3. Blockchain-Based Authorization for IoMT Edge Networks
Ronghua Xu et al.
[20] highlighted that access authorization comprise one of the top security and privacy challenges that IoT has to address for its wide adoption in order to ensure secure resource and information sharing. They discuss that the centralized authorization server of traditional access control (AC) may be the single point of failure or the performance bottleneck. Towards the direction, researchers designed and developed a prototype of a capability-based decentralized mechanism (BlendCAC) using Blockchain technology which uses token management for various actions (e.g., permissions or revocations on access authorization) making the authorization decision. Capability-based access control is an access control model commonly used in the distributed architectures, where the access control logic is embedded and distributed into the end devices and not into a central authority
[20][21][22][23]. These devices, also referred to as “smart things” or “smart objects”
[23], are being enabled with capabilities that make them able to obtain, process, and send information about the access control rights of the entities of the system to other entities and/or services
[23]. Thereby, the “smart things” are able to carry out the authorization process, without requiring a central authority.
The aim of the proposed BLockchain-ENabled Decentralized Capability-based Access Control or BlendCAC, is the facilitation of effective access control processes for devices, services, and information in large-scale IoT systems
[20]. Based on the blockchain network, researchers propose a capability delegation mechanism for access permission propagation. On top of that, the mechanism takes advantage of a smart contract for registration, propagation, and revocation of the access authorization, creating a robust identity-based capability token management strategy. In the proposed BlendCAC scheme, IoT devices are not overseen by a centralized authority. On the contrary, they are their own master to control their resources, which is the main idea of capability-based systems. The proposed BlendCAC system architecture is illustrated under the use case scenario of two isolated IoT-based service domains without pre-establishing a trust relationship between them. Each domain has a domain owner which has the ownership of several IoT devices, and thus it is able to enforce predefined security policies to manage all the domain related devices and subsequent services. At this point, it is important to observe that, essentially, every domain involves a domain owner which, after all, is a centralized entity; this might cause issues such as single point of failure, bottleneck, performance degradation, etc. similarly to centralized approaches. Finally, every domain owner maintains a local chain with the transactions that happened in their domain, which then must be periodically synchronized with the global Blockchain.
Researchers implemented and tested their proposed scheme on a local private blockchain network, using devices such as Raspberry Pi and laptops/desktops. Their experimental results showed the feasibility of BlendCAC to offer a lightweight, scalable, decentralized, and fine-grained access control solution for large-scale IoT systems.
In
[22], the researchers examined the BlendCAC scheme
[23], identified its limitations, and tried to address them. In particular, they pointed out that in BlendCAC, a subject cannot obtain rights from more than one subject. This is because the BlendCAC scheme manages the capabilities of subjects and their delegation relationships with each object by using a delegation tree. If subject A is the parent of subjects B and C, then subject A can give access rights to subjects B and C for the objects that belong to subject A. However, subject B, as it is not actually the parent of subject C, is not able to give any access rights to subject C for the objects that belong to subject B. In addition, to complete a delegation, the related tokens, namely ICap and IDC tokens, must be updated synchronously. This requirement is not always feasible to be fulfilled in the blockchain system, taking into consideration the difference of the times when the two transactions for updating the tokens are included into the blockchain.
Therefore, researchers in
[22] proposed a novel smart contract-based CapBAC scheme enabled with more flexible capability delegation and more fine-grained capability management in order to deal with the limitations of the BlendCAC scheme. More specifically, the researchers firstly define the capability tokens in units of authorized actions. In this way, they achieve having one token per action rather than one token per subject, as it is in the BlendCAC scheme. To address the second limitation, researchers introduce the usage of one single type of token to summarize the information of capabilities and delegation relationship so as to be feasible to update this information simultaneously when needed. On top of that, to enable more flexible capability delegation, researchers manage the delegation relationship of the different subjects by a delegation graph as opposed to the delegation tree introduced in the BlendCAC scheme. Their novel proposed scheme also supports the functionality of adding new authorized actions, which is not possible in the BlendCAC scheme.
Overall, researchers in
[22] propose a Capability-Based Access Control (CapBAC) scheme by applying the emerging Ethereum blockchain technology. Their scheme makes use of Ethereum smart contracts (i.e., executable codes residing in the blockchain) to store and manage the capability tokens (i.e., special data structures that define the permitted actions of a user, also referred to as subject, on a certain resource, and also referred to as object). Their scheme provides more fine-grained access control and more flexible token management, defining capability tokens in units of actions. On top of that, for storing the token delegation relationship among the different subjects, they deploy a delegation graph. Most of the existing smart contract-based CapBAC schemes use the delegation tree, including the BlendCAC. Their scheme enables object owners with the capability to verify the ownership and validity of the capability tokens of the subjects by storing the tokens and the delegation graph in smart contracts. Finally, researchers constructed a local Ethereum blockchain network and conducted extensive experiments demonstrating the feasibility of the proposed scheme large-scale and trustless nature of the Internet of Things (IoT), showing promising results for its deployment in IoT-based Healthcare applications. In this regard, this Capability-Based Access Control (CapBAC) scheme shows potential applicability in the IoMT edge networks.
In
[24], researchers combine the blockchain smart contract technology and the attribute-based access control (ABAC) model and propose a novel distributed and reliable access control framework for smart cities. It is important to highlight that ABAC refers “to an access control approach in which access is mediated based on attributes associated with subjects (requesters) and the objects to be accessed”
[25]. In particular, each object and subject are associated with a set of attributes, such as time of creation, location, access rights, etc., and the access to an object is then authorized/denied depending upon whether the required (e.g., policy-defined) correlation can be made between the attributes of that particular object and of the requesting subject.
The proposed framework consists of:
-
a Policy Management Contract (PMC) that is responsible for managing the ABAC policies
-
a Subject Attribute Management Contract (SAMC) that is responsible for managing the attributes of subjects (i.e., entities gaining access to resources/objects)
-
an Object Attribute Management Contract (OAMC) that is responsible for managing the attributes of objects (i.e., resources being accessed), and
-
an Access Control Contract (ACC) that is responsible for performing the access control.
Researchers construct a local private Ethereum blockchain system in order to deploy the four smart contracts, conduct extensive experiments to evaluate the monetary cost and, finally, compare the performance evaluation of the proposed framework with existing access control list (ACL)-based scheme. The experimental results showed feasibility of the integration of the proposed framework in large-scale IoT environments, making it a promising potential solution for the IoMT edge networks in IoMT-based healthcare monitoring systems. Although the proposed framework introduces a larger deployment cost at the deployment stage, compared to other ACL-based schemes, it introduces less monetary cost during the system running, especially for large-scale IoT systems consisting of a large number of subjects and objects with common attributes. Smart cities comprise a typical example of such systems. However, although the prototype demonstrates the feasibility of the proposed framework, it can hardly reflect the performance of the framework in large-scale IoT applications such as smart manufacturing or healthcare.
Apart from the monetary cost, another major concern of the proposed ABAC framework in
[24] is the throughput issue. In particular, this concern refers to the total number of access requests that can be processed per unit time (e.g., second). The throughput of the proposed framework depends greatly on the throughput of the underlying blockchain systems (i.e., number of transactions included in the blockchain per second). In their implementation, Researchers deployed Ethereum 1.0 as the underlying blockchain system, the throughput of which is about 15 transactions per second
[26]. Additionally, further latency is introduced to the access control process, reducing the throughput of the framework since the ACC (i.e., access request processing unit) needs to communicate with other contracts through messages. Actually, the consensus algorithm is one of the main reasons for the throughput being low. Their implementation is based on the widely used Proof-of-Work (PoW) algorithm, which involves a vast number of calculations to add one block of transactions into the blockchain. Researchers also highlight that Ethereum 2.0 comprises a promising solution, which changes the consensus algorithm from PoW to Proof of Stake (PoS) and adopts the method of sharing to greatly enhance the throughput performance
[27]. It is expected that Ethereum 2.0 will enable 64 to several hundred times more throughput than Ethereum 1.0.