More Web Proxy on the site http://driver.im/

research-article

A Blockchain-Based Access Control Scheme for Zero Trust Cross-Organizational Data Sharing

Authors:

Kim-Kwang Raymond Choo,

Zhiguo WanAuthors Info & Claims

ACM Transactions on Internet Technology, Volume 23, Issue 3

Article No.: 38, Pages 1 - 25

https://doi.org/10.1145/3511899

Published: 21 August 2023 Publication History

Abstract

Multi-organization data sharing is becoming increasingly prevalent due to the interconnectivity of systems and the need for collaboration across organizations (e.g., exchange of data in a supply chain involving multiple upstream and downstream vendors). There are, however, data security concerns due to lack of trust between organizations that may be located in jurisdictions with varying security and privacy legislation and culture (also referred to as a zero trust environment). Hence, in such a zero trust setting, one should introduce strengthened, yet efficient, access control mechanisms to facilitate cross-organizational data access and exchange requests. Contemporary access control schemes generally focus on protecting a single objective rather than multiple parties, due to higher security costs. In this article, we propose a blockchain-based access control scheme, designed to facilitate lightweight data sharing among different organizations. Specifically, our approach utilizes the consortium blockchain to establish a trustworthy environment, in which a Role-Based Access Control (RBAC) model is then deployed using our proposed multi-signature protocol and smart contract methods. Evaluation of our proposed approach is performed on the HyperLedger Fabric consortium blockchain platform using both Caliper and BFT-SMaRT benchmarks, and the findings demonstrate the utility of our approach.

References

[1]

E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A. Caro, D. Enyeart, C. Ferris, G. Laventman, Y. Manevich, et al. 2018. Hyperledger fabric: A distributed operating system for permissioned blockchains. In Proceedings of the 13th EuroSys Conference. ACM, NY, 1–15.

Digital Library

[2]

B. Chen, S. Qiao, J. Zhao, D. Liu, X. Shi, M. Lyu, H. Chen, H. Lu, and Y. Zhai. 2020. A security awareness and protection system for 5G smart healthcare based on zero-trust architecture. IEEE Internet of Things Journal PP, 99 (2020), 1.

[3]

H. Chen. 2019. Collaboration IoT-based RBAC with trust evaluation algorithm model for massive IoT integrated application. Mobile Networks and Applications 24, 3 (2019), 839–852.

Digital Library

[4]

J. P. Cruz, Y. Kaji, and N. Yanai. 2018. RBAC-SC: Role-based access control using smart contract. IEEE Access 6 (2018), 12240–12251.

[5]

C. DeCusatis, P. Liengtiraphan, A. Sager, and M. Pinelli. 2016. Implementing zero trust cloud networks with transport access control and first packet authentication. In 2016 IEEE International Conference on Smart Cloud. IEEE, New York, NY, 5–10.

[6]

C. DeCusatis, P. Liengtiraphan, A. Sager, and M. Pinelli. 2016. Implementing zero trust cloud networks with transport access control and first packet authentication. In 2016 IEEE International Conference on Smart Cloud (SmartCloud). IEEE, New York, 5–10.

[7]

C. Dukkipati, Y. Zhang, and L. Cheng. 2018. Decentralized, blockchain based access control framework for the heterogeneous internet of things. In Proceedings of the 3rd ACM Workshop on Attribute-Based Access Control. ACM, NY, 61–69.

Digital Library

[8]

S. Hu, L. Hou, G. Chen, J. Weng, and J. Li. 2018. Reputation-based distributed knowledge sharing system in blockchain. In Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services. ACM, NY, 476–481.

Digital Library

[9]

M. Jafari and M. Fathian. 2007. Management advantages of object classification in role-based access control (RBAC). In Annual Asian Computing Science Conference. Springer, Doha, Qatar, 95–110.

[10]

M. Jemel and A. Serhrouchni. 2017. Decentralized access control mechanism with temporal dimension based on blockchain. In 2017 IEEE 14th International Conference on e-Business Engineering (ICEBE’17). IEEE, Shanghai, China, 177–182.

[11]

A. Jøsang. 2013. PKI trust models. In Theory and Practice of Cryptography Solutions for Secure Information Systems. IGI Global, PA, 279–301.

[12]

K. Korpela, J. Hallikas, and T. Dahlberg. 2017. Digital supply chain transformation toward blockchain integration. In Proceedings of the 50th Hawaii International Conference on System Sciences. IEEE, Hawaii, 1–10.

[13]

C. Lin, D. He, X. Huang, K. K. R. Choo, and A. Vasilakos. 2018. BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0. Journal of Network and Computer Applications 116 (2018), 42–52.

[14]

D. Maesa, P. Mori, and L. Ricci. 2017. Blockchain based access control. In IFIP International Conference on Distributed Applications and Interoperable Systems. Springer, Neuchâtel, Switzerland, 206–220.

[15]

D. Maesa, P. Mori, and L. Ricci. 2018. Blockchain based access control services. In 2018 IEEE International Conference on Internet of Things (iThings’18), IEEE Green Computing and Communications (GreenCom’18), IEEE Cyber, Physical and Social Computing (CPSCom’18), and IEEE Smart Data (SmartData’18). IEEE, Halifax, Canada, 1379–1386.

[16]

G. Maxwell, A. Poelstra, Y. Seurin, and P. Wuille. 2019. Simple Schnorr multi-signatures with applications to bitcoin. Designs, Codes and Cryptography 87, 9 (2019), 2139–2164.

Digital Library

[17]

O. Novo. 2018. Blockchain meets IoT: An architecture for scalable access management in IoT. IEEE Internet of Things Journal 5, 2 (2018), 1184–1195.

[18]

A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman. 2016. FairAccess: A new Blockchain-based access control framework for the Internet of Things. Security and Communication Networks 9, 18 (2016), 5943–5964.

[19]

J. Paillisse, J. Subira, A. Lopez, A. Rodriguez-Natal, V. Ermagan, F. Maino, and A. Cabellos. 2019. Distributed access control with blockchain. In ICC 2019-2019 IEEE International Conference on Communications (ICC’19). IEEE, Shanghai, China, 1–6.

[20]

J. Park. 2017. Role-based access control to computing resources in an inter-organizational community. (2017). US Patent 9,769,177. Filed 11 June, 2008, Issued 19 Sept., 2017.

[21]

J. Qiu, Z. Tian, C. Du, Q. Zuo, S. Su, and B. Fang. 2020. A survey on access control in the age of internet of things. IEEE Internet of Things Journal 7, 6 (2020), 4682–4696.

[22]

T. Ristenpart and S. Yilek. 2007. The power of proofs-of-possession: Securing multiparty signatures against rogue-key attacks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Barcelona, Spain, 228–245.

Digital Library

[23]

S. Ding, J. Cao, C. Li, K. Fan, and H. Li. 2019. A novel attribute-based access control scheme using blockchain for IoT. IEEE Access 7 (2019), 38431–38441.

[24]

Samaniego, Mayra, and R. Deters. 2018. Zero-trust hierarchical management in IoT. In 2018 IEEE International Congress on Internet of Things (ICIOT’18). IEEE, San Francisco, 88–95.

[25]

R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. 1996. Role-based access control models. Computer 29, 2 (1996), 38–47.

Digital Library

[26]

A. Thakare, E. Lee, A. Kumar, V. Nikam, and Y. Kim. 2020. PARBAC: Priority-attribute-based RBAC model for Azure IoT cloud. IEEE Internet of Things Journal 7, 4 (2020), 2890–2900.

[27]

F. Tycksen and C. Jennings. 2001. Digital Certificate. (2001). US Patent 6,189,097. Filed March 24, 1997, Issued February 13, 2001.

[28]

Romans Vanickis, Paul Jacob, Sohelia Dehghanzadeh, and Brian Lee. 2018. Access control policy enforcement for zero-trust-networking. In 2018 29th Irish Signals and Systems Conference (ISSC’18). IEEE, Belfast, UK, 1–6.

[29]

R. Xu, Y. Chen, E. Blasch, and G. Chen. 2018. Blendcac: A blockchain-enabled decentralized capability-based access control for IoTs. In 2018 IEEE International Conference on Internet of Things (iThings’18), IEEE Green Computing and Communications (GreenCom’18), IEEE Cyber, Physical and Social Computing (CPSCom’18), and IEEE Smart Data (SmartData’18). IEEE, Halifax, Canada, 1027–1034.

[30]

Y. Zhang, D. He, and K. K. R. Choo. 2018. BaDS: Blockchain-based architecture for data sharing with ABS and CP-ABE in IoT. Wireless Communications and Mobile Computing PP, 99 (2018), 1.

[31]

S. Zheng, L. Pan, D. Hu, M. Li, and Y. Fan. 2020. A blockchain-based trading platform for big data. In IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS’20). IEEE, Toronto, Canada, 991–996.

[32]

Y. Zhu, Y. Qin, G. Gan, Y. Shuai, and W. Chu. 2018. TBAC: Transaction-based access control on blockchain for resource sharing with cryptographically decentralized authorization. In 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC’18), Vol. 1. IEEE, Tokyo, Japan, 535–544.

Cited By

Ngoupayou Limbepe ZGai KYu J(2025)Blockchain-Based Privacy-Enhancing Federated Learning in Smart Healthcare: A SurveyBlockchains10.3390/blockchains30100013:1(1)Online publication date: 1-Jan-2025
https://doi.org/10.3390/blockchains3010001
Qu XYang ZChen ZSun G(2025)A consent-aware electronic medical records sharing method based on blockchainComputer Standards & Interfaces10.1016/j.csi.2024.10390292(103902)Online publication date: Mar-2025
https://doi.org/10.1016/j.csi.2024.103902
Li WTse WChen J(2024)Privacy and Security Mechanisms for B2B Data Sharing: A Conceptual FrameworkInformation10.3390/info1506030815:6(308)Online publication date: 26-May-2024
https://doi.org/10.3390/info15060308
Show More Cited By

Index Terms

A Blockchain-Based Access Control Scheme for Zero Trust Cross-Organizational Data Sharing
1. Security and privacy
  1. Security services
    1. Access control
    2. Authorization

Recommendations

Poster: Zero Trust Driven Architecture for Blockchain-Based Access Control Delegation
ACM SIGCOMM Posters and Demos '24: Proceedings of the ACM SIGCOMM 2024 Conference: Posters and Demos

Granting access and controlling access rights for online services is challenging in a highly dynamic and large-scale systems. In particular, the secure propagation of access right delegation is a major issue. Many proposals present access control issues ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01

The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 23, Issue 3

August 2023

303 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3615983

Editor:
Ling Liu
Georgia Institute of Technology, USA

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 August 2023

Online AM: 18 July 2022

Accepted: 17 January 2022

Revised: 30 August 2021

Received: 09 January 2021

Published in TOIT Volume 23, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Key Research and Development Program of China
National Natural Science Foundation of China
Natural Science Foundation of Beijing Municipality
Natural Science Foundation of Shandong Province
Defense Industrial Technology Development Program
Industrial Technology Basic Public Service Platform Project–Information Encoding Algorithm Application Public Service Platform
Cloud Technology Endowed Professorship

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

33
Total Citations
View Citations
2,295
Total Downloads

Downloads (Last 12 months)1,154
Downloads (Last 6 weeks)111

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ngoupayou Limbepe ZGai KYu J(2025)Blockchain-Based Privacy-Enhancing Federated Learning in Smart Healthcare: A SurveyBlockchains10.3390/blockchains30100013:1(1)Online publication date: 1-Jan-2025
https://doi.org/10.3390/blockchains3010001
Qu XYang ZChen ZSun G(2025)A consent-aware electronic medical records sharing method based on blockchainComputer Standards & Interfaces10.1016/j.csi.2024.10390292(103902)Online publication date: Mar-2025
https://doi.org/10.1016/j.csi.2024.103902
Li WTse WChen J(2024)Privacy and Security Mechanisms for B2B Data Sharing: A Conceptual FrameworkInformation10.3390/info1506030815:6(308)Online publication date: 26-May-2024
https://doi.org/10.3390/info15060308
Liu JZhang SHou YXiahou XLi Q(2024)Analyzing Critical Influencing Factors of the Maturity of Smart Construction Site ApplicationsBuildings10.3390/buildings1407191014:7(1910)Online publication date: 22-Jun-2024
https://doi.org/10.3390/buildings14071910
Wang ZGai K(2024)Decision Tree-Based Federated Learning: A SurveyBlockchains10.3390/blockchains20100032:1(40-60)Online publication date: 7-Mar-2024
https://doi.org/10.3390/blockchains2010003
Guo YLiang HZhu LGai K(2024)Zk-SNARKs-Based Anonymous Payment Channel in BlockchainBlockchains10.3390/blockchains20100022:1(20-39)Online publication date: 5-Feb-2024
https://doi.org/10.3390/blockchains2010002
Dash B(2024)Zero-Trust Architecture (ZTA): Designing an AI-Powered Cloud Security Framework for LLMs' Black Box ProblemsSSRN Electronic Journal10.2139/ssrn.4726625Online publication date: 2024
https://doi.org/10.2139/ssrn.4726625
Wei YGai KYu JZhu LChoo K(2024)Trustworthy Access Control for Multiaccess Edge Computing in Blockchain-Assisted 6G SystemsIEEE Transactions on Industrial Informatics10.1109/TII.2024.336046720:5(7732-7743)Online publication date: May-2024
https://doi.org/10.1109/TII.2024.3360467
Xie MFu QHong HRen ZZhang ZKuai J(2024)ABBDAC: A Novel Attribute-Based Blockchain Data Access Control Scheme in Cloud EnvironmentIEEE Internet of Things Journal10.1109/JIOT.2024.345278511:24(40218-40228)Online publication date: 15-Dec-2024
https://doi.org/10.1109/JIOT.2024.3452785
Saha RKumar GConti MDevgun TRodrigues J(2024)AALMOND: Decentralized Adaptive Access Control of Multiparty Data Sharing in Industrial NetworksIEEE Internet of Things Journal10.1109/JIOT.2024.339293311:15(26104-26117)Online publication date: 1-Aug-2024
https://doi.org/10.1109/JIOT.2024.3392933
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

Media

Figures

Other

Tables

View full text|Download PDF

View Issue’s Table of Contents