计算机科学
访问控制
计算机安全
云计算
可扩展性
块链
互联网
服务器
认证(法律)
计算机网络
万维网
数据库
操作系统
标识
DOI:10.36227/techrxiv.23282816.v1
摘要
The Internet of Things (IoT) paradigm has widespread applications across many fields in which private and sensitive user or environmental data are sensed and shared. Most present-day IoT applications depend on centralized cloud servers for authentication and access control. Validating the identity of a user and determining the legitimacy of his/her access requests require multiple rounds of data communications over the untrusted Internet, exposing sensitive data to potential attacks. Thus, protecting these data from security and privacy attacks and ensuring legitimate access is imperative. To address this challenge, we adopt an emerging technology called blockchain to propose a decentralized security framework called BloAC. It ensures secure access control in IoT networks without the intervention of the back-end cloud. We have used the Hyperledger Fabric, an open-source, permissioned blockchain platform, for implementing a prototype system using customized attribute-based access control (ABAC) policies. We have performed simulated and real test bed-based experiments to illustrate that BloAC outperforms the cloud server-based access control in latency and scalability. Finally, we conduct a security analysis to formally verify the ABAC policies used in BloAC and establish its robustness against attacks theoretically and using the AVISPA tool.
科研通智能强力驱动
Strongly Powered by AbleSci AI