Thanks to the rapid advance of communication and networking technologies (e.g., Wi-Fi, Zigbee, Bluetooth), a growing number of objects (e.g., sensors, smart user devices, servers) are being interconnected nowadays via unique addressing schemes (e.g., the Internet), leading to the concept of the Internet of things (IoT). Such interconnection significantly accelerates the data collection, aggregation and sharing among all peers in the IoT, whereas it incurs crucial security issues at the same time, as adversaries can illegally access the resources and services provided in the system by compromising the vulnerable IoT devices. As a result, access control has been regarded as a critical research issue in the IoT. Existing centralized access control schemes, which usually rely on a single node to control the access requests from a subject to an object, may suffer from two significant shortcomings. One is that the access control node may be compromised by an adversary, leading to untrustworthy access control. The other is that the access control node may be destroyed in natural or man-made disasters, which can easily destroy the access control scheme. Thus, distributed and trustworthy access control schemes are in urgent demand to prevent unauthorized access in IoT systems. Recently, blockchain, which is the key enabler behind modern cryptocurrency platforms (e.g., BitCoin and Ethereum) and can implement distributed trustworthy computation in an untrustworthy peer-to-peer system, may provide us a promising solution to the access control problem for the IoT. Therefore, the goal of this research is to implement distributed and trustworthy access control for IoT systems by exploiting the emerging blockchain technology. In particular, we will focus on the blockchain-based smart contract technology.
Example of IoT Access Control
Suppose we have a simple IoT system with a gas detector, an alarm and a smart phone. The smart phone can retrieve gas leakage information from the detector and send commands to the detector to shut off the gas. The alarm can also retrieve the gas leakage information from the detector and raise an alarm, while it is not allowed to send commands to the detector. This is a typical access control scenario, where the gas detector is the object providing resources (i.e., gas leakage information, function of shutting down the gas) and the smart phone and alarm are subjects accessing resources from the object. To achieve the access control, three critical steps must be conducted. In the first step, the detector needs to grant access rights to both the smart phone and the alarm. For the smart phone, the access rights are retrieving the gas leakage information and shutting down the gas, while, for the alarm, the access right is only retrieving the gas leakage information. In the second step, the detector must validate the access rights of the access rights when receiving access requests from the subjects. Finally, the detector returns access results to both subjects and take some countermeasures based on the results.
Smart Contract-based Access Control
A smart contract can be simply thought of as a piece of executable code that resides in a blockchain (as illustrated in the figure below). A smart contract provides a number of application binary interfaces (ABIs), which can be run by any peer in the blockchain system. In addition to ABIs, a smart contract also has data, which is regarded as the state of the contract. Each smart contract is associated with an address, through which any peer in the blockchain system can execute its ABIs and modify its state if the modification is allowed. The ABIs will be executed by all peers in the system, so as long as the computing capacity of any peer in the system is less than half the computing capacity of the entire system, no peer in the system can intentionally execute the ABI in the wrong way. As a result, no peers cannot tamper with the function of the smart contract. Based on this characteristic of the smart contract technology, this research realizes access control between arbitrary peers in the IoT system.