On the Integration of Blockchain to the Internet of Things for Enabling Access Right Delegation

With the advancement of the Internet of Things (IoT) in recent years, there is a bigger potential to use online services than ever before. The use of the IoT brings numerous opportunities for both service providers and end users, however, it faces critical questions of security and privacy. Toward this, access control is one of the significant security challenges for the IoT, in particular, considering the characteristics of such IoT systems. To develop a secure access control architecture for the IoT, the propagation of access right delegation is a major issue. Many proposals present access control issues for the IoT but given the specific context of access right delegation, it is still in its infancy. This article presents an approach to address such a delegation issue for the IoT using the blockchain technology. We propose a delegation model that employv the critical issues, e.g., the use of nonunique identities, asynchronous and flexible delegation nature of communication for the IoT without the need of a centralized system. The goal of our primitive is to use attributes for validating the identity of an entity instead of relying on a concrete unique identity of an entity. To provide privacy for the attributes, we propose a dual blockchain architecture that moves the attribute storage and access of the public blockchain and onto a secure private blockchain. To demonstrate the feasibility of our proposed approach, we evaluate the system performances using the Ethereum blockchain network.