Design and Analysis of Access Control Mechanisms for IoT Applications using Blockchain-as-a-Service

Abstract

Blockchain is a distributed ledger and it validates the transactions without any intervention of a trusted third party (TTP). There are several advantages of using the blockchain-based smart grid infrastructure, because decentralization, immutability, transparency, confidentiality and trust are maintained. A blockchain-based smart grid system contains several entities, such as trusted registration authority (RA), service providers (SPs), IoT-enabled smart meters (SMs), and users associated with a smart meter. SPs organize the electricity allocation and energy trading system, and SMs are responsible for monitoring the power utilization and they maintain the pricing to the consumers (users). SMs can be deployed in the homes, and an attacker may capture some SMs and use the secure data stored into it. The communications between SPs and SMs must be secure so that passive/active attacks should not be possible. To ensure the security and privacy of the users’ private information, it is extremely required to design a secure and efficient access control scheme between SMs and SPs. With the help from the blockchain technology, the secure data can be stored in the form of blocks in a private blockchain. The SPs involved in the P2P SP network are responsible in validating the new blocks before adding them into the blockchain using the consensus algorithm. To mitigate these issues, we first propose a new blockchain-based access control protocol in internet of Things (IoT)-enabled smart-grid system, called DBACP-IoTSG. Through the proposed DBACP-IoTSG, the data is securely brought to the service providers from their respectively smart meters. The Peer-to-Peer (P2P) network is formed by the participating services providers, where the peer nodes are responsible for creating the blocks from the gathered data securely coming from their corresponding smart meters and adding them into the blockchain after validation of the blocks using the voting-based consensus algorithm. In our work, the blockchain is considered as private because the data collected from the consumers of the smart meters are private and confidential. By the formal security analysis under the random oracle model, non-mathematical security analysis and software-based formal security verification, DBACP-IoTSG is shown to be resistant against various attacks. We carry out the experimental results of various cryptographic primitives that are needed for comparative analysis using the widely-used Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL). A detailed comparative study reveals that DBACP-IoTSG supports more functionality features and provides better security apart from its low communication and computation costs as compared to recently proposed relevant schemes. In addition, the blockchain implementation of DBACP-IoTSG has been performed to measure computational time needed for the varied number of blocks addition and transactions per block in the blockchain.The Industrial Internet of Things (IIoT) is able to connect machines, analytics and people with IoT smart devices, gateway nodes and edge devices to create powerful intuitivenesses to drive smarter, faster and effective business agreements. IIoT having interconnected machines along with devices can monitor, gather, exchange, and analyze information. Since the communication among the entities in IIoT environment takes place insecurely (for instance, wireless communications and Internet), an intruder can easily tamper with the data. Moreover, physical theft of IoT smart devices provides an intruder to mount impersonation and other attacks. To handle such critical issues, we next design a new private blockchain-envisioned access control scheme for Pervasive Edge Computing (PEC) in IIoT environment, called PBACSPECIIoT. We consider the private blockchain consisting of the transactions and registration credentials of the entities related to IIoT, because the information is strictly confidential and private. The security of PBACS-PECIIoT is significantly improved due to usage of blockchain as immutability, transparency and decentralization along with protection of various potential attacks. A meticulous comparative analysis exhibits that PBACS-PECIIoT achieves greater security and more functionality features, and requires low costs for communication and computational as compared to other pertinent schemes. The communication among various entities in an edge computing based generic IoT environment takes place via insecure (public) channel (e.g., via the Internet). It gives an opportunity to an adversary to mount various types of attacks, including “replay”, “man-in-themiddle”, “impersonation”, and “Ephemeral Secret Leakage (ESL)” attacks. Moreover, the adversary can physically capture to some IoT smart devices in order to compromise secure communication among other non-compromised nodes in the network. Therefore, it is very much essential that the data needs to be securely exchanged among various entities in the network so that it will not be revealed to the adversary. Otherwise, if the adversary can manipulate the genuine information, the transactions contained in a block in the blockchain will not be also genuine. The access control mechanism plays a very crucial role here, because the IoT devices require to send the information to their nearby gateway node and also the gateway node needs to send the data to its associated edge server(s) securely. As a result, we need to have a secure access control mechanism in edge computing based generic IoT environment to make secure communication among various entities in the network. The edge servers in a peer-to-peer (P2P) edge servers network are considered as trusted and they are responsible for creating, verifying and adding the blocks in their local ledgers first using consensus algorithm. Later, the local ledgers maintained by the edge servers are then periodically updated in the blockchain’s global ledger in order to avoid much burden at the blockchain center. Due to blockchain technology, once the blocks are added into the blockchain, these can not be further modified, updated or even deleted from the blockchain because each block contains previous block hash, Merkle tree root, signature on the transactions and also current block hash. Most of the access control protocols proposed in the literature in the IoT and also in resource-constrained wireless sensor networks environments are vulnerable to attacks, and they do not support blockchain feature in order to provide stronger security and more functionality features, such as block verification in blockchain, transparency, decentralization and immutability properties. Finally, we design a novel access control protocol in edge computing based generic IoT environment where depending on the importance of the data in IoT applications, the data are encrypted in the block (private blockchain) or these are stored in unencrypted form in the block in the blockchain (public blockchain). There may be some applications where we need to have both private and public data to be stored in a block in the blockchain (consortium blockchain). Hence, we consider consortium blockchain access control mechanism to address these issues. Towards this, a new consortium blockchain-enabled access control scheme in edge computing based generic IoT environment (called CBACS-EIoT) has been suggested, where the mutual authentication among the IoT smart devices and the gateway node(s), and also among the gateway node(s) and respective edge server(s) occur. In addition, key management phase is executed among the edge server(s) and associated cloud server(s). Using the established secret keys, the entities in the network communicate securely. The data gathered securely by the gateway nodes is then used to form various types of blocks (private, public or consortium) at the edge server(s) based on application types in the generic IoT environment. The created blocks are mined by the edge servers in order to add them in the blockchain center. A detailed security analysis including the formal security and also the simulation based formal security verification on CBACS-EIoT have been carried out to exhibit that CBACS-EIoT is secure against passive and active attacks. Finally, a meticulous comparative performance analysis shows that CBACS-EIoT offers superior security and supports more functionality features, and also provides less communication and computational overheads as compared to existing relevant schemes