Skip to main content
main-content
Top

Hint

Swipe to navigate through the chapters of this book

2018 | OriginalPaper | Chapter

Towards Blockchain-Based Identity and Access Management for Internet of Things in Enterprises

Authors: Martin Nuss, Alexander Puchta, Michael Kunz

Published in: Trust, Privacy and Security in Digital Business

Publisher: Springer International Publishing

share
SHARE

Abstract

With the Internet of Things (IoT) evolving more and more, companies active within this area face new challenges for their Identity and Access Management (IAM). Namely, general security, resource constraint devices, interoperability, and scalability cannot be addressed anymore with traditional measures. Blockchain technology, however, may act as an enabler to overcome those challenges. In this paper, general application areas for blockchain in IAM are described based on recent research work. On this basis, it is discussed how blockchain can address IAM challenges presented by IoT. Finally, a corporate scenario utilizing blockchain-based IAM for IoT is outlined to assess the applicability in practice. The paper shows that private blockchains can be leveraged to design tamper-proof IAM functionality while maintaining scalability regarding the number of clients and transactions. This could be useful for enterprises to prevent single-point-of-failures as well as to enable transparent and secure auditing & monitoring of security-relevant events.
Literature
2.
go back to reference Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: Using blockchain for medical data access and permission management. In: International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016) Azaria, A., Ekblaw, A., Vieira, T., Lippman, A.: Medrec: Using blockchain for medical data access and permission management. In: International Conference on Open and Big Data (OBD), pp. 25–30. IEEE (2016)
3.
go back to reference Babar, S., Mahalle, P., Stango, A., Prasad, N., Prasad, R.: Proposed security model and threat taxonomy for the Internet of Things (IoT). In: Recent Trends in Network Security and Applications, pp. 420–429 (2010) CrossRef Babar, S., Mahalle, P., Stango, A., Prasad, N., Prasad, R.: Proposed security model and threat taxonomy for the Internet of Things (IoT). In: Recent Trends in Network Security and Applications, pp. 420–429 (2010) CrossRef
4.
go back to reference Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016) Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)
5.
go back to reference Chen, J., Liu, Y., Chai, Y.: An identity management framework for internet of things. In: 2015 IEEE 12th International Conference on e-Business Engineering (ICEBE), pp. 360–364. IEEE (2015) Chen, J., Liu, Y., Chai, Y.: An identity management framework for internet of things. In: 2015 IEEE 12th International Conference on e-Business Engineering (ICEBE), pp. 360–364. IEEE (2015)
6.
go back to reference Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016) CrossRef Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. IEEE Access 4, 2292–2303 (2016) CrossRef
7.
go back to reference Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V.: Blockchain technology: beyond bitcoin. Appl. Innov. 2, 6–10 (2016) CrossRef Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V.: Blockchain technology: beyond bitcoin. Appl. Innov. 2, 6–10 (2016) CrossRef
9.
go back to reference Fischer, M.J., Lynch, N.A., Paterson, M.S.: Impossibility of distributed consensus with one faulty process. J. ACM (JACM) 32(2), 374–382 (1985) MathSciNetCrossRef Fischer, M.J., Lynch, N.A., Paterson, M.S.: Impossibility of distributed consensus with one faulty process. J. ACM (JACM) 32(2), 374–382 (1985) MathSciNetCrossRef
10.
go back to reference Godik, S., Moses, T.: OASIS extensible access control markup language (XACML). OASIS Committee Secification cs-xacml-specification-1.0 (2002) Godik, S., Moses, T.: OASIS extensible access control markup language (XACML). OASIS Committee Secification cs-xacml-specification-1.0 (2002)
11.
go back to reference Gusmeroli, S., Piccione, S., Rotondi, D.: IoT access control issues: a capability based approach. In: 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 787–792. IEEE (2012) Gusmeroli, S., Piccione, S., Rotondi, D.: IoT access control issues: a capability based approach. In: 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 787–792. IEEE (2012)
13.
go back to reference Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004) CrossRef Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004) CrossRef
14.
go back to reference Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800–162 (2014) Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800–162 (2014)
15.
go back to reference Kshetri, N.: Can blockchain strengthen the internet of things? IT Prof. 19(4), 68–72 (2017) CrossRef Kshetri, N.: Can blockchain strengthen the internet of things? IT Prof. 19(4), 68–72 (2017) CrossRef
16.
go back to reference Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. (TOPLAS) 4(3), 382–401 (1982) CrossRef Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. (TOPLAS) 4(3), 382–401 (1982) CrossRef
18.
go back to reference Mickens, J.: The saddest moment. Login Usenix Mag. 39(3), 52–54 (2014) Mickens, J.: The saddest moment. Login Usenix Mag. 39(3), 52–54 (2014)
19.
go back to reference Moinet, A., Darties, B., Baril, J.L.: Blockchain based trust & authentication for decentralized sensor networks. arXiv preprint arXiv:​1706.​01730 (2017) Moinet, A., Darties, B., Baril, J.L.: Blockchain based trust & authentication for decentralized sensor networks. arXiv preprint arXiv:​1706.​01730 (2017)
20.
go back to reference Osmanoglu, E.: Identity and Access Management: Business Performance Through Connected Intelligence. Newnes, Waltham (2013) Osmanoglu, E.: Identity and Access Management: Business Performance Through Connected Intelligence. Newnes, Waltham (2013)
21.
go back to reference Ouaddah, A., Mousannif, H., Elkalam, A.A., Ouahman, A.A.: Access control in the internet of things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017) CrossRef Ouaddah, A., Mousannif, H., Elkalam, A.A., Ouahman, A.A.: Access control in the internet of things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017) CrossRef
22.
go back to reference Outchakoucht, A., Hamza, E.S., Leroy, J.P.: Dynamic access control policy based on blockchain and machine learning for the internet of things. Int. J. Adv. Comput. Sci. Appl. 8(7), 417–424 (2017) Outchakoucht, A., Hamza, E.S., Leroy, J.P.: Dynamic access control policy based on blockchain and machine learning for the internet of things. Int. J. Adv. Comput. Sci. Appl. 8(7), 417–424 (2017)
23.
go back to reference Polyzos, G.C., Fotiou, N.: Blockchain-assisted information distribution for the internet of things. In: 2017 IEEE International Conference on Information Reuse and Integration (IRI), pp. 75–78. IEEE (2017) Polyzos, G.C., Fotiou, N.: Blockchain-assisted information distribution for the internet of things. In: 2017 IEEE International Conference on Information Reuse and Integration (IRI), pp. 75–78. IEEE (2017)
24.
go back to reference Rodrigues, R., Liskov, B., Chen, K., Liskov, M., Schultz, D.: Automatic reconfiguration for large-scale reliable storage systems. IEEE Trans. Dependable Secure Comput. 9(2), 145–158 (2012) CrossRef Rodrigues, R., Liskov, B., Chen, K., Liskov, M., Schultz, D.: Automatic reconfiguration for large-scale reliable storage systems. IEEE Trans. Dependable Secure Comput. 9(2), 145–158 (2012) CrossRef
25.
go back to reference Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57(10), 2266–2279 (2013) CrossRef Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57(10), 2266–2279 (2013) CrossRef
26.
go back to reference Salman, O., Abdallah, S., Elhajj, I.H., Chehab, A., Kayssi, A.: Identity-based authentication scheme for the internet of things. In: 2016 IEEE Symposium on Computers and Communication (ISCC), pp. 1109–1111. IEEE (2016) Salman, O., Abdallah, S., Elhajj, I.H., Chehab, A., Kayssi, A.: Identity-based authentication scheme for the internet of things. In: 2016 IEEE Symposium on Computers and Communication (ISCC), pp. 1109–1111. IEEE (2016)
27.
go back to reference Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996) CrossRef Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996) CrossRef
28.
go back to reference Schneider, F.B.: Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Comput. Surv. (CSUR) 22(4), 299–319 (1990) CrossRef Schneider, F.B.: Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Comput. Surv. (CSUR) 22(4), 299–319 (1990) CrossRef
29.
go back to reference Shafagh, H., Hithnawi, A., Duquennoy, S.: Towards blockchain-based auditable storage and sharing of IoT data. arXiv preprint arXiv:​1705.​08230 (2017) Shafagh, H., Hithnawi, A., Duquennoy, S.: Towards blockchain-based auditable storage and sharing of IoT data. arXiv preprint arXiv:​1705.​08230 (2017)
30.
go back to reference Trnka, M., Cerny, T.: Identity management of devices in internet of things environment. In: 2016 6th International Conference on IT Convergence and Security (ICITCS), pp. 1–4. IEEE (2016) Trnka, M., Cerny, T.: Identity management of devices in internet of things environment. In: 2016 6th International Conference on IT Convergence and Security (ICITCS), pp. 1–4. IEEE (2016)
32.
go back to reference Vukolić, M.: Rethinking permissioned blockchains. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 3–7. ACM (2017) Vukolić, M.: Rethinking permissioned blockchains. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 3–7. ACM (2017)
33.
go back to reference Zhu, X., Badr, Y., Pacheco, J., Hariri, S.: Autonomic identity framework for the internet of things. In: 2017 International Conference on Cloud and Autonomic Computing (ICCAC), pp. 69–79. IEEE (2017) Zhu, X., Badr, Y., Pacheco, J., Hariri, S.: Autonomic identity framework for the internet of things. In: 2017 International Conference on Cloud and Autonomic Computing (ICCAC), pp. 69–79. IEEE (2017)
Metadata
Title
Towards Blockchain-Based Identity and Access Management for Internet of Things in Enterprises
Authors
Martin Nuss
Alexander Puchta
Michael Kunz
Copyright Year
2018
DOI
https://doi.org/10.1007/978-3-319-98385-1_12

Premium Partner