| Popis: |
The Internet of Things (IoT) technologies are transforming traditional businesses into digital-based platforms allowing for more service innovation, performance efficiency and customer satisfaction. Novel services enable users to utilize their personal devices (eg. mobile phones or laptops) to access the IoT platform, process data, and control the IoT infrastructure. However, these services impose critical user authentication and access control requirements. In this paper, we propose a decentralized user authentication and access control system for the IoT platforms via a permissioned blockchain network. We define an authorization sensitivity factor to provide clients with specific access control privileges and we consider an ehealth system as a use case example to demonstrate our solution. The proposed system is implemented using Ethereum platform. Besides, we investigate a threat model that considers an insider Distributed Denial of Service (DDoS) attack. The proposed defense mechanism utilizes a modifier function in the smart contract and keeps a real-time record of legitimate users to restrict function calls. The results illustrate the benefits of the defense mechanism in terms of the system response time. |
