The large-scale and trustless nature of the Internet of Things (IoT) calls for distributed and trustworthy access control schemes to prevent unauthorized resource access. This paper proposes a Capability-Based Access Control (CapBAC) scheme by applying the emerging Ethereum blockchain technology. This scheme uses Ethereum smart contracts, i.e., executable codes residing in the blockchain, to store and manage the capability tokens, i.e., special data structures that maintain the allowed actions of a user (i.e., subject) on a certain resource (i.e., object). To provide more fine-grained access control and more flexible token management, this scheme defines capability tokens in units of actions, i.e., by dividing a conventional capability token containing multiple actions into multiple ones with each being associated with a certain action. In addition, this scheme uses a delegation graph instead of the delegation tree in existing smart contract-based CapBAC schemes to store the token delegation relationship among the subjects. By storing the tokens and the delegation graph in smart contracts, this scheme allows object owners to verify the ownership and validity of the capability tokens of the subjects. To demonstrate the feasibility of the scheme, we constructed a local Ethereum blockchain network and conducted extensive experiments.
Yuta Nakamura, Yuanyu Zhang, Masahiro Sasabe, Shoji Kasahara, Capability-Based Access Control for the Internet of Things: An Ethereum Blockchain-Based Scheme, Proc. of IEEE Global Communications Conference (GLOBECOM), pp.1-6, December 2019.
@inproceedings{nakamura19CapabilityBasedAccessControl,
author = "Nakamura, Yuta and Zhang, Yuanyu and Sasabe, Masahiro and Kasahara, Shoji",
title = "Capability-{{Based Access Control}} for the {{Internet}} of {{Things}}: {{An Ethereum Blockchain-Based Scheme}}",
booktitle = "Proc. of {{IEEE Global Communications Conference}} ({{GLOBECOM}})",
year = "2019",
month = "December",
pages = "1--6",
doi = "10.1109/GLOBECOM38437.2019.9013321"
}