Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Blockchain-based User-centric Role Based Access Control Mechanism

블록체인 기반의 사용자 중심 역할기반 접근제어 기법 연구

  • Lee, YongJoo (Division of Software, Chungbuk National University) ;
  • Woo, SungHee (Department of Computer Engineering, Korea National University of Transportation)
  • Received : 2022.06.07
  • Accepted : 2022.07.01
  • Published : 2022.07.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the development of information technology, the size of the system has become larger and diversified, and the existing role-based access control has faced limitations. Blockchain technology is being used in various fields by presenting new solutions to existing security vulnerabilities. This paper suggests efficient role-based access control in a blockchain where the required gas and processing time vary depending on the access frequency and capacity of the storage. The proposed method redefines the role of reusable units, introduces a hierarchical structure that can efficiently reflect dynamic states to enhance efficiency and scalability, and includes user-centered authentication functions to enable cryptocurrency linkage. The proposed model was theoretically verified using Markov chain, implemented in Ethereum private network, and compared experiments on representative functions were conducted to verify the time and gas efficiency required for user addition and transaction registration. Based on this in the future, structural expansion and experiments are required in consideration of exception situations.

정보 기술의 발달로 시스템의 규모는 대형화되고 역할의 종류도 다양해져서 기존의 역할기반 접근제어로는 확장성, 호환성, 복잡성 등의 한계에 부딪히게 되었다. 블록체인 기술은 기존 보안 취약점에 새로운 해법을 제시하며 다양한 분야에서 활용되고 있다. 본 논문에서는 저장소의 접근 빈도와 저장 용량에 따라 요구되는 가스 및 처리 시간이 달라지는 블록체인 환경에서 효율적인 역할기반접근제어를 제안하였다. 제안하는 방식은 재사용 가능한 단위의 역할을 재정의하고, 동적인 상태를 효율적으로 반영할 수 있는 계층적 구조를 도입하여 복잡성을 해결하고 효율성 및 확장성을 강화하였고, 암호화폐 연동이 가능할 수 있도록 사용자 중심의 인증기능을 포함하였다. 제안하는 모델은 마르코프체인을 이용하여 이론적으로 먼저 검증하고, 이더리움 프라이빗 네트워크에서 구현하여 대표함수에 대한 비교 실험을 실행하여 사용자 추가 및 트랜잭션 등록 시에 요구되는 시간과 가스 효율성에 대하여 검증하였다. 향후 이를 기반으로 예외 상황 등을 고려한 구조 확장 및 실험 등이 요구된다.

Keywords

Acknowledgement

This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the Grand Information Technology Research Center support program(IITP-2022-2020-0-01462) supervised by the IITP(Institute for Information & communications Technology Planning & Evaluation)

References

  1. Y. Zhang, S. Kasahara, Y. Shen, X. Jiang, and J. Wan, "Smart Contract-Based Access Control for the Internet of Things," IEEE Internet of Things Journal, vol. 6, no. 2, pp. 1594-1605, Jun. 2018. https://doi.org/10.1109/jiot.2018.2847705
  2. F. Tschorsch and B. Scheuermann, "Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2084-2123, Mar. 2016. https://doi.org/10.1109/COMST.2016.2535718
  3. Y. J. Lee, K. M. Lee, and S. H. Lee, "Blockchain-based reputation management for custom manufacturing service in the peer-to-peer networking environment," Peer-to-Peer Networking and Applications, vol. 13, no. 2, pp. 671-683, May. 2019.
  4. O. Novo, "Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT," IEEE Internet of Things Journal, vol. 5, no. 2, pp. 1184-1195, Apr. 2018. https://doi.org/10.1109/jiot.2018.2812239
  5. N. Atzei, M. Bartoletti, and T. Cimoli, "A Survey of Attacks on Ethereum Smart Contracts," in Proceedings of the 6th International Conference on Principles of Security and Trust, Uppsala, Sweden, vol. 10204, pp. 164-186, Apr. 2017.
  6. A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravarm, "Blockchain for IoT security and privacy: The case study of a smart home," in IEEE international conference on pervasive computing and communications workshops (PerCom workshops), Kona: HI, USA, pp. 618-623, 2017.
  7. C. Dannen, Introducing Ethereum and Solidity, CA: Apress Berkeley, USA, 2017.
  8. J. P. Cruz, Y. Kaji, and N. Yanai, "RBAC-SC: Role-based Access Control Using Smart Contract," IEEE Access, vol. 6, pp. 12240-12251, Mar. 2018. https://doi.org/10.1109/access.2018.2812844
  9. Y. Lee and K. M. Lee, "Blockchain-based RBAC for user authentication with anonymity," in Proceedings of the Conference on Research in Adaptive and Convergent Systems, Chongqing, China, pp. 289-294, 2019.
  10. A. Ouaddah, A. A. Elkalam, and A. Ouahman, "FairAccess: a new Blockchain-based access control framework for the Internet of Things," Security and communication networks, vol. 9, no. 18, pp. 5943-5964, Feb. 2017. https://doi.org/10.1002/sec.1748
  11. G. Zyskind, O. Nathan, and A. S. Pentland, "Decentralizing Privacy: Using Blockchain to Protect Personal Data," in IEEE Security and Privacy Workshops, San Jose: CA, USA, pp. 180-184, 2015.
  12. Y. Xiao, N. Zhang, J. Li, W. Lou, and Y. T. Hou, "PrivacyGuard: Enforcing Private Data Usage Control with Blockchain and Attested Off-Chain Contract Execution," in European Symposium on Research in Computer Security, Guildfor, UK, pp. 610-629, 2020.
  13. D. D. F. Maesa, P. Mori, and L. Ricci "Blockchain Based Access Control," in IFIP International Conference on Distributed Applications and Interoperable Systems, Neuchatel, Switzerland, pp. 206-220, 2017.
  14. O. J. A. Pinno, A. R. A. Gregio, and L. C. E. D. Boan, "Controlchain: Blockchain as a central enabler for access control authorizations in the iot," in GLOBECOM IEEE Global Communications Conference, Singapore, pp. 1-6. 2017.
  15. G. Fragkos, J. Johnson, and E. E. Tsiropoulou, "Dynamic Role-Based Access Control Policy for Smart Grid Applications: An Offline Deep Reinforcement Learning Approach," IEEE Transactions on Human-Machine Systems, pp. 1-13, Apr. 2022.
  16. D. Ferraiolo, R. Sandhu, S. Gavrilla, D. R. Kuhn, and R. Chandramouli, "Proposed NIST standard for role-based access control," ACM Transactions on Information and System Security (TISSEC), vol. 4, no. 3, pp. 224-274, Aug. 2001. https://doi.org/10.1145/501978.501980
  17. G. J. Sahani, C. S. Thaker, and S. M. Shah, "Scalable RBAC model for large-scale applications with automatic user-role assignment," International Journal of Communication Networks and Distributed Systems, vol. 28, no. 1, pp. 76-102, 2022. https://doi.org/10.1504/IJCNDS.2022.120294
  18. C. Lin, D. He, X. Huang, K. -K. R. Choo, and A. V. Vasilakos, "BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0," Journal of Network and Computer Applications, vol. 116, no. 15, pp. 42-52, Aug. 2018. https://doi.org/10.1016/j.jnca.2018.05.005
  19. R. Sandhu, D. Ferraiolo, and R. Kuhn, "The NIST Model for Role-based Access Control: Towards a Unified Standard," in Fifth ACM Workshop on Role-based Access Control, Berlin, Germany, pp. 47-63, Jul. 2000.
  20. C. Dukkipati, Y. Zhang, and L. C. Cheng, "Decentralized, Blockchain based Access Control Framework for the Heterogeneous Internet of Things," in Proceedings of the Third ACM Workshop on Attribute-Based Access Control, Tempe: AZ, USA, pp. 61-69, Mar. 2018.
  21. O. -C. Ri, Y. -J. Kim, and Y. -J. Jong, "Blockchain-based RBAC Model with Separation of Duties constraint in Cloud Environment," arXiv preprint, arXiv:2203.00351., Mar. 2022.