An Attribute-Based Access Control using Chaincode in RFID Systems

Figueroa, Santiago; Añorga, Javier; Arrizabalaga, Saioa; Irigoyen, Inigo; Monterde, Mario

doi:10.1109/ntms.2019.8763824

Cited by 8 publications

(13 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since one of our lines of research is access control, based on attributes (ABAC) in decentralized systems ([40,41]) and this model of access control based on roles (RBAC) has been applied in a centralized environment (Role Database), the first future line of research is to apply this model in a decentralized environment based on blockchain. Additionally, we want to provide results to systems based on both Hyperledger Fabric Blockchain and Ethereum blockchain.…”

Section: Discussionmentioning

confidence: 99%

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

Figueroa-Lorenzo

Añorga

Arrizabalaga

2019

Sensors

View full text Add to dashboard Cite

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol’s resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.

show abstract

Section: Discussionmentioning

confidence: 99%

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

Figueroa-Lorenzo

Añorga

Arrizabalaga

2019

Sensors

View full text Add to dashboard Cite

show abstract

“…The relationship between subjects and objects with the attributes is already defined. This is the typical approach of many studies (Di Francesco Maesa et al , 2018; Figueroa et al , 2019; Rouhani and Deters, 2019; Liu et al , 2020) to solve the problem of traditional access control such as a single-point failure, difficulty to expand, low reliability and low throughput. Data privacy with GDPR compliant : Usually, data when adding to the ledger cannot be deleted. So, when adding personal data, we will have an issue with GDPR.…”

Section: Discussionmentioning

confidence: 99%

An effective and elastic blockchain-based provenance preserving solution for the open data

Dang

Duong

2021

IJWIS

View full text Add to dashboard Cite

Purpose In the open data context, the shared data could come through many transformation processes, originating from many sources, which exposes the risk of non-authentic data. Moreover, each data set has different properties, shared under various licenses, which means the updated data could change its characteristics and related policies. This paper aims to introduce an effective and elastic solution to keep track of data changes and manage their characteristics within the open data platform. These changes have to be immutable to avoid violated modification and could be used as the certified provenance to improve the quality of data. Design/methodology/approach This paper will propose a pragmatic solution that focuses on the combination of comprehensive knowledge archive network – the broadest used open data platform and hyperledger fabric blockchain to ensure all the changes are immutable and transparent. As using smart contracts plus a standard provenance data format, all processes are running automatically and could be extended to integrate with other provenance systems and so the introduced solution is quite flexible to be used in different open data ecosystems and real-world application domains. Findings The research involves some related studies about the provenance system. This study finds out that most of the studies are focused on the commercial sector or applicable to a specific domain and not relevant for the open-data section. To show that the proposed solution is a logical and feasible direction, this paper conducts an experimental sample to validate the result. The testing model is running successfully with an elastic system architect and promising overall performance. Originality/value Open data is the future of many businesses but still does not receive enough attention from the research community. The paper contributes a novel approach to protect the provenance of open data.

show abstract

“…To reap the full potential benefits of IoT devices, their generated data needs to be shared with different service providers. For example, the data generated from fitness devices may need to be shared with the hospital and the physician, whereas the temperature sensor data may need to be shared with emergency departments and service providers such as Google and Amazon that can collect users' data in smart homes such as Echo or Google Home, to ensure a better quality of service [1,2].…”

Section: Introductionmentioning

confidence: 99%

“…Therefore, ABAC is better suited to IoT than other access control mechanisms [1]. However, recent research that focuses on access control schemes based on ABAC is based on centralized models to improve security and privacy [2].…”

Section: Introductionmentioning

confidence: 99%

An Attribute-Based Access Control Model for Internet of Things Using Hyperledger Fabric Blockchain

Shammar

Zahary

Al-Shargabi

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The Internet of Things (IoT) is emerging from its infancy and establishing itself as a component of the future Internet. However, the ability to manage a huge number of IoT devices is one of the IoT technical challenges. To implement access control, traditional schemes typically rely on a trusted central organization. Traditional centralized access control systems of the IoT lead to the shortcomings of a single point of failure, low overall system efficiency, and ethical and privacy issues. To overcome such challenges, an attribute-based access control model using Hyperledger Fabric blockchain (ABAC-HLFBC) is proposed in this paper. By adopting ABAC, it is no longer to create access control lists (ACLs) or assign roles to all system users. Instead, ABAC grants access based on the attributes presented by the target. No one is permitted access unless he/she possesses sufficient attributes that correspond to the access policy. The Hyperledger Fabric Raft consensus mechanism has been used to verify the transaction on the proposed model because it has a demanding feature for faster and less complicated consensus in comparison to the Kafka ordering service. To evaluate the proposed model, it has been tested against the most recent previous work, called fabric-iot model. The proposed model has been tested and evaluated in two parts. The first part tests the cost time using a client test program written in Golang. The second part tests the latency and throughput using the Hyperledger Caliper benchmark tool. Results show that the proposed model efficiently outperforms the previous work in terms of the performance metrics mentioned above.

show abstract

An Attribute-Based Access Control using Chaincode in RFID Systems

Cited by 8 publications

References 7 publications

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

An effective and elastic blockchain-based provenance preserving solution for the open data

An Attribute-Based Access Control Model for Internet of Things Using Hyperledger Fabric Blockchain

Contact Info

Product

Resources

About