Project 2: IoT Access Control Using Permissioned Blockchain

Description : Data produced by IoT devices can contain extremely private information like audio and video clips from smart surveillance systems, medical information from fitness devices, location and activity pattern or even daily schedules of individuals in the household. Oftentimes, IoT devices are not utilized to their full potential unless this data is shared with different service providers. For example, data from fitness devices may need to be shared with the physician and the hospital, temperature sensor data may need to be shared with the emergency department and service providers like Amazon and Google can collect user data through smart home devices like Echo, Google home etc. to ensure better quality of service. While sharing the IoT device data with other parties, there are two fundamental questions that need to be asked: 1) Who is accessing the shared data? 2) What data are accessed? Answer to the first question determines whether the data fall into the hands of the wrong parties. On the other hand, the second question is to find out whether an IoT data requester is collecting anything without the data owner’s consent. Currently, how a data requester collects user data from IoT devices lacks transparency and is even doubtful in some cases. This is because the owner has no role in the access control of how the data will be shared with the data consumer. Although in some cases, the requesters provide the owner with some kind of agreement policy that the owner has to agree on to enjoy the intended service. This leaves the data owner with no other choice but to trust the data consumer blindly. Such agreement policies are often very high level and obscure. Moreover, there is no way for the data owner to verify whether the requester is complying with the agreement and not collecting anything more than what was agreed upon. On top of that, it is hard to tell if different service providers implement their security mechanisms properly. This gives the malicious parties an opportunity to get access to the user’s confidential and sensitive IoT device data by exploiting any security backdoor that may exist. The above-mentioned problems of IoT data security mainly stem from the fact that different parties involved in the IoT ecosystem are under different administrative entities and there may be a lack of trust between them. Blockchain offers a great platform to build distributed applications for mutually untrusted parties by eliminating the need of a trusted central authority. In this project, utilizing blockchain, students will extend a developed scheme [IM19] to enforce distributed access control and accountability for IoT data sharing [IM19] for tracking provenance. Thus, they will incorporate identity mechanism to track users and devices.

Sample Design Experiment: Evaluation will be done on real IoT testbed and private blockchain network. The latency of resolving access control requests for IoT resources will be measured.

Purpose: To let the students understand the fundamentals of blockchain and smart contract. Also, how smart contract and distributed consensus of blockchain can be utilized for distributed access control of IoT and how immutability of the blockchain can be leveraged for traceability and accountability.

Method: Students will experiment with different performance parameters like block size, number of nodes, transaction rate, timeout for block creation time, etc. They will also implement attribute-based access control schemes on blockchain using smart contracts. Finally, they will integrate the IoT testbed with blockchain and experiment with IoT access control.

Input Parameters: Number IoT devices, number of nodes, number of attributes, number of transactions per second etc.

Output Parameters: The latency of resolving IoT access control requests, the transaction throughput of the blockchain.

Project Deliverables: Experimental results, and modification to algorithms and their implementations, and possible publications.

Researcher