DABAC: Smart Contract-Based Spatio-Temporal Domain Access Control for the Internet of Things

Abstract

With the advent of IoT technology, the dynamic nature of IoT devices has introduced new obstacles to access control. It is essential to consider the security requirements of the actual physical environment, rendering the traditional access control approach centered on the information space. In the IoT ecosystem, there are several issues such as the dynamics of devices frequently entering and leaving, the lack of computing and storage capacity, and distributed deployment. To address these challenges, this paper proposes the Domain Attribute Based Access Control(DABAC) that incorporates domain elements to implement the physical location limitation of dynamic devices. Moreover, an intelligent gateway is utilized to divide the physical area and act as a proxy to achieve regional device management, automatic networking of devices in the domain, and the dynamic expansion of the sensor network resulting from device entry or exit. Then, given the distributed deployment of devices, smart contracts are employed to deploy access control mechanisms and construct a trusted environment to mitigate threats such as single points of failure. Finally, the DABAC is implemented on the Ethereum platform, simulating a smart medical situation. The experimental results demonstrate that the proposed solution effectively addresses the problem of access control of device dynamics in an untrusted IoT environment while maintaining system security.