Policychain: A Decentralized Authorization Service With Script-Driven Policy on Blockchain for Internet of Things

【Author】 Chen, E.; Zhu, Yan; Zhou, Zhiyuan; Lee, Shou-Yu; Wong, W. Eric; Chu, William Cheng-Chung

【Source】IEEE INTERNET OF THINGS JOURNAL

【影响因子】10.238

【Abstract】The decentralization mechanism provides manufacturers and distributors with greater customization and flexibility they need through Internet of Things (IoT)-based industrial collaboration systems (IoT-ICS), but it has brought forward security concerns about the shared data-processing tasks and IoT-based access to services and resources. To address them, we propose a practical blockchain solution to achieve decentralized policy management and evaluation on attribute-based access control (ABAC). By offloading the responsibility of ABAC policy administration and decision making to blockchain nodes, a blockchain-based access control framework, called Policychain, is presented to ensure policy with high availability, autonomy, and traceability. To deliver a solid design, we first present a transaction-oriented policy expression scheme with a well-defined syntax and semantics. The scheme can translate ABAC policies into the blockchain transactions with JavaScript object notation (JSON) syntax and script-based logical expression. We further realize a script-driven policy evaluation by extending blockchain inherent scripting instructions to support attribute acquisition of ABAC entities. Furthermore, we propose a policy lifecycle management scheme from policy creation, renovation, to revocation, in which policies are verified by three validation principles at the transaction level. Finally, we provide sophisticated analysis and experiments to show that our framework is secure and practical for decentralized policy management on ABAC in IoT-ICS.

【Keywords】Blockchains; Internet of Things; Task analysis; Peer-to-peer computing; Consensus protocol; Collaboration; Authorization; Attribute-based access control (ABAC); blockchain; Internet of Things (IoT); policy script; scripting language; transaction-based policy

【发表时间】2022 APR 1

【收录时间】2022-05-27

【文献类型】实证性文章

【主题类别】

区块链技术-协同技术-物联网