Exploiting Smart Contracts for Capability-Based Access Control in the Internet of Things
Yuta Nakamura (1811206)
Abstract: Due to the rapid penetration of the Internet of Things (IoT) into human life, illegal access to IoT resources (e.g., data and actuators) has greatly threatened our safety.
Access control, which specifies who (i.e., subjects) can access what resources (i.e., objects) under what conditions, has been recognized as an effective solution to addressing this issue.
To cope with the distributed and trust-less nature of IoT systems, we propose a decentralized and trustworthy Capability-Based Access Control (CapBAC) scheme by using the Ethereum smart contract technology.
In this scheme, a smart contract is created for each object to store and manage the capability tokens (i.e., data recording granted access rights) assigned to the related subjects, and also to verify the ownership and validity of the tokens for access control.
Different from previous schemes which manage the tokens in units of subjects, i.e., one token per subject, our scheme manages the tokens in units of access rights or actions, i.e., one token per action.
Such novel management achieves more fine-grained and flexible capability delegation and also ensures the consistency between the delegation information and the information stored in the tokens.
We implemented the proposed CapBAC scheme in a locally constructed Ethereum blockchain network to demonstrate its feasibility.
In addition, we measured the monetary cost of our scheme in terms of gas consumption to compare our scheme with previous one.
The experimental results showed that the proposed scheme consumes no more gas than the previous scheme, while it outperforms the previous one in terms of the flexibility, granularity and consistency of capability delegation.
Keyword: Ethereum Blockchain, Internet of Things, Capability-Based Access Control (CapBAC)