Blockchain for IoT Access Control: Recent Trends and Future Research Directions

With the rapid development of wireless sensor networks, smart devices, and traditional information and communication technologies, there is tremendous growth in the use of Internet of Things (IoT) applications and services in our everyday life. IoT systems deal with high volumes of data. This data can be particularly sensitive, as it may include health, financial, location, and other highly personal information. Fine-grained security management in IoT demands effective access control. Several proposals discuss access control for the IoT, however, a limited focus is given to the emerging blockchain-based solutions for IoT access control. In this paper, we review the recent trends and critical needs for blockchain-based solutions for IoT access control. We identify several important aspects of blockchain, including decentralised control, secure storage and sharing information in a trustless manner, for IoT access control including their benefits and limitations. Finally, we note some future research directions on how to converge blockchain in IoT access control efficiently and effectively

Security Services Using Blockchains: A State of the Art Survey

This article surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy and access control list (ACL), data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area

Decentralised runtime monitoring for access control systems in cloud federations

Cloud federation is an emergent cloud-computing paradigm where partner organisations share data and services hosted on their own cloud platforms. In this context, it is crucial to enforce access control policies that satisfy data protection and privacy requirements of partner organisations. However, due to the distributed nature of cloud federations, the access control system alone does not guarantee that its deployed components cannot be circumvented while processing access requests. In order to promote accountability and reliability of a distributed access control system, we present a decentralised runtime monitoring architecture based on blockchain technology

Blockchain-based Smart Contracts for Consent Management in eHealth

Master's thesis in Information- and communication technology (IKT590)Since the introduction of Bitcoin by Satoshi Nakamoto in a white paper in 2008, Blockchain has gathered considerable attention because of its ability to be decentralized and immutable. Blockchain is still considered as a new and experimental technology, and the state-of-the-art literature review was conducted to identify various use cases for the Blockchain technology for the healthcare industry. Consent management is one of the most critical components in healthcare because of the constantly evolving eHealth services requiring access to personal data, and of corresponding privacy laws, such as the European General Data Protection Regulation (GDPR), created to provide patients with more control over their healthcare data. This thesis focuses on how Blockchain can be used to facilitate consent management, where the patients are in control of who can access their personal data. This thesis creates a consent management solution for healthcare data using Blockchain-based smart contracts built on an Ethereum platform. These smart contracts are developed in Solidity programming language, and deployed in a test network for verification

Security services using blockchains: A state of the art survey

This paper surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy and access control list, data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area. - 2018 IEEE.Manuscript received August 29, 2017; revised February 18, 2018 and June 14, 2018; accepted July 17, 2018. Date of publication August 7, 2018; date of current version February 22, 2019. This work was supported in part by the NPRP award from the Qatar National Research Fund (a member of The Qatar Foundation) under Grant NPRP 8-634-1-131, and in part by NSF under Grant CNS-1547380. (Corresponding author: Tara Salman.) T. Salman, M. Zolanvari, and R. Jain are with the Computer Science and Engineering Department, Washington University in St. Louis, St. Louis, MO 63130 USA (e-mail: [email protected]; [email protected]; [email protected]).Scopu

A Blockchain-based Security-Oriented Framework for Cloud Federation

Cloud federations have been formed to share the services, prompt and support cooperation, as well as interoperability among their already deployed cloud systems. However, the creation and management of the cloud federations lead to various security issues such as confidentially, integrity and availability of the data. Despite the access control policies in place, an attacker may compromise the communication channel processing the access requests and the decisions between the access control systems and the members(users) and vice-versa. In cloud federation, the rating of the services offered by different cloud members becomes integral to providing the users with the best quality services. Hence, we propose an innovative blockchain- based framework that on the one hand permits secure communication between the members of the federation and the access control systems, while on the other hand provides the quality services to the members by considering the service constraints imposed by them

Blockchain-based access control management for Decentralized Online Social Networks

Online Social Networks (OSNs) represent today a big communication channel where users spend a lot of time to share personal data. Unfortunately, the big popularity of OSNs can be compared with their big privacy issues. Indeed, several recent scandals have demonstrated their vulnerability. Decentralized Online Social Networks (DOSNs) have been proposed as an alternative solution to the current centralized OSNs. DOSNs do not have a service provider that acts as central authority and users have more control over their information. Several DOSNs have been proposed during the last years. However, the decentralization of the social services requires efficient distributed solutions for protecting the privacy of users. During the last years the blockchain technology has been applied to Social Networks in order to overcome the privacy issues and to offer a real solution to the privacy issues in a decentralized system. However, in these platforms the blockchain is usually used as a storage, and content is public. In this paper, we propose a manageable and auditable access control framework for DOSNs using blockchain technology for the definition of privacy policies. The resource owner uses the public key of the subject to define auditable access control policies using Access Control List (ACL), while the private key associated with the subject's Ethereum account is used to decrypt the private data once access permission is validated on the blockchain. We provide an evaluation of our approach by exploiting the Rinkeby Ethereum testnet to deploy the smart contracts. Experimental results clearly show that our proposed ACL-based access control outperforms the Attribute-based access control (ABAC) in terms of gas cost. Indeed, a simple ABAC evaluation function requires 280,000 gas, instead our scheme requires 61,648 gas to evaluate ACL rules

A Consent Model for Blockchain-based Distributed Data Sharing Platforms

In modern healthcare systems, being able to share electronic health records is crucial for providing quality care and for enabling a larger spectrum of health services. Health data sharing is dependent on obtaining individual consent which, in turn, is hindered by a lack of resources. To this extend, blockchain-based platforms facilitate data sharing by inherently creating a trusted distributed network of users. These users are enabled to share their data without depending on the time and resources of specific players (such as the health services). In blockchain-based platforms, data governance mechanisms become very important due to the need to specify and monitor data sharing and data use conditions. In this paper, we present a blockchain-based data sharing consent model for access control over individual health data. We use smart contracts to dynamically represent the individual consent over health data and to enable data requesters to search and access them. The dynamic consent model extends upon two ontologies: the Data Use Ontology (DUO) which models the individual consent of users and the Automatable Discovery and Access Matrix (ADA-M) which describes queries from data requesters. We deploy the model on Ethereum blockchain and evaluate different data sharing scenarios. The contribution of this paper is to create an individual consent model for health data sharing platforms. Such a model guarantees that individual consent is respected and that there is accountability for all the participants in the data sharing platform. The evaluation of our solution indicates that such a data sharing model provides a flexible approach to decide how the data is used by data requesters. Our experimental evaluation shows that the proposed model is efficient and adapts to personalized access control policies in data sharing