We consider access control for IoT systems that involves shared accesses to the IoT devices as well as their data. Since IoT devices are dispersed all over the edge of the Internet, traditional centralized access control has problems. Blockchain based decentralized access control is thus the new solution trend. However, existing blockchain based access control methods do not focus on performance issues and may incur a high communication overhead. In this paper, we develop a Pruning Blockchain based Access Control (PBAC) protocol to cutdown the unnecessary message rounds and achieve high efficiency in access validations and policy management. The protocol includes a shortcut and a Role and Device Hierarchy-Based Access Control (R&D-BAC) approaches for different environment settings. To realize the PBAC protocol, it is necessary to carefully engineer the system architecture, which is also discussed in the paper. Experiments demonstrate the efficacy of the PBAC protocol, specifically, the shortcut mechanism reduces access time by approximately 43%, and R&D-BAC outperforms traditional blockchain based RBAC by more than two folds.
翻译:本文研究物联网系统的访问控制问题,该问题涉及对物联网设备及其数据的共享访问。由于物联网设备广泛分布在互联网边缘,传统的集中式访问控制存在诸多问题。因此,基于区块链的去中心化访问控制成为新的解决方案趋势。然而,现有的基于区块链的访问控制方法未聚焦性能问题,可能产生较高的通信开销。本文提出一种基于剪枝区块链的访问控制协议,通过削减不必要的通信轮次,在访问验证与策略管理方面实现高效处理。该协议包含适用于不同环境设置的快捷机制和基于角色与设备层级的访问控制方法。为实现该协议,需精心设计系统架构,本文对此亦进行了探讨。实验验证了该协议的有效性:具体而言,快捷机制使访问时间降低约43%,而基于角色与设备层级的访问控制性能较传统基于区块链的RBAC提升两倍以上。