Submitted Successfully!
To reward your contribution, here is a gift for you: A free trial for our video production service.
Thank you for your contribution! You can also upload a video entry or images related to this topic.
Version Summary Created by Modification Content Size Created at Operation
1
Maria Polychronaki
 -- 1863 2023-12-14 10:42:22 |
2 format change
Peter Tang
 Meta information modification 1863 2023-12-15 02:07:54 | |
3 Modified the description field in order to not seem like an abstract.
Maria Polychronaki
 -30 word(s) 1833 2023-12-15 10:36:52 |

Video Upload Options

Do you have a full video?
Send video materials Upload full video

Confirm

Are you sure to Delete?
Yes No
Cite
If you have any further questions, please contact Encyclopedia Editorial Office.
Polychronaki, M.; Kogias, D.G.; Leligkou, H.C.; Karkazis, P.A. Blockchain-Based Identity and Access Management. Encyclopedia. Available online: https://encyclopedia.pub/entry/52746 (accessed on 03 July 2024).
Polychronaki M, Kogias DG, Leligkou HC, Karkazis PA. Blockchain-Based Identity and Access Management. Encyclopedia. Available at: https://encyclopedia.pub/entry/52746. Accessed July 03, 2024.
Polychronaki, Maria, Dimitrios G. Kogias, Helen C. Leligkou, Panagiotis A. Karkazis. "Blockchain-Based Identity and Access Management" Encyclopedia, https://encyclopedia.pub/entry/52746 (accessed July 03, 2024).
Polychronaki, M., Kogias, D.G., Leligkou, H.C., & Karkazis, P.A. (2023, December 14). Blockchain-Based Identity and Access Management. In Encyclopedia. https://encyclopedia.pub/entry/52746
Polychronaki, Maria, et al. "Blockchain-Based Identity and Access Management." Encyclopedia. Web. 14 December, 2023.
Blockchain-Based Identity and Access Management
Edit
This entry is adapted from the peer-reviewed paper 10.3390/electronics12224606

Identity and Access Management (IAM) has the ability to provide defense against a great number of security threats. While decentralization of IoT seems to be a solution for improved resource management and scalability, most of the services remain centralized exposing IoT systems to malicious attacks. Blockchain however, is a technology which can natively support decentralization as well as access and authorization management techniques, by using the corresponding programmable logic and leveraging cryptographic mechanisms for privacy and security. Using standardized frameworks (e.g., Decentralized Identifiers and Verifiable Credentials), a blockchain-based access and authorization solution can present the basis for a uniform decentralized IAM framework not only for IoT, but for decentralized systems in general. The two main issues which stand between such a radical system and its broad use are firstly, to be able to seamlessly integrate blockchain and provide the basis for a decentralized IAM framework, while secondly (and most importantly) resolving the challenge of integrating within existing IoT (or other) systems, avoiding redesigning and redeveloping on behalf of the manufacturers.

Internet of Things blockchain security accessibility authorization identity and access management decentralized identity

1. Introduction

Recently, smart technological applications have found great adoption by the consumer public, mostly in the (smart) home/city and industry automation sectors, without leaving other sectors untouched, such as the automobile and health industries. However, the Industry 4.0 revolution has presented a great number of challenges [1][2][3] and requirements for integration and communication with custom-needed systems. IoT-based technology combined with blockchain seems also a very promising match, as it holds the potential of integrating with almost every state-of-the-art technology at the present time (e.g., artificial intelligence, machine learning, robotics, etc.) [4][5][6][7][8].
Unfortunately, despite the research and development, the topic of security continues to set challenges that may compromise IoT systems. Lin et al. [5], after studying edge computation integration in IoT, presented an analysis on the importance of security as well as privacy within the context of IoT. They managed to identify six core pillars which define IoT security:
(a)
Data confidentiality exclusively to authorized users;
(b)
Data integrity over communications;
(c)
The continuous availability of services and data on demand;
(d)
The identification of authorized devices and applications as well as the authentication of incoming data to be legitimate;
(e)
Data privacy and control over them exclusively for authorized users;
(f)
Trust between different things, layers and applications to preserve and obey all of the above.
Inspecting the available literature regarding blockchain solutions targeting to improve IoT security, one will realise that the majority of the research aims to cover only points a, b and e, of the above pillars (data integrity, confidentiality and privacy). Some definitive examples are in [9][10][11][12] where the research is revolved around data integrity and confidentiality, while the rest of the points are left unattended. The exception lies on a relatively small number of papers, presenting a very high-level conceptualization, which, however, focus exclusively on meeting security needs on a customized way and measuring performance indicators. A common factor of these solutions is interfering with the authorization processes, as is indicated by [13][14][15][16][17][18].
On the other hand, looking at the state of the art in the blockchain industry, besides the fact that there are no market-ready authorization solutions, every other solution to be found which supports IoT security demands a level of client customization. This proves the fact that there is a lack of consistency in how security challenges are met, leading to chaotic and unstable integrations. Both the research and industry sectors can greatly benefit from uniformity, which would come from putting in use a number of standards designed for decentralized systems and authorization purposes, such as the Decentralized Identifiers (DID) and Verifiable Credential (VC) standards.

2. Identity and Access Management—IAM

Most of the cyber-attacks which threaten an IoT system and were mentioned in the introduction can be dealt with through applying an Identity and Access Management (IAM) model.
In more practical terms, this means the creation of a roles and rules framework which is designed and adjusted to the corresponding system, in order to ensure the authentication and access of users, services and devices by demand. Integrating tools using technologies such as Public Key Infrastructure (PKI) and Certificate Authorities (CAs) is the most common solution for authentication and access management in computing environments.
In 2019, Kettani et al. [13][14][15][16][17][18][19], in an effort to build an access management system based on RFID, PKI and blockchain technologies, presented the four principles an IAM model should follow. The first three of these principles can be fulfilled efficiently using blockchain technology:
  • Authentication: Ensures the identity of a user or device in the context of an organization through validating their authentication credentials (username/password, fingerprint, etc.).
  • Authorization: Roles and rules policies are engaged, defining different access levels which correspond to the application’s user access hierarchy.
  • Identity Management: A system responsible for registering as well as managing an entity’s (user, service or device) identity within the application’s environment.
  • Federated Identity Management: Third-party services which act independently of a system while providing the certification of both a user’s identity and their access level to various services and platforms (Single Sign On—SSO, Open Authorization—OAuth and OpenID).

3. Blockchain Standards

Centralized environments enforce IAM in a system through using a centralized server as a proxy, to which entities are forwarded in order to authenticate themselves. At the same time, services also use this centralized server to validate the authorization of an entity using its unique id (usually a token). In the contrary, in a decentralized environment, all nodes of the network must be in agreement regarding the state of the shared information and do not rely on a single entity. Blockchain, being a technology that inherently operates based on a consensus algorithm between nodes, is considered to be one of the best technologies to support IAM models [19]. Thus, the shared information (commonly known as the ledger) can revolve around IAM policies and data. Consequently, some standards have been defined specifically for the purposes of security systems (whether they are an IAM implementation or different).
Decentralized Identifiers (DIDs) [20] and Verifiable Certificates (VCs) [21] are the most well-known standards for decentralized environments, developed and proposed by the World-Wide Consortium (W3C). Both of these standards are defined by their characteristics and the information they represent, as well as their functionalities in the context of a de-centralized environment, regardless of whether it is considered a blockchain, a Distributed Ledger Technology (DLT) or any other. They both rely on the existence of a verifiable data registry, in which information is written and can be cryptographically verified.
A DID is defined by an alphanumeric string of characters, unique within the registry’s lifecycle, which consists of three parts: the DID scheme followed by the specific implementation, the DID method through which one can verify the specific DID and the Method-specific Identifier. Moreover, each DID must be able to be connected with one DID document (available in JSON or JSON-LD form) containing all the necessary information regarding the entity which it represents, as well as all the possible cryptographic methods that can be used for verification.
On the other hand, VCs are intertwined with the creation of DIDs for the reason that VCs can only be used to authenticate a property corresponding to an entity holding a DID in the same decentralized registry environment. VCs hold all the cryptographic material which can validate a property, with the purpose of preserving as much as possible the corresponding entity’s privacy. An exceptional example of such cryptographic method is the use of Zero-Knowledge Proofs (ZKPs). For this purpose to be achieved, a VC is composed of two parts: the VC itself, which contains any sensitive (or not) information regarding a certain certificate (e.g., driver’s license, etc.), and the second part, which is the verifiable presentation, a cryptographically encrypted presentation of the VC allowing a third entity to digitally verify (or prove) a claim regarding the corresponding entity.

4. Blockchain-Based IAM

Rayna et al. [22], targeting the analysis of the weaknesses as well as the benefits of combining blockchain and IoT, present a number of improvements which can be achieved while integrating IoT and blockchain. More specifically, both the authentication and authorization of users and devices can benefit from the decentralization feature that blockchain offers; the autonomy of the devices can also be improved when no intermediaries are involved, while the security of IoT can surely be benefited by the strong cryptographic methods used by blockchain.
Furthermore, after studying some of the experimental architectures designed exclusively for IAM with blockchain, such as the ones from [23][24], it becomes obvious that integrating blockchain-based solutions in an appropriate way can significantly increase the defence of the IoT system against some of the most common cyber-attacks, which inherently threaten IoT systems. These are the DoS or DDoS attacks which occur usually when there is a Single Point of Failure (SPoF), as well as the Link Attack, during which an attacker attempts to backtrace a user’s public key, giving him/her access to personal and possibly sensitive information.
When an ecosystem is dependent on centralized services, the scalability can be exponentially decreased, contrary to a distributed or decentralized-based ecosystem. The more nodes a network consists of, the more integrity it gains, making it extremely difficult for an attacker to attack all nodes simultaneously.
In [25], Novo presents, with details, an architecture and its implementation, where access management is achieved through “Management Hubs”. These essentially com-prise the blockchain network, while, at the same time, they also act as interfaces for devices’ interconnection. Both in this example and in those showed in [23][24], it is proven that the transaction execution presents certain delays (of milliseconds), in contrast with a centralized implementation, due to the nature of the distributed network and the consensus algorithms which must run by all nodes. However, these delays can be improved through changing the algorithm model, depending on the implementation use case and the governance type of the corresponding blockchain network.
Further focusing on the IoT sector, for the last three years, the topic of blockchain-based access control and authorization has been given a lot of attention. In [26], the authors present a blockchain-based authorization solution for the IoT cloud, in their effort to overcome the resource limitations of existing solutions, introducing a solution to replace the classic IoT cloud framework for authorization exclusively. In [27], a double-layer blockchain solution is presented for ensuring the high network performance of ABAC-based authorization for IoT devices. However, this solution does not ensure the ability for wide integration and adoption.
Mishra et al. introduce in their work [28] a decentralized authorization model, based on blockchain technology, which showcases the usability and benefits of implementing a blockchain-based solution for IoT data sharing. Their proposed architecture takes under consideration all possible actors for an authentication management system, while it also provides token-based generation and verification processes. Lastly, Chen et al. [29] present a fine-grained solution, Policychain, which is a blockchain-based ABAC system for the decentralized management of access and authorization policies, targeted for Industry 4.0.

References

  1. Jepsen, S.C.; Mork, T.I.; Hviid, J.; Worm, T. A Pilot Study of Industry 4.0 Asset Interoperability Challenges in an Industry 4.0 Laboratory. In Proceedings of the 2020 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM), Singapore, 14–17 December 2020; pp. 571–575.
  2. Rikalovic, A.; Suzic, N.; Bajic, B.; Piuri, V. Industry 4.0 Implementation Challenges and Opportunities: A Technological Perspective. IEEE Syst. J. 2021, 16, 2797–2810.
  3. Zalozhnev, A.Y.; Ginz, V.N. Industry 4.0: Underlying Technologies. Industry 5.0: Human-Computer Interaction as a Tech Bridge from Industry 4.0 to Industry 5.0. In Proceedings of the 2023 9th International Conference on Web Research (ICWR), Tehran, Iran, 3–4 May 2023; pp. 232–236.
  4. Al-Fuqaha, A.; Guizani, M.; Mohammadi, M.; Aledhari, M.; Ayyash, M. Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Commun. Surv. Tutor. 2015, 17, 2347–2376.
  5. Lin, J.; Yu, W.; Zhang, N.; Yang, X.; Zhang, H.; Zhao, W. A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications. IEEE Internet Things J. 2017, 4, 1125–1142.
  6. Vashi, S.; Ram, J.; Modi, J.; Verma, S.; Prakash, C. Internet of Things (IoT) A Vision, Architectural Elements, and Security Issues. In Proceedings of the International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud), Palladam, India, 10–11 February 2017.
  7. Granjal, J.; Monteiro, E.; Silva, J.S. Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues. IEEE Commun. Surv. Tutor. 2015, 17, 1294–1312.
  8. Atlam, H.; Alenezi, A.; Alassafi, M.; Alshdadi, A.; Wills, G. Security, Cybercrime and Digital Forensics for IoT. In Intelligent Systems Reference Library; pp. 551–577. Available online: https://link.springer.com/chapter/10.1007/978-3-030-33596-0_22 (accessed on 27 September 2023).
  9. Wu, W.; Liu, E.; Gong, X.; Wang, R. Blockchain Based Zero-Knowledge Proof of Location in IoT. In Proceedings of the ICC 2020-2020 IEEE International Conference on Communications (ICC), Dublin, Ireland, 7–11 June 2020; pp. 1–7.
  10. Chuang, I.-H.; Guo, B.-J.; Tsai, J.-S.; Kuo, Y.-H. Multi-graph Zero-knowledge-based authentication system in Internet of Things. In Proceedings of the ICC 2017-2017 IEEE International Conference on Communications, Paris, France, 21–25 May 2017; pp. 1–6.
  11. Muthamilselvan, S.; Praveen, N.; Suresh, S.; Sanjana, V. E-DOC Wallet Using Blockchain. In Proceedings of the 2018 3rd International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, 15–16 October 2018; pp. 989–993.
  12. Naik, N.; Jenkins, P. Self-Sovereign Identity Specifications: Govern Your Identity Through Your Digital Wallet using Blockchain Technology. In Proceedings of the 2020 8th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), Oxford, UK, 3–6 August 2020; pp. 90–95.
  13. Carnley, P.R.; Kettani, H. Identity and Access Management for the Internet of Things. Int. J. Futur. Comput. Commun. 2019, 8, 129–133.
  14. Vallois, V.; Mehaoua, A.; Amziani, M. Blockchain-based Identity and Access Management in Industrial IoT Systems. In Proceedings of the 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM), Bordeaux, France, 17–21 May 2021; pp. 623–627.
  15. Wan, Z.; Liu, W.; Cui, H. HIBEChain: A Hierarchical Identity-Based Blockchain System for Large-Scale IoT. In IEEE Transactions on Dependable and Secure Computing; IEEE: New York, NY, USA, 2023; Volume 20, pp. 1286–1301.
  16. Mohanta, B.K.; Dehury, M.K.; Kalidindi, S.V. Identity Management in IoT using Blockchain. In Proceedings of the 2022 13th International Conference on Computing Communication and Networking Technologies (ICCCNT), Kharagpur, India, 3–5 October 2022; pp. 1–6.
  17. Siris, V.A.; Dimopoulos, D.; Fotiou, N.; Voulgaris, S.; Polyzos, G.C. OAuth 2.0 meets Blockchain for Authorization in Constrained IoT Environments. In Proceedings of the 2019 IEEE 5th World Forum on Internet of Things (WF-IoT’19), Limerick, Ireland, 15–18 April 2019; pp. 364–367.
  18. Tong, F.; Chen, X.; Huang, C.; Zhang, Y.; Shen, X. Blockchain-Assisted Secure Intra/Inter-Domain Authorization and Authentication for Internet of Things. IEEE Internet Things J. 2022, 10, 7761–7773.
  19. Polychronaki, M.; Kogias, D.; Patrikakis, C. Identity Management in Internet of Things with Blockchain. In Blockchain based Internet of Things; Springer: Berlin/Heidelberg, Germany, 2022; pp. 209–236. Available online: https://link.springer.com/chapter/10.1007/978-981-16-9260-4_9 (accessed on 27 September 2023).
  20. W3, “Decentralized Identifiers (DIDs) v1.0”, W3.org, 2021. Available online: https://www.w3.org/TR/did-core/ (accessed on 18 August 2021).
  21. W3, “Verifiable Credentials Data Model 1.0”, W3.org, 2021. Available online: https://www.w3.org/TR/vc-data-model/ (accessed on 18 August 2021).
  22. Reyna, A.; Martín, C.; Chen, J.; Soler, E.; Díaz, M. On blockchain and its integration with IoT. Challenges and opportunities. Futur. Gener. Comput. Syst. 2018, 88, 173–190.
  23. Dorri, A.; Kanhere, S.S.; Jurdak, R.; Gauravaram, P. Blockchain for IoT security and privacy: The case study of a smart home. In Proceedings of the 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Kona, HI, USA, 13–17 March 2017; pp. 618–623.
  24. Huh, S.; Cho, S.; Kim, S. Managing IoT devices using blockchain platform. In Proceedings of the 2017 19th International Conference on Advanced Communication Technology (ICACT), PyeongChang, Republic of Korea, 19–22 February 2017; pp. 464–467.
  25. Novo, O. Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT. IEEE Internet Things J. 2018, 5, 1184–1195.
  26. Tapas, N.; Merlino, G.; Longo, F. Blockchain-Based IoT-Cloud Authorization and Delegation. In Proceedings of the 2018 IEEE International Conference on Smart Computing (SMARTCOMP), Taormina, Italy, 18–20 June 2018; pp. 411–416.
  27. Li, Z.; Hao, J.; Liu, J.; Wang, H.; Xian, M. An IoT-Applicable Access Control Model Under Double-Layer Blockchain. IEEE Trans. Circuits Syst. II Express Briefs 2020, 68, 2102–2106.
  28. Mishra, R.K.; Yadav, R.K.; Nath, P. Blockchain-Based Decentralized Authorization Technique for Data Sharing in the Internet of Things. In Proceedings of the 2021 5th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India, 22–23 October 2021; pp. 1–6.
  29. Chen, E.; Zhu, Y.; Zhou, Z.; Lee, S.-Y.; Wong, W.E.; Chu, W.C.-C. Policychain: A Decentralized Authorization Service with Script-Driven Policy on Blockchain for Internet of Things. IEEE Internet Things J. 2021, 9, 5391–5409.
More
© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license; additional terms may apply. By using this site, you agree to the Terms and Conditions and Privacy Policy.
Upload a video for this entry
Information
Subjects: Computer Science, Information Systems
Contributors MDPI registered users' name will be linked to their SciProfiles pages. To register with us, please refer to https://encyclopedia.pub/register :
Maria Polychronaki
,
Dimitrios G. Kogias
,
Helen C. Leligkou
,
Panagiotis A. Karkazis
View Times: 233
Revisions: 3 times (View History)
Update Date: 15 Dec 2023
Table of Contents
    1000/1000
    Hot Most Recent
    Video Production Service
    Feedback