物联网下的区块链访问控制综述
作者:
作者简介:

史锦山(1990-),男,内蒙古和林格尔人,博士生,CCF学生会员,主要研究领域为区块链,访问控制,物联网;李茹(1974-),女,博士,教授,博士生导师,CCF高级会员,主要研究领域为区块链,访问控制,物联网,下一代互联网.

通讯作者:

李茹,E-mail:csliru@imu.edu.cn

基金项目:

国家自然科学基金(61862046,61363079)


Survey of Blockchain Access Control in Internet of Things
Author:
Fund Project:

National Natural Science Foundation of China (61862046, 61363079)

  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [76]
  • |
  • 相似文献 [20]
  • |
  • 引证文献
  • | |
  • 文章评论
    摘要:

    随着物联网的不断发展,物联网的隐私保护问题引起了人们的重视,而访问控制技术是保护隐私的重要方法之一.物联网访问控制模型多基于中央可信实体的概念构建.去中心化的区块链技术解决了中心化模型带来的安全隐患.从物联网自身环境特点出发,提出物联网终端节点设备轻量级、物联网海量终端节点和物联网动态性这3个物联网下访问控制必须要解决的问题.然后,以这3个问题为核心,分析、总结了现有物联网中主流访问控制模型以及使用区块链后的访问控制模型分别是怎么解决这些问题的.最后总结出两类区块链访问控制模型以及将区块链用于物联网访问控制中的优势,并对基于区块链的物联网访问控制在未来需要解决的问题进行了展望.

    Abstract:

    With the development of the Internet of things, the privacy protection of the IoT has attracted people's attention, and access control technology is one of the important methods of privacy protection. The IoT access control model is based on the concept of a central trusted entity. The decentralized blockchain technology solves the security risks brought by the centralized model. This study proposes three issues that must be resolved according to the characteristics of the IoT environment. These three issues are:(1) IoT terminal device lightweight; (2) IoT has a large number of terminal nodes; and (3) dynamic issues under the IoT. Then, using these three issues as the core, it is analyzed and summarized that how the mainstream access control model in the existing IoT and blockchain-based access control model solves these problems. Finally, two types of blockchain access control models and the advantages of using blockchain for IoT access control are summarized, as well as the problems that need to be solved in the future for blockchain and IoT access control.

    参考文献
    [1] Fang L, Yin LH, Guo YC, Fang BX. A survey of key technologies in attribute-based access control scheme. Chinese Journal of Computers, 2017,40(7):1680-1698(in Chinese with English abstract). http://cjc.ict.ac.cn/online/onlinepaper/fl-201773143716.pdf[doi:10.11897/SP.J.1016.2017.01680]
    [2] Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-based access control models. Computer, 1996,29(2):38-47.[doi:10.1109/2.485845]
    [3] Ferraiolo DF, Kuhn DR. Role-based access controls. Computer, 1992,4(3):554-563.[doi:10.1007/978-1-4419-5906-5_829]
    [4] Moyer MJ, Abamad M. Generalized role-based access control. In:Proc. of the 21st Int'l Conf. on Distributed Computing Systems. IEEE, 2001.391-398.[doi:10.1109/ICDSC.2001.918969]
    [5] Bertino E, Bonatti PA, Ferrari E. TRBAC:A temporal role-based access control model. ACM Trans. on Information and System Security (TISSEC), 2001,4(3):191-233.[doi:10.1145/501978.501979]
    [6] Yuan E, Tong J. Attributed based access control (ABAC) for Web services. In:Proc. of the IEEE Int'l Conf. on Web Services. IEEE, 2005.[doi:10.1109/ICWS.2005.25]
    [7] Hemdi M, Deters R. Using REST based protocol to enable ABAC within IoT systems. In:Proc. of the Information Technology, Electronics and Mobile Communication Conf. IEEE, 2016.1-7.[doi:10.1109/IEMCON.2016.7746297]
    [8] Han Q, Li J. An authorization management approach in the Internet of things. Journal of Information & Computational Science, 2012,9(6):1705-1713.
    [9] Wu J, Dong M, Ota K, Pei B. A fine-grained cross-domain access control mechanism for social Internet of things. In:Proc. of the Ubiquitous Intelligence and Computing. IEEE, 2014.666-671.[doi:10.1109/UIC-ATC-ScalCom.2014.140]
    [10] Ouechtati H, Azzouna NB. Trust-ABAC towards an access control system for the Internet of things. In:Proc. of the Int'l Conf. on Green, Pervasive, and Cloud Computing. Cham:Springer-Verlag, 2017.75-89.[doi:10.1007/978-3-319-57186-7_7]
    [11] Sun K, Yin L. Attribute-role-based hybrid access control in the Internet of things. In:Proc. of the Asia-Pacific Web Conf. Springer Int'l Publishing, 2014.333-343.[doi:10.1007/978-3-319-11119-3_31]
    [12] Park J, Sandhu R. Towards usage control models:Beyond traditional access control. In:Proc. of the ACM Symp. on Access Control Models and Technologies (SACMAT 2002). Association for Computing Machinery, 2002.57-64.[doi:10.1145/507711.507722]
    [13] Park J, Sandhu R. The UCON ABC usage control model. ACM Trans. on Information & System Security, 2004,7(1):128-174.[doi:10.1145/984334.984339]
    [14] Zhang G, Gong W. The research of access control based on UCON in the Internet of things. Journal of Software, 2011,6(4):724-731.[doi:10.4304/jsw.6.4.724-731]
    [15] Zhang G, Gong W. The research of access control in the application of VANET based on UCON. Procedia Engineering, 2012,29:4091-4095.[doi:10.1016/j.proeng.2012.01.625]
    [16] Shen HB, Liu SB. A context-aware capability-based access control framework for the Internet of things. Journal of Wuhan University (Natural Science Edition), 2014,60(5):424-428(in Chinese with English abstract).[doi:10.14188/j.1671-8836.2014.05.008]
    [17] Gusmeroli S, Piccione S, Rotondi D. A capability-based security approach to manage access control in the Internet of things. Mathematical & Computer Modelling, 2013,58(5-6):1189-1205.[doi:10.1016/j.mcm.2013.02.006]
    [18] Mahalle PN, Anggorojati B, Prasad NR, Prasad R. Identity authentication and capability based access control (IACAC) for the Internet of things. Journal of Cyber Security and Mobility, 2013,1(4):309-348.
    [19] Hernández-Ramos JL, Jara AJ, Marin L, Skarmeta A. Distributed capability-based access control for the Internet of things. Journal of Internet Services and Information Security (JISIS), 2013,3(3/4):1-16.
    [20] Anggorojati B, Mahalle PN, Prasad NR, Prasad R. Capability-based access control delegation model on the federated IoT network. In:Proc. of the Int'l Symp. on Wireless Personal Multimedia Communications. IEEE Computer Society, 2012.604-608.
    [21] Yavari A, Panah AS, Georgakopoulos D, Jayaraman PP, Schyndel RV. Scalable role-based data disclosure control for the Internet of things. In:Proc. of the IEEE 37th Int'l Conf. on Distributed Computing Systems. IEEE, 2017.2226-2233.[doi:10.1109/ICDCS. 2017.307]
    [22] Liu Q, Zhang H, Wan J, Chen X. An access control model for resource sharing based on the role-based access control intended for multi-domain manufacturing Internet of things. IEEE Access, 2017,PP(99):1-1.[doi:10.1109/ACCESS.2017.2693380]
    [23] Zhang G, Tian J. An extended role based access control model for the Internet of things. In:Proc. of the Int'l Conf. on Information, Networking and Automation (ICINA). IEEE, 2010.319-323.[doi:10.1109/ICINA.2010.5636381]
    [24] Liu J, Xiao Y, Chen CLP. Authentication and access control in the Internet of things. In:Proc. of the Int'l Conf. on Distributed Computing Systems Workshops. IEEE, 2012.588-592.[doi:10.1109/ICDCSW.2012.23]
    [25] Cruz JP, Kaji Y, Yanai N. RBAC-SC:Role-based access control using smart contract. IEEE Access, 2018,6:12240-12251.[doi:10.1109/ACCESS.2018.2812844]
    [26] Alansari S, Paci F, Sassone V. A distributed access control system for cloud federations. In:Proc. of the 2017 IEEE 37th Int'l Conf. on Distributed Computing Systems (ICDCS). IEEE, 2017.2131-2136.[doi:10.1109/ICDCS.2017.241]
    [27] Alansari S, Paci F, Margheri A, Sassone V. Privacy-preserving access control in cloud federations. In:Proc. of the 2017 IEEE 10th Int'l Conf. on Cloud Computing (CLOUD). IEEE, 2017.757-760.[doi:10.1109/CLOUD.2017.108]
    [28] Maesa DDF, Mori P, Ricci L. Blockchain based access control. In:Proc. of the IFIP Int'l Conf. on Distributed Applications and Interoperable Systems. Cham:Springer-Verlag, 2017.206-220.[doi:10.1007/978-3-319-59665-5_15]
    [29] Hashemi SH, Faghri F, Campbell RH. Decentralized user-centric access control using PubSub over blockchain. arXiv preprint arXiv:1710.00110, 2017.
    [30] Ouaddah A, Elkalam AA, Ouahman AA. Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In:Proc. of the Europe and Mena Cooperation Advances in Information and Communication Technologies. Cham:Springer-Verlag, 2017.523-533.[doi:10.1007/978-3-319-46568-5_53]
    [31] Ouaddah A, Abou Elkalam A, Ait Ouahman A. FairAccess:A new blockchain-based access control framework for the Internet of things. Security and Communication Networks, 2016,9(18):5943-5964.[doi:10.1002/sec.1748]
    [32] Jemel M, Serhrouchni A. Decentralized access control mechanism with temporal dimension based on blockchain. In:Proc. of the 2017 IEEE 14th Int'l Conf. on e-Business Engineering (ICEBE). IEEE, 2017.177-182.[doi:10.1109/ICEBE.2017.35]
    [33] Outchakoucht A, Hamza ESS, Leroy JP. Dynamic access control policy based on blockchain and machine learning for the Internet of things. Int'l Journal of Advanced Computer Science and Applications (IJACSA), 2017,8(7):417-424.
    [34] Shafagh H, Burkhalter L, Hithnawi A, Duquennoy S. Towards blockchain-based auditable storage and sharing of IoT data. In:Proc. of the 2017 on Cloud Computing Security Workshop. ACM Press, 2017.45-50.[doi:10.1145/3140649.3140656]
    [35] Mei Y. Simplification model construction of Internet access control based on block chain. Journal of Communication University of China, 2017,24(5):7-12(in Chinese with English abstract).
    [36] Dorri A, Kanhere SS, Jurdak R, Gauravaram P. Blockchain for IoT security and privacy:The case study of a smart home. In:Proc. of the 2017 IEEE Int'l Conf. on Pervasive Computing and Communications Workshops (PerCom Workshops). IEEE, 2017.618-623.
    [37] Zyskind G, Nathan O. Decentralizing privacy:Using blockchain to protect personal data. In:Proc. of the 2015 IEEE Security and Privacy Workshops (SPW). IEEE, 2015.180-184.[doi:10.1109/SPW.2015.27]
    [38] Zhang Y, Kasahara S, Shen Y, Jiang X, Wan J. Smart contract-based access control for the Internet of things. IEEE Internet of Things Journal, 2019,6(2):1594-1605.[doi:10.1109/JIOT.2018.2847705]
    [39] Rifi N, Rachkidi E, Agoulmine N, Taher NC. Towards using blockchain technology for IoT data access protection. In:Proc. of the 2017 IEEE 17th Int'l Conf. on Ubiquitous Wireless Broadband (ICUWB). IEEE, 2017.1-5.[doi:10.1109/ICUWB.2017.8251003]
    [40] Ramachandran A, Kantarcioglu D. Using blockchain and smart contracts for secure data provenance management. arXiv preprint arXiv:1709.10000, 2017.
    [41] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In:Proc. of the IEEE Symp. on Security and Privacy. Los Alam:IEEE Computer Society, 2007.[doi:10.1109/SP.2007.11]
    [42] Ouaddah A, Bouij-Pasquier I, Elkalam AA, Ouahman AA. Security analysis and proposal of new access control model in the Internet of thing. In:Proc. of the 2015 Int'l Conf. on Electrical and Information Technologies (ICEIT). IEEE, 2015.30-35.[doi:10.1109/EITech.2015.7162936]
    [43] Mattila J. The blockchain phenomenon-The disruptive potential of distributed consensus architectures. ETLA Working Papers, The Research Institute of the Finnish Economy, 2016.
    [44] Bhargavan K, Swamy N, Zanella-Béguelin S, Delignat-Lavaud A, Fournet C, Gollamudi A, Gonthier G, Kobeissi N, Kulatova N, Rastogi A. Formal verification of smart contracts:Short paper. In:Proc. of the 2016 ACM Workshop on Programming Languages and Analysis for Security. ACM Press, 2016.91-96.
    [45] Watanabe H, Fujimura S, Nakadaira A, Miyazaki Y, Akutsu A, Kishigami J. Blockchain contract:Securing a blockchain applied to smart contracts. In:Proc. of the 2016 IEEE Int'l Conf. on Consumer Electronics (ICCE). IEEE, 2016.467-468.[doi:10.1109/ICCE. 2016.7430693]
    [46] Peters GW, Panayi E. Understanding modern banking ledgers through blockchain technologies:future of transaction processing and smart contracts on the Internet of money. In:Proc. of the Banking Beyond Banks and Money. Cham:Springer-Verlag, 2016.239-278.[doi:10.1007/978-3-319-42448-4_13]
    [47] Nakamoto S. Bitcoin:A peer-to-peer electronic cash system. 2008. https://bitcoin.org/bitcoin.pdf
    [48] China Blockchain Technology and Industry Development Forum. China Blockchain Technology and Application Development White Paper (2016). 2016(in Chinese). http://www.cbdforum.cn/bcweb/index/article/rsr-6.html
    [49] Yan Y, Zheng K, Guo ZX. Ethereum Technical Details and Actual Combat. Beijing:Mechanical Industry Press, 2018.24-30(in Chinese).
    [50] Ethereum block architecture. 2016. https://ethereum.stackexchange.com/questions/268/ethereum-block-architecture
    [51] Garay JA, Kiayias A, Leonardos N. The bitcoin backbone protocol:Analysis and applications. In:Proc. of the Annual Int'l Conf. on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg:Springer-Verlag, 2015.281-310.[doi:10.1007/978-3-662-46803-6_10]
    [52] Lamport L, Shostak RE, Pease MC. The Byzantine generals problem. ACM Trans. on Programming Languages and Systems (TOPLAS), 1982,4(3):382-401.[doi:10.1145/357172.357176]
    [53] Castro M, Liskov B. Proactive recovery in a Byzantine-fault-tolerant system. In:Proc. of the 4th Conf. on Symp. on Operating System Design & Implementation, Vol.4. USENIX Association, 2000.273-288.
    [54] Castro M, Liskov B. Practical Byzantine fault tolerance and proactive recovery. ACM Trans. on Computer Systems (TOCS), 2002, 20(4):398-461.[doi:10.1145/571637.571640]
    [55] Lamport L. The part-time parliament. ACM Trans. on Computer Systems, 1998,16(2):133-169.[doi:10.1145/279227.279229]
    [56] Lamport L. Fast paxos. Distributed Computing, 2006,19(2):79-103.[doi:10.1007/s00446-006-0005-x]
    [57] Hernandez-Ramos JL, Pawlowski MP, Jara AJ, Skarmeta AF. Toward a lightweight authentication and authorization framework for smart objects. IEEE Journal on Selected Areas in Communications, 2015,33(4):690-702.[doi:10.1109/JSAC.2015.2393436]
    [58] Hussein D, Bertin E, Frey V. A community-driven access control approach in distributed IoT environments. IEEE Communications Magazine, 2017,55(3):146-153.[doi:10.1109/MCOM.2017.1600611CM]
    [59] Kokoris-Kogias E, Jovanovic P, Gailly N, Khoffi I, Gasser L. Enhancing bitcoin security and performance with strong consistency via collective signing. Applied Mathematical Modelling, 2016,37(8):5723-5742.[doi:10.1016/j.apm.2012.11.009]
    [60] Luu L, Narayanan V, Zheng C, Baweja K, Gilbert S, Saxena P. A secure sharding protocol for open blockchains. In:Proc. of the 2016 ACM SIGSAC Conf. on Computer and Communications Security. ACM Press, 2016.17-30.[doi:10.1145/2976749.2978389]
    [61] Boyen X, Carr C, Haines T. Blockchain-free cryptocurrencies:a rational framework for truly decentralised fast transactions. In:Proc. of the IACR Cryptology ePrint Archive 2016.2016.871.
    [62] Coelho FC. Optimizing disease surveillance by reporting on the blockchain. bioRxiv, 2018.[doi:10.1101/278473.]
    [63] Eyal I, Gencer AE, Renesse RV. Bitcoin-NG:A scalable blockchain protocol. In:Proc. of the Usenix Conf. on Networked Systems Design and Implementation. USENIX Association, 2016.45-59.
    [64] Zhang SS, Jiang H, Xie SX, Li QJ. Research of RBAC dynamic access control based on context-aware. Computer Security, 2009, 8:5-8(in Chinese with English abstract).
    [65] Antonopoulos AM. Mastering Bitcoin:Unlocking Digital Cryptocurrencies. O'Reilly Media, Inc., 2014.
    [66] Sidkri. The confidential consortium blockchain framework technical overview. https://github.com/Azure/coco-framework/blob/master/docs/Coco%20Framework%20whitepaper.pdf
    [67] Back A, Corallo M, Dashjr L. Enabling blockchain innovations with pegged sidechains. In:Proc. of the URL. 2014. http://www.opensciencereview.com/papers/123/enablingblockchain-innovations-with-pegged-sidechains
    [68] Hueber O. The blockchain and the sidechain innovations for the electronic commerce beyond the bitcoin's framework. Int'l Journal of Transitions and Innovation Systems, 2018,6(1):88-102.
    [69] Yu FR, Liu J, He Y, Si P, Zhang Y. Virtualization for distributed ledger technology (vDLT). IEEE Access, 2018,6:25019-25028.[doi:10.1109/ACCESS.2018.2829141]
    附中文参考文献:
    [1] 房梁,殷丽华,郭云川,方滨兴.基于属性的访问控制关键技术研究综述.计算机学报,2017,40(7):1680-1698. http://cjc.ict.ac.cn/online/onlinepaper/fl-201773143716.pdf[doi:10.11897/SP.J.1016.2017.01680]
    [16] 沈海波,刘少波.面向物联网的基于上下文和权能的访问控制架构.武汉大学学报(理学版),2014,60(5):424-428.
    [35] 梅颖.基于区块链的物联网访问控制简化模型构建.中国传媒大学学报(自然科学版),2017,24(5):7-12.
    [48] 中国区块链技术和产业发展论坛.中国区块链技术和应用发展白皮书(2016).2016. http://www.cbdforum.cn/bcweb/index/article/rsr-6.html
    [49] 闫莺,郑凯,郭众鑫.以太坊技术详解与实战.北京:机械工业出版社,2018.24-30.
    [64] 张沙沙,姜华,谢圣献,李秋静.基于上下文感知的RBAC动态访问控制研究.计算机安全,2009,8:5-8.
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

史锦山,李茹.物联网下的区块链访问控制综述.软件学报,2019,30(6):1632-1648

复制
分享
文章指标
  • 点击次数:6310
  • 下载次数: 12791
  • HTML阅读次数: 5431
  • 引用次数: 0
历史
  • 收稿日期:2018-06-25
  • 最后修改日期:2018-10-12
  • 在线发布日期: 2019-03-28
文章二维码
您是第19893321位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号