Erschienen in:
The Computer Journal, 67 (2024) 2, Seite 407-422
Sprache:
Englisch
DOI:
10.1093/comjnl/bxac183
ISSN:
0010-4620;
1460-2067
Entstehung:
Anmerkungen:
Beschreibung:
Abstract Security faces huge challenges in Internet of Things (IoT) environments. In particular, conventional access control standards and models tend to be less tailored for IoT due to the constrained nature of smart objects. Usually, a powerful third party is used to handle the access control logic. However, this third party is lacking in transparency and could harm user privacy. Therefore, providing a distributed access control solution, while considering transparency and privacy-preserving awareness in IoT smart systems, is of paramount importance. The described issue can be addressed using the emergent Blockchain technology that provides a promising choice to build a new generation of decentralized and transparent access control solutions. This paper proposes a smart contract-based access control framework for IoT smart healthcare systems, which is based on smart contracts to provide a distributed and trustworthy access control, combined with the GTRBAC model to express fine-grained access control policies while considering temporal authorization constraints. To prove the feasibility and validity of the proposed framework, this paper also provides a detailed technical description and an initial implementation and execution. An experimental evaluation shows that security properties’ analyses on smart contracts achieved the best possible evaluation with no vulnerabilities found, and the cost of access control operations increases linearly as the number of policy constraints increases. Besides, a comparative analysis reveals that the proposed approach can achieve good results with low gas costs and latency.