UniquID: A Quest to Reconcile Identity Access Management and the Internet of Things

The Internet of Things (IoT) has caused a revolutionary paradigm shift in computer networking. After decades of human-centered routines, where devices were merely tools that enabled human beings to authenticate themselves and perform activities, we are now dealing with a device-centered paradigm: the devices themselves are actors, not just tools for people. Conventional identity access management (IAM) frameworks were not designed to handle the challenges of IoT. Trying to use traditional IAM systems to reconcile heterogeneous devices and complex federations of online services (e.g., IoT sensors and cloud computing solutions) adds a cumbersome architectural layer that can become hard to maintain and act as a single point of failure. In this paper, we propose UniquID, a blockchain-based solution that overcomes the need for centralized IAM architectures while providing scalability and robustness. We also present the experimental results of a proof-of-concept UniquID enrolment network, and we discuss two different use-cases that show the considerable value of a blockchain-based IAM.Comment: 15 pages, 10 figure

Towards Blockchain-Based Identity and Access Management for Internet of Things in Enterprises

With the Internet of Things (IoT) evolving more and more, companies active within this area face new challenges for their Identity and Access Management (IAM). Namely, general security, resource constraint devices, interoperability, and scalability cannot be addressed anymore with traditional measures. Blockchain technology, however, may act as an enabler to overcome those challenges. In this paper, general application areas for blockchain in IAM are described based on recent research work. On this basis, it is discussed how blockchain can address IAM challenges presented by IoT. Finally, a corporate scenario utilizing blockchain-based IAM for IoT is outlined to assess the applicability in practice. The paper shows that private blockchains can be leveraged to design tamper-proof IAM functionality while maintaining scalability regarding the number of clients and transactions. This could be useful for enterprises to prevent single-point-of-failures as well as to enable transparent and secure auditing & monitoring of security-relevant events

Automated Ethereum Smart Contract for Block Chain Based Smart Home Security

© 2020, Springer Nature Singapore Pte Ltd. Presence of Internet of Things (IoT) based applications has been increasing in various domains including transportation, logistics, health care, and smart homes. Such applications involve deploying an enormous number of IoT devices, which generally lacks from security and often associates several vulnerabilities. These IoT devices need to communicate and synchronize with each other, which also increase the security and privacy challenges. Traditional security models are based on centralized and often include complicated approaches which, tend to be inapplicable and have some limitations. Therefore, one proposed solution is to use blockchain technology which could provide decentralize, secure, and peer-to-peer networks. In this paper, private blockchain implementation using Ethereum smart contract is developed for the smart home to ensure only the home owner can access and monitor home appliances. Simple smart contracts are designed to allow devices to communicate without the need for trusted third party. Our prototype demonstrates three key elements of blockchain-based smart security solution for smart home applications such as smart contract, blockchain-based access control and performance evaluation of the proposed scheme

Exploiting Blockchain Technology for Attribute Management in Access Control Systems

Access Control systems are a key resource in computer security to properly manage the access to digital resources. Blockchain technology, instead, is a novel technology to decentralise the control and management of a shared state, representing anything from a data repository to a distributed virtual machine. We propose to integrate traditional Access Control systems with blockchain technology to allow the combined system to inherit the desirable properties blockchain technology provides, mainly transparency and, consequently, auditability. Depending on the application scenario considered, for some systems it may not be desirable to employ a fully decentralised approach. As such, in this paper we outline how our proposal can be adapted to allow for the minimal possible integration of blockchain technology in a traditional Access Control system. In particular, we consider the scenario where Attribute Managers only may be managed on chain through smart contracts. We provide a proof of concept implementation based on Ethereum, and show its performance through experimental results

Using Blockchains to strengthen the security of Internet of Things

Blockchain is a distributed ledger technology that became popular as the foundational block of the Bitcoin cryptocurrency. Over the past few years it has seen a rapid growth, both in terms of research and commercial usage. Due to its decentralized nature and its inherent use of cryptography, Blockchain provides an elegant solution to the Byzantine Generals Problem and is thus a good candidate for use in areas that require a decentralized consensus among untrusted peers, eliminating the need for a central authority. Internet of Things is a technology paradigm where a multitude of small devices, including sensors, actuators and RFID tags, are interconnected via a common communications medium to enable a whole new range of tasks and applications. However, existing IoT installations are often vulnerable and prone to security and privacy concerns. This paper studies the use of Blockchain to strengthen the security of IoT networks through a resilient, decentralized mechanism for the connected home that enhances the network self-defense by safeguarding critical security-related data. This mechanism is developed as part of the Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control (GHOST) project

CapBAC in Hyperledger Sawtooth

International audienceIn the Internet of Things (IoT) context, the number of connected devices can be too large for a centralised server. This paper focuses on how to enforce authorisation in such a distributed and dynamic environment. The key idea is to use a blockchain-based technology both as a way to maintain a common distributed ledger to store and use access control information, and as a way to enforce Access Control policies in the form of smart contracts. An implementation of an access-control system is presented as a proof of concept: it corresponds to an adaptation of the Capability-based Access Control Model (CapBAC) in the form of a transaction family in Hyperledger Sawtooth. The main claim is that the features and simplicity of CapBAC magnify the usefulness of a blockchain to control the access in the IoT

Access control in the industrial internet of things

The Industrial Internet of Things (IIoT) is an ecosystem that consists of – among others – various networked sensors and actuators, achieving mainly advancements related with lowering production costs and providing workflow flexibility. Introducing access control in such environments is considered to be challenging, mainly due to the variety of technologies and protocols in IIoT devices and networks. Thus, various access control models and mechanisms should be examined, as well as the additional access control requirements posed by these industrial environments. To achieve these aims, we elaborate on existing state-of-the-art access control models and architectures and investigate access control requirements in IIoT, respectively. These steps provide valuable indications on what type of an access control model and architecture may be beneficial for application in the IIoT. We describe an access control architecture capable of achieving access control in IIoT using a layered approach and based on existing virtualization concepts (e.g., the cloud). Furthermore, we provide information on the functionality of the individual access control related components, as well as where these should be placed in the overall architecture. Considering this research area to be challenging, we finally discuss open issues and anticipate these directions to provide interesting multi-disciplinary insights in both industry and academia