Blockchain-Based Access Control for the IoT

Internet-of-Things Challenges

The rapid proliferation of Internet-of-Things (IoT) devices has transformed industries such as healthcare, transportation, and smart homes, enabling seamless interconnectivity and automation. These devices empower users by offering advanced control and functionality through real-time data exchange and communication. However, their widespread deployment introduces significant security and privacy challenges. Many IoT devices operate in close proximity to users, often collecting sensitive personal data, making them prime targets for unauthorized access, data breaches, and malicious attacks.

To mitigate these risks, ensuring robust security mechanisms and preventing privacy violations and malicious usage requires proper solutions. This is achieved by employing proper security mechanisms called Access Control mechanisms, which define and enforce policies determining who can access what resources under what conditions. This IoT environment, however, possesses unique differences compared to the traditional setting, mainly in its diversities and resource limitations. Designing and implementing an access control that is tailored toward these characteristics turns out to be non-trivial, thus, requiring centralized authority to develop such complex access control.

This centralized implementation of access control poses ethical and security questions due to its single point of failure weakness. This characteristic allows malicious actors to focus on a single entity to compromise millions of devices in a single attack.

Blockchain-Based Access Control

Blockchain-based access control (BBAC) is an alternative to the previous centralized access control, with the aim of developing access control on top of blockchain. BBAC possesses superior robustness and integrity compared to the centralized server, due to the blockchain decentralized properties. For this reason, BBAC eliminates both major security attacks (e.g., DDoS and MiTM) and single point of failure. However, there are multiple new challenges introduced in such access control. One of the main weakness of blockchain technology come in its scalability, mainly in its latency and cost-efficiency. For example, Ethereum needs 4 seconds to output a calculation, which is in order of magnitude slower than other cloud technologies (e.g., Google Cloud Platform) while also being more expensive. On top of it, some other privacy issues could arise due to the public nature of blockchain. Solving these privacy and scalability issues needs to be done delicately, as it can introduce new security risks. Due to these challenges, our lab aims to tackle these challenges through the use of many cryptographic primitives, such as Zero-Knowledge Proof, to achieve better privacy and scalability while maintaining the security and integrity of the access control.