Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Securing RC Based P2P Networks: A Blockchain-based Access Control Framework utilizing Ethereum Smart Contracts for IoT and Web 3.0

Saurav Ghosh, Reshmi Mitra, Indranil Roy, Bidyut Gupta

TL;DR

This paper addresses securing highly dynamic P2P networks where traditional RBAC struggles due to decentralization and high churn. It proposes a blockchain-based access control framework built on Ethereum smart contracts, comprising Access Control Contracts (ACCs), a Judge Contract (JC), and a Register Contract (RC) to enforce static and dynamic policies with dual-validation. It introduces dynamic reference data and real-time policy updates to improve adaptability, robustness, and scalability in IoT and Web 3.0 contexts, with policies and ACCs stored immutably on the blockchain. Empirical validation demonstrates improved security postures, reduced unauthorized access, and increased transparency in decentralized networks, highlighting practical impact for scalable secure P2P systems.

Abstract

Ensuring security for highly dynamic peer-to-peer (P2P) networks has always been a challenge, especially for services like online transactions and smart devices. These networks experience high churn rates, making it difficult to maintain appropriate access control. Traditional systems, particularly Role-Based Access Control (RBAC), often fail to meet the needs of a P2P environment. This paper presents a blockchain-based access control framework that uses Ethereum smart contracts to address these challenges. Our framework aims to close the gaps in existing access control systems by providing flexible, transparent, and decentralized security solutions. The proposed framework includes access control contracts (ACC) that manage access based on static and dynamic policies, a Judge Contract (JC) to handle misbehavior, and a Register Contract (RC) to record and manage the interactions between ACCs and JC. The security model combines impact and severity-based threat assessments using the CIA (Confidentiality, Integrity, Availability) and STRIDE principles, ensuring responses are tailored to different threat levels. This system not only stabilizes the fundamental issues of peer membership but also offers a scalable solution, particularly valuable in areas such as the Internet of Things (IoT) and Web 3.0 technologies.

Securing RC Based P2P Networks: A Blockchain-based Access Control Framework utilizing Ethereum Smart Contracts for IoT and Web 3.0

TL;DR

This paper addresses securing highly dynamic P2P networks where traditional RBAC struggles due to decentralization and high churn. It proposes a blockchain-based access control framework built on Ethereum smart contracts, comprising Access Control Contracts (ACCs), a Judge Contract (JC), and a Register Contract (RC) to enforce static and dynamic policies with dual-validation. It introduces dynamic reference data and real-time policy updates to improve adaptability, robustness, and scalability in IoT and Web 3.0 contexts, with policies and ACCs stored immutably on the blockchain. Empirical validation demonstrates improved security postures, reduced unauthorized access, and increased transparency in decentralized networks, highlighting practical impact for scalable secure P2P systems.

Abstract

Ensuring security for highly dynamic peer-to-peer (P2P) networks has always been a challenge, especially for services like online transactions and smart devices. These networks experience high churn rates, making it difficult to maintain appropriate access control. Traditional systems, particularly Role-Based Access Control (RBAC), often fail to meet the needs of a P2P environment. This paper presents a blockchain-based access control framework that uses Ethereum smart contracts to address these challenges. Our framework aims to close the gaps in existing access control systems by providing flexible, transparent, and decentralized security solutions. The proposed framework includes access control contracts (ACC) that manage access based on static and dynamic policies, a Judge Contract (JC) to handle misbehavior, and a Register Contract (RC) to record and manage the interactions between ACCs and JC. The security model combines impact and severity-based threat assessments using the CIA (Confidentiality, Integrity, Availability) and STRIDE principles, ensuring responses are tailored to different threat levels. This system not only stabilizes the fundamental issues of peer membership but also offers a scalable solution, particularly valuable in areas such as the Internet of Things (IoT) and Web 3.0 technologies.

Paper Structure

This paper contains 11 sections, 4 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Design of Access Control Framework
  5. Access Control Contracts (ACCs)
  6. Judge Contract (JC)
  7. Register Contract (RC)
  8. Algorithm
  9. Implementation
  10. Result and Discussion
  11. Conclusion

Figures (4)

  • Figure 1: A two-level RC based structured P2P architecture with n distinct resource types
  • Figure 2: Architecture of the Access Control System
  • Figure 3: Blockchain-based access control system architecture
  • Figure 4: Description of the PrimaryGroupHeadRoleACC contract and the associated transaction.