Trust-based Blockchain Authorization for IoT. (arXiv:2104.00832v1 [cs.CR])

Authorization or access control limits the actions a user may perform on a
computer system, based on predetermined access control policies, thus
preventing access by illegitimate actors. Access control for the Internet of
Things (IoT) should be tailored to take inherent IoT network scale and device
resource constraints into consideration. However, common authorization systems
in IoT employ conventional schemes, which suffer from overheads and
centralization. Recent research trends suggest that blockchain has the
potential to tackle the issues of access control in IoT. However, proposed
solutions overlook the importance of building dynamic and flexible access
control mechanisms. In this paper, we design a decentralized attribute-based
access control mechanism with an auxiliary Trust and Reputation System (TRS)
for IoT authorization. Our system progressively quantifies the trust and
reputation scores of each node in the network and incorporates the scores into
the access control mechanism to achieve dynamic and flexible access control. We
design our system to run on a public blockchain, but we separate the storage of
sensitive information, such as user’s attributes, to private sidechains for
privacy preservation. We implement our solution in a public Rinkeby Ethereum
test-network interconnected with a lab-scale testbed. Our evaluations consider
various performance metrics to highlight the applicability of our solution for
IoT contexts.