Abstract
Trust and risk issue in distributed environments represent today an important research topic. Access Control Systems are mainly used in security to control access to resources. Access control policies are used to express the rights of users to access resources. In this paper, the Blockchain is used as a tool for location-aware Role-based access control system to provide dynamic and auditable access control policies. In the proposed approach, user-role relationships are publicly visible on the Blockchain. On the other hand, the resource owners send transactions to the Blockchain to manage the relationship between roles and permissions. The location server is associated with an Ethereum account which monitors the location information of the users and dynamically changes the active role of the user by sending transaction to the LRBAC smart contract. The proposed approach achieves auditability, preventing the data provider or third parties from falsely denying the access rights granted by RBAC policies. We deployed the RBAC smart contract on the Ethereum Rinkeby testnet and the experimental results show that the proposed approach is feasible.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sandhu, R.S., Edward, J., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Rouhani, S., Deters, R.: Blockchain based access control systems: state of the art and challenges. In: IEEE/WIC/ACM International Conference on Web Intelligence, pp. 423–428. ACM (2019)
Ray, I., Kumar, M., Yu, L.: LRBAC: a location-aware role-based access control model. In: International Conference on Information Systems Security, pp. 147–161. Springer (2006)
Van Cleeff, A., Pieters, W., Wieringa, R.: Benefits of location-based access control: a literature study. In: 2010 IEEE/ACM Int’l Conference on Green Computing and Communications & Int’l Conference on Cyber, Physical and Social Computing, pp. 739–746. IEEE (2010)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf
Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: International Conference on Financial Cryptography and Data Security, pp. 79–94. Springer (2016)
Tikhomirov, S., Voskresenskaya, S., Ivanitskiy, I., Takhaviev, R., Marchenko, E., Alexandrov, Y.: Smartcheck: static analysis of ethereum smart contracts. In: 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), pp. 9–16. IEEE (2018)
Maesa, D.D.F., Mori, P., Ricci, L.: Blockchain based access control. In: IFIP International Conference on Distributed Applications and Interoperable Systems, pp. 206–220. Springer (2017)
Di Francesco, D., Maesa, P.M., Ricci, L.: A blockchain based approach for the definition of auditable access control systems. Comput. Secur. 84, 93–119 (2019)
Rahman, M.U., Baiardi, F., Guidi, B., Ricci, L.: Protecting personal data using smart contracts. In: International Conference on Internet and Distributed Computing Systems, pp. 21–32. Springer (2019)
Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: Fairaccess: a new blockchain-based access control framework for the internet of things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., Wan, J.: Smart contract-based access control for the internet of things. IEEE Internet Things J. 6(2), 1594–1605 (2018)
Liu, B.J., Zhou, M.J., Documet, J.: Utilizing data grid architecture for the backup and recovery of clinical image data. Comput. Med. Imaging Graph. 29(2–3), 95–102 (2005)
Ourad, A.Z., Belgacem, B., Salah, K.: Using blockchain for IOT access control and authentication management. In: International Conference on Internet of Things, pp. 150–164. Springer (2018)
Khoury, D., Kfoury, E.F., Kassem, A., Harb, H.: Decentralized voting platform based on ethereum blockchain. In: 2018 IEEE International Multidisciplinary Conference on Engineering Technology (IMCET), pp. 1–6. IEEE (2018)
Adler, J., Berryhill, R., Veneris, A., Poulos, Z., Veira, N., Kastania, A.: Astraea: a decentralized blockchain oracle. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1145–1152. IEEE (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Rahman, M.U., Guidi, B., Baiardi, F., Ricci, L. (2020). Context-Aware and Dynamic Role-Based Access Control Using Blockchain. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_122
Download citation
DOI: https://doi.org/10.1007/978-3-030-44041-1_122
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44040-4
Online ISBN: 978-3-030-44041-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)