Table of contents
- Introduction 2
- Preparation 4
2.1 ABAC Model 4
2.2 Blockchain Technology and Ethereum Platform 5
2.3 Intelligence Contract 6 - System Architecture 7
3.1 System Configuration 7
3.2 Function Module 7
3.3 Smart Contract System 9
3.4 Access control process 11 - Case Study 13
4.1 Environment Configuration 13
4.2 Implementation 14
4.3 Experiment 15 - Summary 16
This article proposes a dynamic, decentralized access control model that combines the ABAC model with blockchain technology, and uses smart contracts to implement the Internet of Things Access control policy. The model consists of three smart contracts and five functional modules. The three smart contracts include a management contract (MC), a authority decision contract (PDC) and a large number of strategy contracts (SC). The strategy contract is composed of a public strategy contract created by the system and a large number of exclusive strategy contracts created by resource owners. The five functional modules are: information registration point, policy enforcement point (PEP), access control policy decision point (Policy Decision Point, PDP), contract management point (Policy Administration Point, PAP) and policy information point ( Policy Information Point (PIP). The information registration point stores basic information of all devices in the system. PEP acts as an agent for IoT devices and manages IoT devices. PDP is mainly composed of a permissions arbitration contract and a policy contract for access control judgment. PDP mainly judges the access request sent by the access subject, and feeds back the final judgment result to the subject and PEP. PAP is mainly composed of a management contract and a contract information table. Through the contract information table, you can view the contract address, contract type and other information in the system. PIP stores device attribute information used for access control. The management contract is responsible for managing the authority ruling contracts and policy contracts in the system. The policy contract judges access requests through preset access control methods. The permission determination contract is responsible for obtaining device attribute information, and calling the policy contract based on the obtained attribute information to perform permission determination.
The structure of this article is as follows: Part 2 introduces the ABAC model and the relevant knowledge of the Ethereum smart contract platform in the Internet of Things environment. Part 3 introduces the decentralized access control scheme we proposed that combines the ABAC model with blockchain technology, the smart contract system and functions of the scheme, and the access control process based on the scheme. In Part 4, we conduct an experiment to verify the feasibility of the solution proposed in Part 3. The fifth part is the summary.
