A blockchain and capability based access control for internet of things using self-sovereign identity

Abstract

Access control systems are essential tools for businesses because they guarantee the safe management of user access to resources after verification. Conventional approaches, such as Role-Based Access Control (RBAC) and Discretionary Access Control (DAC), have drawbacks such complexity brought on by "role explosion" and susceptibility to Trojan horse assaults. Moreover Attribute-Based Access Control (ABAC) has scalability challenges. As the number of attributes increases, managing and maintaining the policies associated with these attributes can become complex. Another significant drawback is, ABAC relies heavily on policies that define the rules for granting or denying access based on attributes, introducing the challenge of policy management complexity. While it provides an alternative, Attribute-Based Access Control (ABAC) has drawbacks such as “attribute explosion" when the number of attributes rises. The lightweight and dynamic properties of Internet of Things (IoT) devices provide security challenges for centralized access control systems. To ensure that only authorized entities may connect with certain IoT resources, access control becomes essential to handle issues related to single-point failure, user authentication, and privacy leaks. To mitigate the risks of centralized approaches, a technique called distributed access control is suggested. It is investigated whether integrating blockchain technology might improve security. Benefits of blockchain include its decentralized, transparent, and unchangeable nature. Nevertheless, there are drawbacks to the current blockchain-based IoT access control solutions, such as their vulnerability to Distributed Denial of Service (DDoS) assaults. To solve these problems, the suggested method integrates capability-based access management with Self-Sovereign Identity (SSI) inside a blockchain environment. By ensuring that entities only have permissions that are in line with their roles and responsibilities, this method seeks to securely manage and transfer capabilities. The creation of a prototype system highlights the feasibility and effectiveness of the suggested solution in the research. This system provides a possible remedy for the security issues raised by IoT settings and blockchain technology by demonstrating the combination of SSI and capability-based access control in a practical setting.