ACS-IoT: Smart Contract and Blockchain Assisted Framework for Access Control Systems in IoT Enterprise Environment

Centralized access control systems are unsuitable for IoT due to their resource-constrained, heterogeneous, and dynamic nature. Blockchain-assisted decentralized access control systems exist for IoT, but those approaches are tokenization-based. In some cases, IoT devices are not part of the blockchain network due to which they cannot interact with the access control system directly. Instead, they need a trusted admin, management hub, or a fog node for permissions verification and access to resources. This paper presents a smart contract and blockchain-assisted framework for the access control systems in the IoT enterprise environment, called ACS-IoT. In the proposed framework, resource-constrained IoT devices belong to the blockchain network. Therefore, these devices can directly access the permitted resources without any centrally administered authority and management hub's verification. We used smart contract and Ethereum blockchain for the new framework. Smart contract allows automated enforcement of access policies and serves as an autonomous agent running exactly as programmed. The proposed framework is validated through implementation of the proof of concept, and implemented prototype is deployed and tested on the Ethereum test network. The obtained results confirm that usage of blockchain and smart contract can be used as access management technology in the IoT enterprise environment.