IEEE Internet of Things Journal， 2019， 6（3）： 5791-5802. 10.1109/jiot.2019.2905743
21	LUU L， CHU D H， OLICKEL H， et al. Making smart contracts smarter［C］// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2016： 254-269. 10.1145/2976749.2978309
22	欧阳丽炜，王帅，袁勇，等. 智能合约：架构及进展［J］. 自动化学报， 2019， 45（3）： 445-457.
	OUYANG L W， WANG S， YUAN Y， et al. Smart contracts： architecture and research progresses［J］. Acta Automatica Sinica， 2019， 45（3）： 445-457.
23	WOOD G. Ethereum： a secure decentralised generalised transaction ledger［EB/OL］. ［2020-12-25］..
24	ANDROULAKI E， BARGER A， BORTNIKOV V， et al. Hyperledger fabric： a distributed operating system for permissioned blockchains［C］// Proceedings of the 13th EuroSys Conference. New York： ACM， 2018： No.30. 10.1145/3190508.3190538
25	LÓPEZ VIVAR A， CASTEDO A T， SANDOVAL OROZCO A L， et al. An analysis of smart contracts security threats alongside existing solutions［J］. Entropy， 2020， 22（2）： No.203. 10.3390/e22020203
26	PINNO O J A， GREGIO A R A， DE BONA L C E. ControlChain： blockchain as a central enabler for access control authorizations in the IoT［C］// Proceedings of the 2017 IEEE Global Communications Conference. Piscataway： IEEE， 2017： 1-6. 10.1109/glocom.2017.8254521
27	ZHANG Y Y， KASAHARA S， SHEN Y L， et al. Smart contract-based access control for the Internet of Things［J］. IEEE Internet of Things Journal， 2019， 6（2）： 1594-1605. 10.1109/jiot.2018.2847705
28	杜义峰，郭渊博. 一种基于信任值的雾计算动态访问控制方法［J］. 信息网络安全， 2020， 20（4）：65-72. 10.3969/j.issn.1671-1122.2020.04.008
	DU Y F， GUO Y B. A dynamic access control method for fog computing based on trust value［J］. Netinfo Security， 2020， 20（4）：65-72. 10.3969/j.issn.1671-1122.2020.04.008
29	王海勇，潘启青，郭凯璇. 基于区块链和用户信用度的访问控制模型［J］. 计算机应用， 2020， 40（6）： 1674-1679. 10.11772/j.issn.1001-9081.2019101780
	WANG H Y， PAN Q Q， GUO K X. Access control model based on blockchain and user credit［J］. Journal of Computer Applications， 2020， 40（6）：1674-1679. 10.11772/j.issn.1001-9081.2019101780
30	OUTCHAKOUCHT A， ES-SAMAALI H， LEROY J P. Dynamic access control policy based on blockchain and machine learning for the Internet of Things［J］. International Journal of Advanced Computer Science and Applications， 2017， 8（7）： 417-424. 10.14569/ijacsa.2017.080757
31	POGGIO T， EDELMAN S. A network that learns to recognize three-dimensional objects［J］. Nature， 1990， 343（6255）： 263-266. 10.1038/343263a0
32	YICK J， MUKHERJEE B， GHOSAL D. Wireless sensor network survey［J］. Computer Networks， 2008， 52（12）： 2292-2330. 10.1016/j.comnet.2008.04.002
33	SHELBY Z， HARTKE K， BORMANN C. The Constrained Application Protocol （CoAP）： RFC 7252 ［S］. Fremont， CA： Internet Engineering Task Force， 2014-06.
34	MURATA T. Petri nets： properties， analysis and applications［J］. Proceedings of the IEEE， 1989， 77（4）： 541-580. 10.1109/5.24143
35	BORMANN C， CASTELLANI A P， SHELBY Z. CoAP： an application protocol for billions of tiny internet nodes［J］. IEEE Internet Computing， 2012， 16（2）： 62-67. 10.1109/mic.2012.29

[1]	Yuntao XU, Junwu ZHU, Binwen SUN, Maosheng SUN, Sihai CHEN. Election-based supply chain： a supply chain autonomy framework based on blockchain [J]. Journal of Computer Applications, 2022, 42(6): 1770-1775.
[2]	Zheng DI, Yifan CAO, Chao QIU, Tao LUO, Xiaofei WANG. New computing power network architecture and application case analysis [J]. Journal of Computer Applications, 2022, 42(6): 1656-1661.
[3]	Xiuli REN, Lei ZHANG. Improved multi-primary-node consensus mechanism based on practical Byzantine fault tolerance [J]. Journal of Computer Applications, 2022, 42(5): 1500-1507.
[4]	Jiagui XIE, Zhiping LI, Jian JIN. Cross-chain mechanism based on Spark blockchain [J]. Journal of Computer Applications, 2022, 42(2): 519-527.
[5]	Li LI, Yi WU, Zhikun YANG, Yunpeng CHEN. Medical electronic record sharing scheme based on sharding-based blockchain [J]. Journal of Computer Applications, 2022, 42(1): 183-190.
[6]	Dingkang LIN, Jiaqi YAN, Nandeng BA, Zhenhao FU, Haochen JIANG. Survey of anonymity and tracking technology in Monero [J]. Journal of Computer Applications, 2022, 42(1): 148-156.
[7]	GE Jihong, SHEN Tao. Energy data access control method based on blockchain [J]. Journal of Computer Applications, 2021, 41(9): 2615-2622.
[8]	SHEN Yumin, WANG Jinlong, HU Diankai, LIU Xingyu. Multi-person collaborative creation system of building information modeling drawings based on blockchain [J]. Journal of Computer Applications, 2021, 41(8): 2338-2345.
[9]	YANG Longhai, WANG Xueyuan, JIANG Hesong. Blockchain digital signature scheme with improved SM2 signature method [J]. Journal of Computer Applications, 2021, 41(7): 1983-1988.
[10]	CHEN Weiwei, CAO Li, GU Xiang. E-forensics model for internet of vehicles based on blockchain [J]. Journal of Computer Applications, 2021, 41(7): 1989-1995.
[11]	QING Xinyi, CHEN Yuling, ZHOU Zhengqiang, TU Yuanchao, LI Tao. Blockchain storage expansion model based on Chinese remainder theorem [J]. Journal of Computer Applications, 2021, 41(7): 1977-1982.
[12]	GE Lina, HU Yugu, ZHANG Guifen, CHEN Yuanyuan. Reverse hybrid access control scheme based on object attribute matching in cloud computing environment [J]. Journal of Computer Applications, 2021, 41(6): 1604-1610.
[13]	DU Xinyu, WANG Huaqun. Dynamic group based effective identity authentication and key agreement scheme in LTE-A networks [J]. Journal of Computer Applications, 2021, 41(6): 1715-1722.
[14]	LIU Hongyu, LIANG Xiubo, WU Junhan. Kubernetes-based Fabric chaincode management and high availability technology [J]. Journal of Computer Applications, 2021, 41(4): 956-962.
[15]	BAO Yulong, ZHU Xueyang, ZHANG Wenhui, SUN Pengfei, ZHAO Yingqi. Formal verification of smart contract for access control in IoT applications [J]. Journal of Computer Applications, 2021, 41(4): 930-938.

Smart contract-based access control architecture and verification for internet of things

基于智能合约的物联网访问控制架构与验证

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 35

Related Articles 15

Recommended Articles

Metrics