Attribute-Based Access Control in Smart Home IoT Environments: Comparison
Please note this is a comparison between Version 1 by Stefan Pancari and Version 2 by Camila Xu.

Technological advancements have allowed for the integration of the internet of things (IoT) with home and residential buildings, presenting an advanced method of increasing the usability, security, and quality of life of the user. This is called a smart home network, which is a home equipped with various devices, such as lighting, heating, and monitoring systems that smartphones or computers on the network can control.

  • blockchain
  • Ethereum
  • Hyperledger Fabric
  • IoT

1. Introduction

Technological advancements have allowed for the integration of the internet of things (IoT) with home and residential buildings, presenting an advanced method of increasing the usability, security, and quality of life of the user [1]. This is called a smart home network, which is a home equipped with various devices, such as lighting, heating, and monitoring systems that smartphones or computers on the network can control [2]. There are an abundance of advantages that a smart home system provides for the user; however, with all advances in technology, there are a concerns regarding balancing data security and the privacy of the user on the network [2].
To address these security concerns, a centralized structure can be used, but this comes with a risk of being vulnerable to cyberattacks. For this reason, access-control methods can prevent unauthorized users from accessing network resources and data. One simple technique for implementing access control [3][4][3,4] is to use a central authority, with a central server [2]. However, this approach also presents a major system vulnerability. The entire network is compromised if the central server fails due to natural factors or cyber-attacks [1][5][1,5].
A distributed access-control network is used to overcome the shortcomings of a more traditional centralized network. This replaces the single server with multiple nodes to carry out the access-control system [2][6][2,6]. This method is more capable of withstanding cyber-attacks, as well as preventing unauthorized users from gaining access to network resources. One system that can provide this distributed access-control network is the integration of blockchain technology. This technique has opened up a wide variety of possibilities for securing all types of networks, especially in a smart home environment.
Due to its decentralized modular architecture, blockchain technology is a system used for storing data that is far more challenging to hack or alter [7]. A blockchain is a linked data structure that sequentially combines blocks of data and information. The system records the blocks in an encrypted form, as a distributed ledger that cannot be changed or tampered with [8]. Smart contracts [9] are used as a part of the blockchain, and are unique addresses to which end users can address transactions. As a part of smart contracts, transactions that interact with assets are defined [10]. A blockchain uses a distributed networking system of machines that replicate and create a chain of data. This chain of data is considered a ledger, with each of these forming the basis of a block. Smart contracts allow users to interact with ledgers [5][11][5,11].
A blockchain is made up of different blocks, each containing transactional information. Multiple blocks can be connected to form a chain, hence the name blockchain. When these blocks are chained together, it makes it challenging to alter data on one specific block, increasing the security of the system [5]. Each block contains information from the previous block, reinforcing the integrity of the data and of the overall blockchain system [12]. Additionally, each block is propagated within the network, allowing each machine to view the chain and all of its data, allowing for multiple verifications to take place [5]. This further ensures the authenticity of data and the integrity of the blockchain. The most common example of a blockchain in use would be in cryptocurrencies, such as Bitcoin and Ethereum [5].
Two of the most widely used open-sourced blockchain platforms are Ethereum and Hyperledger Fabric [13]. They provide a secure method of implementing a decentralized network in a transparent and programmable way.
Ethereum is a popular blockchain platform used to build public and private blockchain networks. Through an analysis of the performance of this platform, regarding the security response time and the accuracy of the overall system, Ethereum can be compared to other centralized networks [14][15]. Studies show that the proposed network architecture outperforms the traditional centralized architecture by having a better accuracy and lower response time [15][16]. Blockchain-based architecture allows for a minimization of the breaches in confidentiality and integrity, and authentication issues in the heterogeneous IoT and centralized gateways, that are present in many security systems. There are possible security issues with the Ethereum blockchain; however, they can be avoided through the consideration of these vulnerabilities during the development of a smart contract [14][15].
Hyperledger Fabric is a popular blockchain implementation tool that is hosted by the Linux Foundation [5]. It has a modular architecture that is beneficial for customizing private networks. For example, it supports the use of consensus, membership, and database blockchain layers [2][16][17][2,17,18], which allows for a wide range of possibilities, especially for access-control security techniques [18][19]. In fact, it is possible to build security measures based on member’s attributes using Hyperledger Fabric, which is why it is a popular choice for attribute-based access control (ABAC) [5][16][19][5,17,20]. However, it is not possible to implement a flexible or changing ABAC mechanism, because the parameters and permissions must be predefined on the network [17][20][18,21].
Smart contracts allow an automated program to be deployed on a blockchain network, in the form of encoded logic [5]. Developers use basic languages, such as node.js and Java, instead of those like Solidity, to code smart contracts. As a result, developers do not waste time learning a new language, and can create, update, and query device information from the ledger, by submitting transactions to the smart contract [21][22]. Access control is achieved using smart contracts, especially on an Ethereum platform [2][14][2,15].
A blockchain typically adopts a peer-to-peer trading system when it comes to buying and selling cryptocurrencies directly with one another. This makes a blockchain a considerably more secure system compared to centralized networks. Centralized security structures render systems more vulnerable, because the integrity, certification, and availability are compromised. Security threats and vulnerabilities increase with the spread of an IoT system structure: data forgery, tampering access to unauthorized devices, and incorrect device controls. The decentralized structure of a blockchain uses digital ledgers to record transactions and store data across the peer-to-peer network.

2. Attribute-Based Access Control in Smart Home IoT Environments

Data security and privacy in IoT devices connected in a smart home environment comprise one of the highest priorities of the system. These IoT devices alone are constantly being exposed to various attacks, and lack the features to defend themselves accordingly. For this reason, many works have been carried out to address this issue, proposing different access-control methods to ensure the security and privacy of devices connected to the network. In this section, some related works will be discussed, to introduce previous implementations of access-control methods, along with the blockchain platform used [22][26]. Table 1 serves to summarize the findings of this section, by listing the access-control method presented by the authors, and the blockchain implementation platform used, as well as the advantages and limitations of the access-control method used in their work [23][27]. Kumar et al. [6] built a blockchain-based healthcare network that uses an enhanced Bell–LaPadula model to classify different peers and transactions on the network, with different security levels. This enhancement to the Bell–LaPadula model used discretionary access control (DAC) and mandatory access control (MAC) [6]. DAC manages the established MAC permissions, to provide more flexibility in changing the access-control policies at any time. This model was constructed on the Hyperledger Fabric platform, with 35 peers on the network. The goal was to reduce the scalability issues in the blockchain network, which was successfully accomplished. However, this system is complicated by the use of the MAC, DAC, and Bell–LaPadula models [6] to implement access control. Each of these models has its own limitations, which are mitigated through the integration of other models into the system. However, this makes the system complicated to implement and maintain. In the system presented by Cruz et al. [24][28], a role-based access-control (RBAC) framework was built, using smart contracts deployed on an Ethereum blockchain platform [25][29]. All user–role identifications and assignments are contained in the smart contract, which is then deployed on the blockchain. The system provides a secure and efficient way to define the user–role assignments, and verify the user’s role. Personalization and approval are automatically included in the system, as well [24][28]. However, due to the nature of RBAC, the role of each user must be predefined before the implementation of this type of access control [26][30]. In addition, this system is only useful in an organization or a company, where everyone’s individual roles are clearly defined. Even then, it can be a challenge, and can still pose difficulties when roles undergo changes within the company or network. In a work carried out by Qashlan et al. [27][31], they proposed the extension of their earlier work [27][31], in which they presented a lightweight Ethereum blockchain-based multi-tier edge-smart home architecture. Every home in the framework has its own blockchain miners, along with smart contracts being used to ensure the automated enforcement of rules and policies to regulate the IoT devices [27][31]. This enforcement on the framework uses the attribute-based control (ABAC) approach to enforce rules. The extension of this work proposed the incorporation of cloud servers to increase the storage and analysis of IoT smart home device data [2]. The shortcoming of this experiment was the lack of testing to find the balance between the accuracy and the privacy of the data being transferred. The increase in privacy added more noise, which threatened the readability and accuracy of the data [27][31]. The model allows for dynamic and fine-grained access control, based on attributes, such as the user identity, device type, location, and other contextual information. ABAC can handle complex, dynamic, and heterogenous environments, for which traditional access-control models may not suffice.
Table 1. Access-control methods using Hyperledger Fabric and Ethereum for blockchain implementations, and their advantages and limitations.
Method Advantages Limitations Blockchain Implementation Platforms
Discretionary Access Control (DAC)

[6]
Used to build a more flexible access-control policy;

dynamically change the policy at any time for different subjects and clearance levels
Needs to work with other methods to have a fully functional model Hyperledger Fabric
Mandatory Access Control (MAC)

[6]
Enforces control over peers and resources for better security;

suitable if you require a mechanism where the permissions are non-transferable
Lacks the flexibility of other models Hyperledger Fabric
Role-Based Access Control (RBAC)

[24][28]
Well-suited framework for organizations;

versatile framework;

can be implemented with smart contracts, to make a more reliable access-control method
Not inherently trans-organizational;

without verifying roles, this method is insecure and unreliable
Ethereum
Attribute-Based Access Control (ABAC)

[27][31]
Is more suited for scenarios where the number of roles is increasing;

users directly apply the subjects’ attributes, resources, and environmental properties;

reduces the number of rule/role updates required
Requires access to a description of the field attributes and the definition of the attributes across many fields Ethereum
Attribute-Based Access Control (ABAC)

[27][31]
Modular network structure;

supports component pluggability for consensus, membership, and database layers
Not suitable for flexible or dynamic applications;

permissions must be defined in advance
Hyperledger Fabric
ScholarVision Creations