Access control has been recognized as a critical issue for preventing unauthorized access to the resources in Internet of Things (IoT) systems. This thesis proposes an Attribute-Based Access Control (ABAC) framework for IoT systems by using the emerging Ethereum smart contract technology. The framework consists of one Policy Management Contract (PMC), one Subject Attribute Management Contract (SAMC), one Object Attribute Management Contract (OAMC) and one Access Control Contract (ACC). The PMC, SAMC and OAMC are responsible for storing and managing the ABAC policies, the attributes of subjects (i.e., entities accessing resources) and the attributes of objects (i.e., resources being accessed), respectively. When receiving access requests, the ACC retrieves the subject attributes and object attributes as well as the corresponding policy from the SAMC, OAMC and PMC to perform the access control. Combining the ABAC model and the blockchain technology, this framework is expected to achieve distributed, trustworthy and fine-grained access control for IoT systems. To show the feasibility of the proposed framework, we construct a local private Ethereum blockchain system to implement the four smart contracts and also conduct experiments to evaluate the monetary cost as well as to compare the proposed framework with an existing access control list (ACL)-based scheme. The experimental results show that, from the perspective of system administrators, the proposed scheme consumes more money than the ACL-based scheme at the deployment stage, while it introduces less monetary cost during the system running especially for large-scale systems. From the perspective of users, our scheme introduces higher monetary cost than the ACL-based scheme.

Mirei Yutaka, Using Ethereum Blockchain for Distributed Attribute-Based Access Control in the Internet of Things, Master's Thesis, March 2020.