See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/344313840
Blockchain-Based Access Control for IoT in Smart Home Systems
Chapter · September 2020
DOI: 10.1007/978-3-030-59051-2_2
CITATIONS
0
READS
5
3 authors, including:
Some of the authors of this publication are also working on these related projects:
Semantic BMS View project
Security in IoT View project
Bacem Mbarek
Masaryk University
16 PUBLICATIONS   38 CITATIONS   
SEE PROFILE
Tomáš Pitner
Masaryk University
101 PUBLICATIONS   295 CITATIONS   
SEE PROFILE
All content following this page was uploaded by Bacem Mbarek on 05 October 2020.
The user has requested enhancement of the downloaded file.
Blockchain-Based Access Control for IoT
in Smart Home Systems
Bacem Mbarek(B)
, Mouzhi Ge, and Tomas Pitner
Faculty of Informatics, Masaryk University, Brno, Czech Republic
bacem.mbarek@mail.muni.cz, mouzhi.ge@muni.cz, tomp@fi.muni.cz
Abstract. Smart home systems are featured by a variety of connected
smart household devices, where Internet of Things (IoT) is one of the
critical enablers in the smart home environment. Since these smart home
IoT devices are working collaboratively, the access control among the IoT
devices becomes more and more important because non-authorised access
can result in resource misuse, home breach threats or private information
disclosure. Thus, an effective access control in smart home systems is
essential to prevent from unauthorized use of the available resources.
However, most of the access control schemes in smart home systems are
still lack of decentralized peer trust and hard to control the security and
credibility of the smart home IoT network. This paper therefore proposes
a Blockchain-based Access Control (BAC) solution by integrating the
Blockchain technique to IoT networks, where the agent-based policy is
proposed to improve the efficiency of the Blockchain management. In
order to validate the BAC solution, we demonstrate the implementation
process of the proposed BAC in the parental control scenario and also
evaluate performance and feasibility in a simulated smart home.
Keywords: Blockchain · Smart home systems · IoT · Access Control
1 Introduction
Nowadays, smart home systems are developed to enable home automation and
increase the quality of life [18]. These systems are usually featured by using a
smart phone application to interconnect and control different home devices such
as lights, power plugins, cooking devices, temperature and humidity sensors as
well as security systems [25]. In order to implement the home device interconnections,
Internet of Things (IoT) is widely used as one typical wireless communication
technique [17]. IoT is a concept of interrelated physical objects or devices
that have been used in different application domains such as in smart cities,
vehicular networks, military, and healthcare [11]. In the smart home context,
the main goal of IoT is to connect different kinds of objects such as refrigerator,
washing machines, TV, laptop, or cars [33] to facilitate people’s daily life.
While the smart home system brings comfort and convenience to the home
environment, it is also found to be vulnerable and exposed to different nonauthorised
access threats [12]. For example, if an attacker targets the functionality
of the access control system by modifying the authentication headers in the
c Springer Nature Switzerland AG 2020
S. Hartmann et al. (Eds.): DEXA 2020, LNCS 12392, pp. 17–32, 2020.
https://doi.org/10.1007/978-3-030-59051-2_2
18 B. Mbarek et al.
packets, this attack can create a fake identity and access without legal authorization
to the IoT devices deployed in a home environment. In order to prevent
such threats, access-control mechanisms are being investigated as policy
enforcement components or main gateways to secure communications between
IoT devices [30]. However, current access-control mechanisms used in IoT are
with limited flexibility and inefficient to secure the resource constrained smart
home devices [22]. These smart home devices are commonly prone to malicious
attacks and require mutual authentication to guarantee the confidentiality and
security of data shared in the IoT network [15]. As a typical IoT network, smart
home systems urge to be a highly secure, independent and distributed platform
[11]. In order to tackle this issue, the emergent Blockchain technology can
be used to transform the way that data will be shared in IoT networks [2].
In this paper, we therefore propose a Blockchain-based Access Control solution,
named as BAC, which controls the access to smart home devices and ensures
secure communications between the IoT devices and the householders. In particular,
we address the drawbacks of regular Blockchain access control protocols in
terms of the time cost involved in the necessity of contact with the owner of the
resource for each new access, by using agent-based software as an authenticated
key for access control management. The contribution in this paper is twofold.
First, we highlight the problem of the time cost involved in getting an access
permission with the standard Blockchain platform. Second, we present an agentbased
method to monitor inappropriate activities of users in the Blockchain.
While we consider that Blockchain is capable of controlling the secure access
and efficient data sharing in smart home systems, the BAC can be also applicable
for diverse scaled IoT applications. Further, the collaborations of smart
home devices can benefit from Blockchain to enhance the processes of authentication
and coordination of data collection as well as optimizing the usage of
the available resources [14,35]. In order to validate the proposed BAC solution,
we demonstrated its applicability in the parental control scenario in smart home
systems.
The remainder of the paper is organized as follows. Section 2 presents an
overview of Blockchain with common definitions. Section 3 proposes BAC solution
by integrating the Blockchain into smart home. To evaluate the proposed
solution, Sect. 4 describes a typical smart home scenario and implement BAC in
smart home systems. Section 5 concludes the paper and outlines future directions
for this work.
2 Related Work
While the increasing use of IoT devices in smart home allows for real-time,
low-cost data acquisition, the smart home IoT network is exposed to challenging
security and access threats such as spoofing user identity, cloning access
control cards, or submission of false information [18]. In order to prevent such
threats, access-control mechanisms are being investigated to secure communication
among the IoT devices. However, most current mechanisms used in comput-
Blockchain-Based Access Control for IoT in Smart Home Systems 19
ing systems can be inappropriate for resource constrained environments including
IoT-based home automation systems [1]. Although the smart home is a
specific environment, the overall nature of security threats is similar to other
domains. We describe three types of threats and their consequences in smart
home systems as follows.
Confidentiality Leaking: An attacker may try to access the sensitive information
in the smart home. For example, the confidentiality threats could lead to
house stealing by hacking information about air conditioning system parameters
or light system operation to determine whether a house is occupied or not. Thus,
the confidentiality should be considered to ensure the safety of IoT systems [36].
Access Phishing: An attacker can confuse the home system by letting the
system agree that there is an using emergency alerts and opening doors and
windows to allow an emergency exit. Therefore, without appropriate access control
schemes, the smart home can be in danger [30].
Unauthorized Access: An attacker can use unauthorized devices in the IoT
network by for example cloning some access card. Since many smart home devices
can be physically attacked, an attacker may start an energy depletion attack,
a form of denial of service. Thus, using simple access control system through
password and key management is not enough. Dynamic key updating scheme is
necessary to protect smart home network [16].
A variety of solutions have been proposed to solve the access control problems
in smart home by identifying the malicious activities and exploring secure access
control management mechanisms among house members [8,9,30]. In [19], the
authors proposed a platform, named FairAccess, to secure the IoT network based
on the token method, where Fairaccess only supports the Blockchain authorization
based on access tokens using smart contracts. However, their proposal has
some issues, for example, the time involved in obtaining access licenses takes
long, the time cost is mainly in the necessity of contacting with the owner of
the resource for each new access or for each token expiration. In [8], the authors
also employed Blockchain in access control. They proposed a Blockchain-based
smart home framework that is used for handling all the internal communications
inside home and external communications from or to the home. In [30], authors
proposed a private Blockchain as central intelligent home administrator. Their
proposed model addresses the problems related to DoS attacks by controlling
all incoming and outgoing packets to smart home devices. In [9], authors proposed
a managing IoT device using Blockchain platform that is manipulated by
Ethereum Blockchain with smart contracts for tracking meter and setting policies.
It can be used to turn on and off air conditioner and light bulbs in order to
save energy.
From the Blockchain perspective, authors in [7] proposed a combination of
private and public Blockchains. The private Blockchain was employed to handle
data flow in SHS, whereas the public Blockchain was to manage data flow
over cloud storage. Their approach is composed of three layers: smart home systems
(SHS), overlay network and cloud storage. To improve further the security
between IoT devices and the Blockchain, different researchers proposed the inte-
20 B. Mbarek et al.
gration of cloud computing in Blockchain platforms to manage a large number
of IoT devices. In [21], the authors implemented a cloud server as a centralized
and decentralized combined architecture and an intermediate between IoT
devices and the Blockchain. In [37], the authors combined Blockchain and offBlockchain
storage to construct a personal data management platform focused
on data privacy. Similarly, in [20], the authors proposed a secure service providing
mechanism for IoT by using Blockchain and cloud. However, the unstable
connection between cloud servers and IoT devices could cause communication
delay as well as prevent the proposed model from achieving optimal performance
and security scores. In [9], authors have demonstrated how Blockchain can be
used to store IoT data with smart contracts. In [24], authors have proposed a new
framework in which Blockchain is used to support the distributed storage of data
in IoT applications. In [5], authors have proposed various protocols that enable
the synchronization of IoT endpoints to the Blockchain. To this end, the authors
have used several security levels and communication requirements. They have
also analyzed the traffic and the power consumption created by the synchronization
protocols via numerical simulations. Extended reviews of using Blockchain
to store IoT data with a focus on open problems of anonymity, integrity, and
adaptability as well as to architect Blockchain-based IoT applications are available
in [4]. Therefore, the development of a smart home based on Blockchain
system with scalable communication network is required for ensuring the safety
of users as well as the transmission of aggregated IoT data.
3 BAC: Blockchain-Based Access Control Model
In order to provide an effective access control solution for smart home systems,
we integrate Hyperledger Fabric-based Blockchain [10] to IoT network to secure
the peer and trust and use agent-based policy model to improve the Blockchain
efficiency. The agent-based policy aims to reduce or eliminate human interventions
in the Blockchain, as every agent in the IoT device has the capacity to
autonomously process Blockchain transactions. In addition, the Blockchain can
organize the user behaviors by using a mobile agent which to detect inappropriate
user activities with the used IoT device.
3.1 System Setting and Roles
In the system, the Blockchain is composed of three roles: 1) endorsing peers, 2)
the ordering service, and 3) committing peers. Each householder is a transmitter/receiver
that sends requests to a manager controller in the channel through
the Blockchain platform. Inside the Blockchain, the smart contract is a code
fragment that executes the terms of a contract [32]. A channel can be defined as
a sub-network for peers communication. In the smart home context, it can be
communication between IoT devices, and family members. Using different channels
can divide transactions according to different boundaries according to some
service logic. In the smart home systems, the transactions can be considered as
an activity request or a collaboration order.
Blockchain-Based Access Control for IoT in Smart Home Systems 21
– Endorsing peers are the manager members in the Blockchain channel. The
endorsing peers will endorse a transaction proposal, for example, the endorsement
can be carried out based on specified family policies. When enough
endorsing peers support a transaction proposal, it can be submitted to the
ordering service to be added as a block. During the commissioning and configuration
of the Blockchain network, the smart home system should firstly
select the endorsing peers.
– Ordering service collects transactions for a channel into proposed blocks
for distribution to peers. Blocks can be delivered for each defined channel.
The smart home ordering service is to gather all the endorsed transactions,
perform the ordering in a block, and then send the ordered blocks to the
committing peers.
– Committing peers includes all the members of the Blockhain. The committing
peers run the validation and update their copy of the Blockchain and
status of transactions. Each peer receives the block, as a committing peer,
can now attach the new block to its copy of the transactions. Committing
peers have also the responsibility of updating the shared ledger with the list
of transactions.
When a householder agrees to enter a transaction, he determines the parameters
of this transaction by specifying its request, its location, authentication
key. Each transaction is stored in a smart contract and transmitted to the house
managers as playing the rules of endorsing peers of the Blockchain platform.
The received transaction is verified by checking their smart contract. Then, the
endorsing peers verifies the received transaction by executing the static agent
policies. After, the verification of the received transaction by the house managers
and the creation of the Block by the ordering server, the endorsing peers
will submit a mobile agent to the requested user of IoT sensors to detect the
inappropriate activities during the utilization of connected device.
3.2 Agent-Based Policy for the Blockchain Management
In the smart home systems, there can be different frequent activity requests such
as turn on or off the light. For those frequently occurred requests, it is inconvenient
to manually approve each request for the endorsing peers. In order to
increase Blockchain efficiency for smart home IoT network, the Blockchain platform
will create two kinds of agents: (1) a static agent, and (2) a mobile agent.
Both the static and mobile agents are dedicated to every new transaction. The
endorsing peers can monitor the selected node by using those agents. While the
static agent is used to verify the received transaction, the mobile agent is to check
the user activities. The mobile agent also can control the connected devices in
real time, for example, if activities from some IoT device are inappropriate, the
mobile agent can turn off this IoT device. The positions of these agents and their
functions are depicted on Fig. 1.
22 B. Mbarek et al.
Static Agent is a static agent that will be implemented in each peer device
of the Blockchain. Once the peer device receives a transaction such as a activity
request, The peer device will use the static agent to verify and check the
received transaction. Those Agents intend to replace manual verification. Then,
the static agent will carry on each received transaction. The static agent compares
the received transaction T to its predefined policies Ps. Then the static
agent compares Ps with T. If Ps = T ± ε, then the transaction will be rejected.
If Ps = T ± ε, then the transaction will be accepted.
T =
1, accepted
0, if Ps = T ± ε
(1)
Mobile Agent is the agent that is created by the householder managers to control
access to their household devices. The mobile agent is a standalone software
entity that can start various tasks when visiting different computing nodes: such
as collecting data, contorting access management tools, as well as monitoring and
detecting inappropriate using of household devices. According to the request of
the endorsing peers, a mobile agent can migrate to the selected house, transfer
their code and data, allow them to efficiently perform computations, gather
information and accomplish tasks. The agent can be encrypted by asymmetric
authentication (by the public key of the selected peer).
The Blockchain platform will create a mobile agent dedicated to every
requested IoT device. The mobile agent will migrate to the requested IoT device.
Then, the mobile agent will execute its code in the IoT device controller. The
mobile agent collects the behaviours of user B that is detected by each user and
reported by the sensors. Then the mobile agent compares B with P, where P is
the declared policies given by Blockchain platform. If B = P ± ε, then a potential
inappropriate activities (P) is suspected. The mobile agent also checks the
user time connection T to the IoT device, and compares it to the policy declared
time TB. If T < TB, then a potential inappropriate activity can be reported. The
mobile agent detects the inappropriate activities as depicted in Eq. (2), where ε
represents some measurement error threshold.
Fig. 1. Architecture of blockchain agents-based model
Blockchain-Based Access Control for IoT in Smart Home Systems 23
P =
1, if B = P ± ε or T < TB ± ε
0, otherwise
(2)
Figure 1 shows the overall architecture of integration between agent-based
Blockchain and IoT networks. In this architecture, although Database (DB) is
place, the analysis engine is out of the scope of this paper. It can be seen that
the role of the static agent is used to manage access control for a transaction.
After allowing and giving a permission for a transaction, a mobile agent will be
created by the Blockchain platform and will migrate to the requested IoT node
to control user behaviours with the connected device.
3.3 System Algorithm Design for Smart Home
Algorithm 1 presents the BAC solution by using Blockchain components and
software agents as a method for enabling and access control in smart home. To
Algorithm 1. Hyperledger Fabric Blockchain-based Access Control (BAC)
EP: endorsing peers
Tr: Transaction
SA: Static agent
MA: Mobile agent
BC: Blockchain platform
C: Children
OS: Ordering Service:
DB: Data Base
P: Declared policies given by BC
B: Collected behaviours of user
T: User connection time
TB: Policy declared time
res: proposal response
CE: Collected Endorsements
while Tr received do
Verify(T, EP(SA)) {EP verifies T by executing SA}
Send(res, EP, C) {EP sends res to C}
Request(EP, OS) {EP requests block creation form OS}
Verify(CE, OS) {OS verifies CE}
Send(Block, OS, BC){OS sends the created Block to BC}
Add(Block, BC(DB)) {BC adds the Block into its DB}
Send(MA, EP, C) {EP sends MA to C}
while MA received do
if B = P ± ε then
inappropriate activity is detected
else if T < TB, then
inappropriate activity is detected
else
appropriate activity
end if
end while
end while
24 B. Mbarek et al.
adapt Blockchain to the specific needs of IoT, we integrated 2 software agents:
the static and mobile agents. First, the static agent is responsible of transactions
verification. Second, the mobile agent is able to detect inappropriate activities.
Once on the peer (children), the mobile agent will be acting as a Local Intrusion
Detector (LID) as well as a Delegated Authenticator (DA) on behalf of endorsing
peers (Parents). To this end, it will use the local processing resources of the peer
to investigate its behavior. The mobile agent compares its declared policies P
with the user behaviour B = P, then inappropriate activity is detected. The
mobile agent also compares its policy declared time TB with the user connection
time T.
4 Validation of BAC in Smart Home Systems
In order to validate our solution, we demonstrate the application of BAC in
the parental control scenario, which is a typical and important case in smart
home systems [27]. We use the smart home setting for demonstration and evaluation
purposes, while BAC is application agnostic and well-suited for diverse
IoT applications and networks. Our demonstration is show how to design and
implement a secure and efficient model that can manage access control between
children and their parents based on the Blockchain.
Considering that in the smart home, sensors are coupled to a number of
household devices to turn on or off the digital devices, which can be controlled
remotely and give access to the children. Those control sensors are coupled to
household devices in the smart home to monitor and control home appliances.
Control sensor consists of activating or deactivating household devices and monitoring
the user behavior about how appliances are used. For example, Children
need request for permission before using any connected household devices. Parents
will receive the transaction and react to it by allowing or rejecting usage by
executing access control policies. The parents can control remotely the connected
home appliances through their mobile phone or tablet or a wireless remote. Two
agent-based control will be used in our system: static agent and mobile agent.
The static agent will be implemented in each parent manger device to verify
received transactions that their children request. After executing each policies
code, the static agent is also responsible for accepting or declining the received
transaction. After giving access to children, the mobile agent will migrate to
the target devices. The mobile agent is able to control the activities of children
and detect e.g. the inappropriate behaviour. The mobile agent can visit
each of the connected home appliances and execute customized code on each
control sensor. Therefore, the mobile agent can analyse user behaviour through
the connected home appliances. Apart from monitoring user behaviour, when a
malicious activities are detected, the mobile agent can also turn off the device
and denied further access.
Blockchain-Based Access Control for IoT in Smart Home Systems 25
Fig. 2. Roles in blockchain-based model: use case diagram
4.1 System Implementation Process
While the BAC can enable the parents to set digital rules remotely with their
devices to control child’s activity on the house, digital parental access control
helps to keep children safe when they’re using household devices and to track
their activity when using the connected devices. As shown in Fig. 2, devices at
home such as television, computer and video games are connected to a private
Blockchain channel and accessible only when the parents give access to their
child’s. Moreover, parents have a remote controllers (e.g. mobile phone, hand
clock, computer) which are connected to the private Blockchain channel.
When a children enters into a transaction, he determines the parameters of
this transaction by specifying its location, name of household items that he will
interact with it, usage time, etc. Each transaction is stored in a smart contract
and transmitted to the endorsing peers of the Blockchain platform. As shown in
Fig. 3, the following steps occur during access request time.
1. The children store the endorsement requests in the smart contract and submits
it to their endorsing peers, in the smart home context, the endorsing
peers are usually the parents.
2. The static agents located in the parents devices can approve or reject the
status after checking for consistency by aligning the smart contract.
3. The static agents send the proposal response to the IoT device applicant.
Each execution captures the set of read and written data (also called the RW
set), which is flowing in the Hyperledger fabric. Moreover, the Endorsement
System Chaincode (ESCC) signs the proposal response on the endorsing peer.
The RW sets are signed by each endorser. Every set will include the number
of the version of each record.
4. The children send the proposal response to the ordering service, which is
located on the Blockchain platform as a clustering code to create Blocks).
5. Afterwards, the ordering service verifies the collected endorsements and creates
the Block of transactions.
26 B. Mbarek et al.
Fig. 3. Order-execute architecture to storage data in the Hyperledger Fabric
Blockchain platform
6. The ordering service sends the Block to the committing peers which can
include the parents or other family members who will be notified for
validation.
7. If the validity is fulfilled, the Blockchain platform adds the checked Block into
the data base of the Blockchain. Then, the Blockchain emits the notification
to all peers.
8. After the validation of transaction, one of the parents static agent (in a chosen
sequential manner) creates a mobile agent and sends it to the child who made
the request and track his activities.
We have implemented a system prototype of the proposed BAC based on
the open source Blockchain platform: Hyperledger Fabric [10], which has been
reported as one of the most suitable platforms for the IoT applications [31]. In
the smart home environment, all nodes such as the IoT endpoint for parents and
children in the network use the SHA-1 hash algorithm and 2MB as data block
sizes. Also, the IoT home devices are linked by the hyperledger in Blockchain,
the foundation of the Blockchain in smart home is designed to control children
activities with the household devices. To implement this in practice, first, householders
should be Blockchain channel members. Besides that, there are two ways
for endorsing peers to verify and check the authenticity of the children’s requests
and transactions: by their smart contract and by the mobile agent report. We
created a smart contract program that is used by the children to send its transaction
to the endorsing peers, which in our case the peers are the IoT endpoint
from parents. A transaction invokes a smart contract called chaincode, which
defines an application running on the Blockchain [3]. When the transition is
issued, the mobile agent is used to monitor the behavior of the IoT device usage.
For example, a child can request to watch TV for half an hour by smart contract.
After the parents agree this transaction by endorsement, the mobile agent
Blockchain-Based Access Control for IoT in Smart Home Systems 27
is used to monitor if watching TV in this transaction is more than half an hour
or not, in case longer than half an hour, the mobile agent can turn off the TV
based the defined policy.
We deployed the initial prototype to test the feasibility of the solution, and
planned tests by running simulations of different scenarios of tracking children’s
activities in smart home. We described the implementation process of
the Blockchain components and their characteristics as follows. Each peer in the
Blockchain channel runs as an image in the docker container and contains the
smart contract modeled as JavaScript Object Notation (JSON). The smart contract
is designed and implemented by using the Hyperledger Composer, which is
an extensive, open development tool set and framework to facilitate the implementation
of Blockchain applications. The peer processes and orders transactions
on a first-come-first-serve basis across the network. The notification generated
from the blockchain network is emitted to the client using WebSockets [28].
Each Block contains a key and the key of the previous block. Therefore, the
database collects Blocks that are cryptographically linked together to form a
sequence of chains. The connector between Blocks helps user to trace back the
different stored transactions and to know the history changes that happened in
the state database. The ordering node is employed with the practical byzantine
fault tolerance (PBFT) algorithm [6] to ensure the consistency of every copy of
the leger.
4.2 Performance Evaluation
To analyze the performance of our proposed BAC solution, we used Hyperledger
Caliper software [26], which is a benchmark tool developed within the Hyperledger
project. This tool can produce reports containing various performance
indicators, such as transactions per second, transaction latency and resource
utilization. For performance evaluation, this study is mainly focused on the task
execution time. In the simulations, we varied two kinds of variables to observe
the transaction execution time. One variable is the number of IoT devices in
the smart home, and the other one is the number of transactions with a fixed
number of smart home IoT devices.
In the setting of varying the number of IoT devices in the smart home, we
configured the system with a range of 50 to 250 IoT devices with the interval of
50 devices. This range is chosen because of real-world applicability. For smart
buildings, we estimate that the total number of IoT devices is usually less than
200, and the IoT devices or sensors in smart home in most cases are less than 50
pieces. Considering Hyperledger Fabric nodes setup, Those IoT devices contain
2 endorsing peers that are both parental controller devices, 4 committing peers
including endorsing peers and others are smart IoT devices or sensors at home.
We run our simulations for 60 s. The execution time is mainly spent on processing
transactions, peer communications and updating the Blockchain. The transaction
is the exchange of messages between sender and receiver where a peer (e.g.
children) access request, asking the manager peers (e.g. parents) for the access of
the household device (e.g. TV). In our simulation, to read one transaction in the
28 B. Mbarek et al.
Fig. 4. Average execution time of each transaction by varying the number of IoT
devices
Fig. 5. Execution time of processing all the transactions by varying the number of
transactions
Blockchain, the average time is around 39 ms. To compute the time execution of
each transaction, we are using the simulation tool Hyperledger Caliper [26] to
record the average time. We observed that for the one transaction the average
execution time is 44 ms.
Figure 4 shows the evaluation result of the execution time for accessing usage
to IoT devices. We can obtain the average execution time of one transaction by
varying the number of IoT devices directly from the simulator. The main observation
is that when increasing the number of IoT devices, the execution time is
between (43 ms) and (45 ms), indicating that the execution time for transaction
is very reasonable and implementable. Also, it can be seen that the variation of
IoT device quantity has limited effects on our solution and thus the proposed
BAC can potentially support even large IoT networks. One of the reasons is
that in smart homes each transaction may only involve a small set of peers.
Thus enlarging the network may not enlarge the scale of the transaction. Moreover,
the implemented static agent helps to verify fast the received transactions.
Blockchain-Based Access Control for IoT in Smart Home Systems 29
The agent-based method in our solution can provide more efficient transaction
execution.
In the setting of varying the number of transactions in the smart home,
we configured the system with a fixed number of 50 IoT devices because we
estimate most smart homes have less than 50 devices. Thus our performance
testing can be set to be a larger scale case. Same as the previous setting, 2 IoT
devices with parents as endorsing and committing peers and 2 more IoT devices
as committing peers. The rest of the IoT devices are the IoT devices or sensors
available in the house. We reported the observations in Fig. 5.
Figure 5 shows the total time that is used to successfully complete all the
designed transactions in the Blockchain. In this setting, all the householder members
who submit transactions have a designated target smart contract function.
As we expected, more transactions will take more execution time. However, the
average execution time per transaction is decreasing as the number of the transactions
increase. This may be explained by the fact that Blockchain provides
a way to execute many transactions at the same time in an efficient way [23].
For instance, when the number of transactions is equal to 50, the total time
to process all the transactions is 4 s and thus each transaction needs 0.08 s on
average, while for 250 transactions the total execution time is 14 s, where each
transaction needs 0.056 s. It can be seen that each transaction needs less time
when more transactions are carried out. One possible reason is that executing
smart contract for many transactions simultaneously spend less execution time
than executing smart contract program separately for each transaction. Thus,
when the density of the transaction is high, instead of processing the full cycle
for each transaction, the smart contract takes the full list of transactions as input
values. Likewise, each receiver peer may process the list of multiple sequential
transactions into one Block by using the smart contract executable program.
Therefore, with the increase number of transactions, the time that is used to
execute each transaction will decrease.
During the simulation, we also found that collaborations among the smart
home IoT devices can achieve results that exceed their individual capabilities.
In smart homes, different IoT devices may need to work collaboratively to finish
one task [35]. In this context, because of the commonly limited processing,
storage, and communication capabilities of these devices as well as the dynamic,
open, and unpredictable environments in which they operate, implementing effective
collaboration mechanisms remain a challenging concern [34]. For example,
in order to finish one cooking task, the kettle, the cooking machine and the
oven may need to work collaboratively, interactively or in a sequence. Potential
solutions can be inspired from the extensive studies to enable the collaboration
between distributed autonomous entities in the context of Multi-Agent Systems
(MAS). MAS have proven flexibility, autonomy, and intelligence to solve
complex problems within highly dynamic, constrained, and uncertain environments
[13,29]. In our proposed BAC solution, agent-based design is used to
automate the approval, monitoring and controlling activities. We believe that
30 B. Mbarek et al.
the agent-based design can be further developed to coordinate the communication
among IoT devices and enhance the efficient automation in smart home
systems.
5 Conclusion
In this paper, we have proposed a Blockchain-based access control (BAC) mechanism
for IoT in smart home systems. The BAC solution is mainly featured
by integrating the Blockchain to IoT networks with agent embedded systems.
This solution is designed for the smart home IoT devices. In the BAC solution,
we have modelled the agent-based policy for the Blockchain management and
designed the algorithms for smart home access control. In order to validate our
solution, we have implemented the BAC for a typical parental control scenario in
smart home, and demonstrated the detailed processes and interactions, across
from request, to endorsement and verification as well as monitoring activities
in parental control. Based on the performance evaluation, it can be seen that
the execution time for accessing the service in IoT devices is reasonable and the
system interactions such as transaction processing are efficient. This also indicates
that the BAC solution can be implemented in the real-world smart home
systems. Furthermore, although the BAC solution is proposed in the context of
smart home, it can be potentially used in the other scaled IoT networks with
access control concerns and requirements.
As future works, we first plan to conduct more experiments with various
real-world IoT applications. In most smart home systems, since the number of
IoT devices is only scaled to a small limitation, we believe our solution can be
effectively implemented. Further, a user study will be conducted in a real-world
smart home environment, and we will also intend to investigate the interoperability
and the cost of implementing our solution compared to other solutions.
References
1. Al-Shaboti, M., Welch, I., Chen, A., Mahmood, M.A.: Towards secure smart home
IoT: manufacturer and user network access control framework. In: 32nd International
Conference on Advanced Information Networking and Applications, Krakow,
Poland, pp. 892–899 (2018)
2. Ali, G., Ahmad, N., Cao, Y., Asif, M., Cruickshank, H.S., Ali, Q.E.: Blockchain
based permission delegation and access control in Internet of Things (BACI). Comput.
Secur. 86, 318–334 (2019)
3. Brandenburger, M., Cachin, C., Kapitza, R., Sorniotti, A.: Blockchain and
trusted computing: problems, pitfalls, and a solution for hyperledger fabric.
arXiv:1805.08541 (2018)
4. Conoscenti, M., Vetro, A., De Martin, J.C.: Blockchain for the Internet of Things:
a systematic literature review. In: 2016 IEEE/ACS 13th International Conference
of Computer Systems and Applications (AICCSA), pp. 1–6. IEEE (2016)
5. Danzi, P., Kalor, A.E., Stefanovic, C., Popovski, P.: Analysis of the communication
traffic for blockchain synchronization of IoT devices. In: 2018 IEEE International
Conference on Communications (ICC), pp. 1–7. IEEE (2018)
Blockchain-Based Access Control for IoT in Smart Home Systems 31
6. De Angelis, S., Aniello, L., Baldoni, R., Lombardi, F., Margheri, A., Sassone, V.:
PBFT vs proof-of-authority: applying the cap theorem to permissioned blockchain
(2018)
7. Dorri, A., Kanhere, S.S., Jurdak, R.: Towards an optimized blockchain for IoT. In:
Proceedings of the Second International Conference on Internet-of-Things Design
and Implementation, pp. 173–178. ACM (2017)
8. Dorri, A., Kanhere, S.S., Jurdak, R., Gauravaram, P.: Blockchain for IoT security
and privacy: the case study of a smart home. In: 2017 IEEE International
Conference on Pervasive Computing and Communications Workshops (PerCom
Workshops), pp. 618–623. IEEE (2017)
9. Huh, S., Cho, S., Kim, S.: Managing IoT devices using blockchain platform. In: 19th
International Conference on Advanced Communication Technology, pp. 464–467.
IEEE (2017)
10. Hyperledger: Hyperledger fabric (2019). https://github.com/hyperledger/fabric
11. Johnsen, F.T., et al.: Application of IoT in military operations in a smart city.
In: 2018 International Conference on Military Communications and Information
Systems (ICMCIS), pp. 1–8. IEEE (2018)
12. Kavallieratos, G., Chowdhury, N., Katsikas, S.K., Gkioulos, V., Wolthusen, S.D.:
Threat analysis for smart homes. Future Internet 11(10), 207 (2019)
13. Kong, Y., Zhang, M., Ye, D.: A belief propagation-based method for task allocation
in open and dynamic cloud environments. Knowl.-Based Syst. 115, 123–132 (2017)
14. Kum, S.W., Kang, M., Park, J.: IoT delegate: smart home framework for heterogeneous
IoT service collaboration. TIIS 10(8), 3958–3971 (2016)
15. Lyu, Q., Zheng, N., Liu, H., Gao, C., Chen, S., Liu, J.: Remotely access “my”
smart home in private: an anti-tracking authentication and key agreement scheme.
IEEE Access 7, 41835–41851 (2019)
16. Mbarek, B., Ge, M., Pitner, T.: Self-adaptive RFID authentication for Internet of
Things. In: 33rd International Conference on Advanced Information Networking
and Applications, Matsue, Japan, pp. 1094–1105 (2019)
17. Mbarek, B., Ge, M., Pitner, T.: An efficient mutual authentication scheme for
Internet of Things. Internet Things 9, 100160 (2020)
18. Mocrii, D., Chen, Y., Musilek, P.: IoT-based smart homes: a review of system
architecture, software, communications, privacy and security. Internet of Things 1,
81–98 (2018)
19. Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: Fairaccess: a new blockchainbased
access control framework for the Internet of Things. Secur. Commun. Netw.
9(18), 5943–5964 (2016)
20. Rehman, M., Javaid, N., Awais, M., Imran, M., Naseer, N.: Cloud based secure
service providing for IoTs using blockchain. In: IEEE Global Communications Conference
(2019)
21. Rifi, N., Rachkidi, E., Agoulmine, N., Taher, N.C.: Towards using blockchain technology
for IoT data access protection. In: 2017 IEEE 17th International Conference
on Ubiquitous Wireless Broadband (ICUWB), pp. 1–5. IEEE (2017)
22. de Rivera, D.S., Bordel, B., Alcarria, R., Robles, T.: Enabling efficient communications
with resource constrained information endpoints in smart homes. Sensors
19(8), 1779 (2019)
23. Selimi, M., Kabbinale, A.R., Ali, A., Navarro, L., Sathiaseelan, A.: Towards
blockchain-enabled wireless mesh networks. In: Proceedings of the 1st Workshop
on Cryptocurrencies and Blockchains for Distributed Systems, pp. 13–18 (2018)
32 B. Mbarek et al.
24. Shafagh, H., Burkhalter, L., Hithnawi, A., Duquennoy, S.: Towards blockchainbased
auditable storage and sharing of IoT data. In: Proceedings of the 2017 on
Cloud Computing Security Workshop, pp. 45–50. ACM (2017)
25. Stojkoska, B.L.R., Trivodaliev, K.V.: A review of Internet of Things for smart
home: challenges and solutions. J. Clean. Prod. 140, 1454–1464 (2017)
26. Sukhwani, H., Wang, N., Trivedi, K.S., Rindos, A.: Performance modeling of hyperledger
fabric (permissioned blockchain network). In: 2018 IEEE 17th International
Symposium on Network Computing and Applications (NCA), pp. 1–8. IEEE (2018)
27. Vilas, A.F., Redondo, R.P.D., Rodr´ıguez, S.S.: IPTV parental control: a collaborative
model for the social web. Inf. Syst. Front. 17(5), 1161–1176 (2015)
28. W¨orner, D., von Bomhard, T.: When your sensor earns money: exchanging data for
cash with bitcoin. In: Proceedings of the 2014 ACM International Joint Conference
on Pervasive and Ubiquitous Computing: Adjunct Publication, pp. 295–298. ACM
(2014)
29. Wray, K., Thompson, B.: An application of multiagent learning in highly dynamic
environments. In: AAAI Workshop on Multiagent Interaction Without Prior Coordination
(2014)
30. Xue, J., Xu, C., Zhang, Y.: Private blockchain-based secure access control for smart
home systems. KSII Trans. Internet Inf. Syst. 12(12) (2018)
31. Yu, Y., Guo, Y., Min, W., Zeng, F.: Trusted transactions in micro-grid based on
blockchain. Energies 12(10), 1952 (2019)
32. Yuan, Y., Wang, F.Y.: Towards blockchain-based intelligent transportation systems.
In: IEEE 19th International Conference on Intelligent Transportation Systems,
pp. 2663–2668 (2016)
33. Zaidan, A.A., Zaidan, B.B.: A review on intelligent process for smart home applications
based on IoT: coherent taxonomy, motivation, open challenges, and recommendations.
Artif. Intell. Rev. 53(1), 141–165 (2020)
34. Zaidan, A.A., et al.: A survey on communication components for IoT-based technologies
in smart homes. Telecommun. Syst. 69(1), 1–25 (2018)
35. Zhang, Y., Tian, G., Zhang, S., Li, C.: A knowledge-based approach for multiagent
collaboration in smart home: from activity recognition to guidance service. IEEE
Trans Instrum. Measure. 69(2), 317–329 (2020)
36. Zhang, Y., He, Q., Xiang, Y., Zhang, L.Y., Liu, B., Chen, J., Xie, Y.: Low-cost
and confidentiality-preserving data acquisition for internet of multimedia things.
IEEE Internet Things J. 5(5), 3442–3451 (2018)
37. Zyskind, G., Nathan, O., et al.: Decentralizing privacy: using blockchain to protect
personal data. In: 2015 IEEE Security and Privacy Workshops, pp. 180–184. IEEE
(2015)
View publication statsView publication stats