Integrating blockchain technology with the Internet of Things (IoT) facilitates seamless interaction between IoT devices and systems to securely share, access, and exchange data. However, ensuring adequate access control within blockchainenabled IoT (BIoT) systems remains a significant challenge. It is often difficult to adapt existing access control mechanisms to the dynamic and context-dependent nature of IoT environments, necessitating a robust context-aware approach to ensure adequate security and the privacy of resources within BIoT systems. In this paper, we propose a novel smart contract-enabled context-aware access control (SC-CAAC) scheme for BIoT systems. It utilizes context-aware access control models that consider contextual information, including user profile, purpose, date, time, location, resource, and operating environment specifications, to make access control decisions. Smart contracts dynamically enforce access control policies and manage access permissions, ensuring that sensitive data and resources are accessible only to authorized users. The proposed scheme leverages the immutability, transparency, and decentralization of a blockchain that is shared by multiple participants in a consortium network, removing the need for a central authority to record and audit access control policies and decisions and promoting accountability and trust. The implementation and evaluation of our proposed scheme using the Hyperledger Besu blockchain demonstrates its effectiveness and scalability in real-world scenarios.Index Terms-Blockchain, blockchain-based Internet of Things (BIoT), context-aware access control (CAAC), Internet of Things (IoT), smart contracts.
I. INTRODUCTIONT HE Internet of Things (IoT) has reshaped how we interact with the world around us. IoT systems connect various devices together to exchange data, providing new opportunities for applications in industrial automation, smart factories, smart homes, and smart cities [1]. However, these systems also introduce new challenges, particularly in terms of privacy and security [2]-[6]. In IoT systems, many of the devices may have limited computing power, memory, and/or battery life, complicating the application of traditional security mechanisms [4]- [7]. IoT systems can also contain sensitive data that require protection against unauthorized access or modification [6]-[8]. IoT security, privacy, and trust issues