Pruning Blockchain Protocols for Efficient Access Control in IoT Systems
Yongtao Huang, I-Ling Yen, Farokh Bastani
TL;DR
IoT access control faces scalability and reliability challenges when relying on centralized or traditional blockchain approaches. The authors propose PBAC, a pruning-based blockchain access control protocol, featuring a shortcut path and the R&D-BAC device-hierarchy approach, implemented on a bespoke consortium blockchain with ShadowDP for policy state management. Key results show a median access time reduction of about $43\%$ with shortcuts and over $2\times$ RBAC performance improvements with R&D-BAC, demonstrating substantial efficiency gains. The work enables scalable, resilient, and cross-domain capable IoT access control with potential offline operation and future extensions to ABAC encoding and cross-domain policy mappings.
Abstract
We consider access control for IoT systems that involves shared accesses to the IoT devices as well as their data. Since IoT devices are dispersed all over the edge of the Internet, traditional centralized access control has problems. Blockchain based decentralized access control is thus the new solution trend. However, existing blockchain based access control methods do not focus on performance issues and may incur a high communication overhead. In this paper, we develop a Pruning Blockchain based Access Control (PBAC) protocol to cutdown the unnecessary message rounds and achieve high efficiency in access validations and policy management. The protocol includes a shortcut and a Role and Device Hierarchy-Based Access Control (R&D-BAC) approaches for different environment settings. To realize the PBAC protocol, it is necessary to carefully engineer the system architecture, which is also discussed in the paper. Experiments demonstrate the efficacy of the PBAC protocol, specifically, the shortcut mechanism reduces access time by approximately 43%, and R&D-BAC outperforms traditional blockchain based RBAC by more than two folds.