Research On Access Control Mechanism For Internet Of Things

Internet of Things(Io T)constructs a large ubiquitous network which can realize the interconnection,interworking and interoperation of heterogeneous information based on Internet through wire or wireless,and it can realize the intelligent connection of all objects.Firstly,with the access of a large number of heterogeneous bottom-layer smart devices in Io T,user access and control of Io T devices have become more and more complicated.Since there is no unified Io T device management system,users need to operate different Io T applications and access different Io T cloud platforms when accessing and controlling heterogeneous devices.This fragmented management model increases complexity of user access and control of devices,reduces the scalability of Io T applications.Secondly,in order to cope with the large number access requirements for Io T data brought by application expansion in Distributed Io T,the data of devices are usually stored in the management server(DMS)of current domain,and adopt a centralized access control mechanism to user.This centrally approach can easily cause data to be tampered with and leaked.Moreover,registering different identities when the user accesses different domains,increases the difficulty to manage the identities.Furthermore,the emerging Cloud-Enabled Io T(CEIo T)is becoming increasingly popular since it enables end users to remotely correspond with the connected devices,which collect physical data and share with cloud services.The shared data will often be sensitive as well as private.Despite with the access control,a third-party application platform may violate articles in General Data Protection Regulation(GDPR)after the data is shared to it by a device platform,which leads privacy disclosure.In view of the above-mentioned problems,our contributions in this study are discussed in three aspects as the following.(1)We propose a blockchain-empowered general Io T smart device access control framework,which provides users with a unified device management platform.Firstly,based on the World Wide Web Consortium(W3C)decentralized identifiers(DIDs)standard,users and devices are issued visual identity(VID).Then we extended a GSDDIDs protocol to authenticate devices and users.Finally,a unified access control system based blockchain for devices was designed,including the registration,granting and revoking of access rights.We implement and test on a Raspberry Pi device and FISCOBCOS permissioned chain.The experimental results prove that the framework provides a unified and feasible way for users to achieve decentralized,lightweight,and finegrained access control of devices.The solution reduces the complexity of accessing and controlling devices,enhances the scalability of device applications as well as guarantees the credibility and immutability of permission data and identity data.(2)We propose a blockchain-based access control scheme called Bac S for Distributed Io T.We use node account address as an identity to access DMS,redefine access control permission and store on blockchain.Then we design processes of authorization,authorization revocation,access control and audit.Finally,we use a lightweight symmetric encryption algorithm(SEA)to achieve privacy preserving.We build a credible experimental model on Ethereum private chain,results show that Bac S is feasible and effective that achieves secure access with privacy preserving.(3)We propose DUCE,an enforcement model of distributed usage control for data sharing in CEIo T.It leverages both the Distributed Ledger Technology(DLT)and the Trusted Execution Environment(TEE)to achieve reliable and continuous life-cycle enforcement for cross-domain data sharing scenarios.The core components of DUCE are distributed PDPs and PEPs,which enable reliably execution of usage control policy decision and enforcement processes without a centralized trusted authority.The policy administration is also distributed and associated with the data owner,who can modify the rules optionally.The rules in e Xtensible Access Control Markup Language are parsed into smart contract language to be executed on the blockchain service.A detailed explanation of the enforcement process is given for an example "delete-after-use" rule.A prototype system is implemented with an open-source permissioned blockchain system and evaluated on an experimental deployment.The results show reasonable performance and scalability overhead in comparison to OAuth 2.0.We believe additional cross-domain data usage control issues can also be addressed by DUCE.