We consider access control for IoT systems that involves shared accesses to the IoT devices as well as their data. Since IoT devices are dispersed all over the edge of the Internet, traditional centralized access control has problems. Blockchain based decentralized access control is thus the new solution trend. However, existing blockchain based access control methods do not focus on performance issues and may incur a high communication overhead. In this paper, we develop a Pruned Blockchain based Access Control (PBAC) protocol to cutdown the unnecessary message rounds and achieve high efficiency in access validations and policy management. The protocol includes a shortcut and a Role and Device Hierarchy-Based Access Control (R&D-BAC) approaches for different environment settings. To realize the PBAC protocol, it is necessary to carefully engineer the system architecture, which is also discussed in the paper. Experiments demonstrate the efficacy of the PBAC protocol, specifically, the shortcut mechanism reduces access time by approximately 43%, and R&D-BAC outperforms traditional blockchain based RBAC by more than two folds.

翻译：本文研究涉及物联网设备及其数据共享访问的物联网系统访问控制问题。由于物联网设备分散在互联网边缘各处，传统的集中式访问控制存在诸多问题。基于区块链的去中心化访问控制因此成为新的解决方案趋势。然而，现有基于区块链的访问控制方法未重点关注性能问题，可能导致较高的通信开销。本文提出一种基于剪枝区块链的访问控制协议，通过削减不必要的消息轮次，在访问验证与策略管理方面实现高效运行。该协议包含适用于不同环境设置的快捷机制及基于角色与设备层级的访问控制方法。为实现该协议，需精心设计系统架构，本文对此亦进行了探讨。实验验证了该协议的有效性：具体而言，快捷机制将访问时间降低约43%，而基于角色与设备层级的访问控制性能较传统基于区块链的RBAC提升两倍以上。