The Internet of things (IoT) presents new opportunities and challenges due to its scale and dynamic nature. One significant challenge for the IoT is the need for security, in particular access control solutions, that are designed to meet the characteristics of these systems. Delegation of rights, from one entity to another, is a crucial component of an access control system. The IoT requires a secure, flexible, and fine-grained delegation model. While there has been considerable work in the area of delegation, much of it assumes a centralized, well-resourced system and these solutions have limited capacity in the context of the IoT. Where delegation models for the IoT have been proposed they typically provide only coarse-grained control over the delegation of rights. Moreover, many of them require a centralized trusted authority, which can suffer from a single-point failure and is not an ideal base for a large and dynamic system like the IoT. In this paper, we propose an identity-less, asynchronous, and decentralized delegation model for the IoT based on blockchain technology. We describe system components, architecture, and key aspects related to the security of the system. We use attributes to validate an entity rather than depending upon unique identities. We demonstrate the feasibility of our model through use-case examples and analyze the performance with a proof of concept testbed implementation using Ethereum private blockchain.
- Access control