Research On Smart Contract-based Access Control In The Internet Of Things

Currently the security of the Internet of Things is facing unprecedented challenges,and access control technology is one of the core security technologies to ensure the confidentiality and integrity of data.The problem of access control in an unrestricted environment has been fully studied,but it is still in the preliminary stage in such a complex restricted environment as the Internet of Things,which has the characteristics of large-scale,dynamic,resource-constrained and heterogeneous device nodes.The access control models under the Internet of Things mainly include Attribute-based Access Control(ABAC)and Capability-Based Access Control(CapBAC).Among them,ABAC is a centralized model,which has the advantages of flexibility,dynamics,security and privacy.However,the centralization of ABAC brings potential single points of failure and performance bottlenecks.CapBAC is a distributed model,which has the advantages of flexibility,secu-rity,strong scalability and low storage pressure.However,CapBAC is not context-aware,and lightweight devices in the Internet of Things may become a security breach for CapBAC.Considering the problems caused by the centralization of ABAC,this thesis combines the distributed blockchain technology to propose a scalable and efficient attribute access control scheme XADAC(extensile Attribute-based Distributed Access Control)using smart contracts.This scheme can be applied to access control in large-scale but resource-constrained IoT sce-narios.First,a scalable system architecture is proposed,and then the detailed functional design of the proposed smart contracts is given.And an efficient policy retrieval method based on Prefix Sign(PS)is proposed.Finally,the communication protocol of the system is explained.The simulation experiment verifies that XADAC is feasibleand the operational cost is lower than existing solutions.Aiming at the problem that CapBAC is not context-aware and the potential security threats of lightweight devices,this thesis proposes a Blockchain-based Access Control using CREdit-based Capability(BACCREC),which can be applied to scenarios that need to support inde-pendent authorization from users.First,it describes the delegation and revocation model using credit-based capability,then introduces the system architecture based on smart contract,and elaborates the detailed function design of the smart contracts,and finally clarifies the specific workflow of the system.The simulation experiment demonstrate the effectiveness of BAC-CREC's credit-based misbehavior handling mechanism while introduce more monetary cost,which is inevitable.In order to facilitate the implementation of the above-mentioned smart contract-based ac-cess control schemes,this thesis designs and implements a smart contract visualization platform ContraSee.The UI design is beautiful,simple and user friendly,and users can use the system to deploy and interact with smart contracts.