Table of Contents
Fetching ...

Capability-Based Multi-Tenant Access Management in Crowdsourced Drone Services

Junaid Akram, Ali Anaissi, Awais Akram, Youcef Djenouri, Palash Ingle, Rutvij H. Jhaveri

TL;DR

This paper tackles secure, scalable access control for crowdsourced drone services in bushfire management by introducing a capability-based model that integrates Verifiable Credentials with OAuth 2.0. It describes a token issuance flow using DPoP for proof-of-possession, VC-embedded JWTs, and a verification architecture across multiple tenants, including token revocation and VP consolidation. The authors implement a Python prototype and demonstrate performance advantages for EdDSA over other signatures, along with a formal Alloy-based security analysis to verify token integrity and revocation properties. The work aims to improve data availability, privacy, and portability in decentralized drone ecosystems, with future directions including DID-based subjects and dynamic key rotation.

Abstract

We propose a capability-based access control method that leverages OAuth 2.0 and Verifiable Credentials (VCs) to share resources in crowdsourced drone services. VCs securely encode claims about entities, offering flexibility. However, standardized protocols for VCs are lacking, limiting their adoption. To address this, we integrate VCs into OAuth 2.0, creating a novel access token. This token encapsulates VCs using JSON Web Tokens (JWT) and employs JWT-based methods for proof of possession. Our method streamlines VC verification with JSON Web Signatures (JWS) requires only minor adjustments to current OAuth 2.0 systems. Furthermore, in order to increase security and efficiency in multi-tenant environments, we provide a novel protocol for VC creation that makes use of the OAuth 2.0 client credentials grant. Using VCs as access tokens enhances OAuth 2.0, supporting long-term use and efficient data management. This system aids bushfire management authorities by ensuring high availability, enhanced privacy, and improved data portability. It supports multi-tenancy, allowing drone operators to control data access policies in a decentralized environment.

Capability-Based Multi-Tenant Access Management in Crowdsourced Drone Services

TL;DR

This paper tackles secure, scalable access control for crowdsourced drone services in bushfire management by introducing a capability-based model that integrates Verifiable Credentials with OAuth 2.0. It describes a token issuance flow using DPoP for proof-of-possession, VC-embedded JWTs, and a verification architecture across multiple tenants, including token revocation and VP consolidation. The authors implement a Python prototype and demonstrate performance advantages for EdDSA over other signatures, along with a formal Alloy-based security analysis to verify token integrity and revocation properties. The work aims to improve data availability, privacy, and portability in decentralized drone ecosystems, with future directions including DID-based subjects and dynamic key rotation.

Abstract

We propose a capability-based access control method that leverages OAuth 2.0 and Verifiable Credentials (VCs) to share resources in crowdsourced drone services. VCs securely encode claims about entities, offering flexibility. However, standardized protocols for VCs are lacking, limiting their adoption. To address this, we integrate VCs into OAuth 2.0, creating a novel access token. This token encapsulates VCs using JSON Web Tokens (JWT) and employs JWT-based methods for proof of possession. Our method streamlines VC verification with JSON Web Signatures (JWS) requires only minor adjustments to current OAuth 2.0 systems. Furthermore, in order to increase security and efficiency in multi-tenant environments, we provide a novel protocol for VC creation that makes use of the OAuth 2.0 client credentials grant. Using VCs as access tokens enhances OAuth 2.0, supporting long-term use and efficient data management. This system aids bushfire management authorities by ensuring high availability, enhanced privacy, and improved data portability. It supports multi-tenancy, allowing drone operators to control data access policies in a decentralized environment.
Paper Structure (14 sections, 6 equations, 2 figures)

This paper contains 14 sections, 6 equations, 2 figures.

Figures (2)

  • Figure 1: Capability-Based Multi-Tenant Access Management Framework
  • Figure 2: Performance comparison of cryptographic algorithms across varying request loads: (a) access token generation time (b) verification time (c) system throughput.