A Blockchain-Inspired Attribute-Based Zero-Trust Access Control Model for IoT-Reference-Cited by-同舟云学术

A Blockchain-Inspired Attribute-Based Zero-Trust Access Control Model for IoT

Published:2023-02-16 Issue:2 Volume:14 Page:129
ISSN:2078-2489
Container-title:Information
language:en
Short-container-title:Information

Author:

Awan Samia Masood¹^ORCID,Azad Muhammad Ajmal²,Arshad Junaid²^ORCID,Waheed Urooj³,Sharif Tahir⁴

Affiliation:

1. Department of Computer Science, NED University of Engineering & Technology, Karachi 74200, Pakistan

2. School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7BD, UK

3. Department of Computer Science, DHA Suffa University, Karachi 74200, Pakistan

4. College of Science and Engineering, University of Derby, Derby DE22 1GB, UK

Abstract

The connected or smart environment is the integration of smart devices (sensors, IoT devices, or actuator) into the Internet of Things (IoT) paradigm, in which a large number of devices are connected, monitoring the physical environment and processes and transmitting into the centralized database for advanced analytics and analysis. This integrated and connected setup allows greater levels of automation of smart systems than is possible with just the Internet. While delivering services to the different processes and application within connected smart systems, these IoT devices perform an impeccably large number of device-to-device communications that allow them to access the selected subsets of device information and data. The sensitive and private nature of these data renders the smart infrastructure vulnerable to copious attacks which threat agents exploit for cyberattacks which not only affect critical services but probably bring threat to people’s lives. Hence, advanced measures need to be taken for securing smart environments, such as dynamic access control, advanced network screening, and monitoring behavioural anomalies. In this paper, we have discussed the essential cyberthreats and vulnerabilities in smart environments and proposed ZAIB (Zero-Trust and ABAC for IoT using Blockchain), a novel secure framework that monitors and facilitates device-to-device communications with different levels of access-controlled mechanisms based on environmental parameters and device behaviour. It is protected by zero-trust architecture and provides dynamic behavioural analysis of IoT devices by calculating device trust levels for each request. ZAIB enforces variable policies specifically generated for each scenario by using attribute-based access control (ABAC). We have used blockchain to ensure anonymous device and user registrations and immutable activity logs. All the attributes, trust level histories, and data generated by IoT devices are protected using IPFS. Finally, a security evaluation shows that ZAIB satisfies the needs of active defence and end-to-end security enforcement of data, users, and services involved in a smart grid network.

Publisher

MDPI AG

Subject

Information Systems

Link

https://www.mdpi.com/2078-2489/14/2/129/pdf

Reference50 articles.

1. A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture;Chen;IEEE Internet Things J.,2021

2. Syed, A.S., Sierra-Sosa, D., Kumar, A., and Elmaghraby, A. (2021). IoT in Smart Cities: A Survey of Technologies, Practices and Challenges. Smart Cities, 4.

3. (2022, December 30). What Is Stuxnet?. Available online: https://www.trellix.com/en-us/security-awareness/ransomware/what-is-stuxnet.html.

4. U.S. Institute of Peace (2021, April 12). Israeli Sabotage of Iran’s Nuclear Program, Available online: https://iranprimer.usip.org/blog/2021/apr/12/israeli-sabotage-iran%E2%80%99s-nuclear-program.

5. Zetter, K. (2010, October 30). Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid, Published in Wired. Available online: https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/.

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Comprehensive Systematic Review of Access Control in IoT: Requirements, Technologies, and Evaluation Metrics;IEEE Access;2024

2. Access control in Internet of Things: A survey;Computers & Security;2023-12

3. Data Fusion for Smart Civil Infrastructure Management: A Conceptual Digital Twin Framework;Buildings;2023-10-29

4. Smart Blockchain-based Authorization for Social Internet of Things;2023 International Conference on Cyberworlds (CW);2023-10-03

5. A security framework to enhance IoT device identity and data access through blockchain consensus model;Cluster Computing;2023-08-24