Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Fairaccess

822 visualizaciones

Publicado el

FairAcces is a proposed access control framework that leverages the blockchain technology to build security and priacy in IOT

Publicado en: Tecnología
  • Sé el primero en comentar

Fairaccess

  1. 1. Towards a novel privacy-preserving access control model based on blockchain technology in IoT CADI AYYAD UNIVERSITY FACULTY OF SCIENCES AND TECHNOLOGIES MARRAKECH COMPUTER SCIENCE DEPARTMENT Optimization of Advanced Communications Systems, Networking and Security Laboratory ( OSCARS) Presented by: Aafaf OUADDAH Supervised by : Mr Anas ABOU ELKALAM & Mr Abdellah AIT OUAHMAN Europe, Middle East and North Africa Conference on Technology and Security to Support Learning. Saïdia, Morocco October 3-5,2016
  2. 2. Contents WHAT WHY How Access control challenges in IoT ? blockchain technology as solution to face access control issues in IoT ? FairAccess: a crypthocurency blockchain based access control framework
  3. 3. Existing access control architectures in IoT : Centralized &/or decentralized approach ( trusted third party model) AUTHORIZATION and ACM FUNCTION ( local access control policies) IDENTITY & Authentication function wearables Identity & Access management provider End user/End Device ( object to be accessed) SERVICE OR UTILITY PROVIDER ( Requester) UCON XACML RBAC CAPBAC OAuth UMA ABAC … 1. Send Access request 2. Make an authorization decision based On local policies 3. Access or deny
  4. 4. Access control challenges in IoT : PROS 1. Possibility to reuse and expand the access management experience protecting web resources to IoT environement 2. save huge effort and time CONS 1. IoT devices are treated as dumb devices which is in contradiction with the essence of IoT. 2. Their is always a need to trust an eventual third party Security breaches: a single point of failure! • Users don’t own their data (lack of ownership)! • Users can’t audit (lack of transparency)! Centralized &/or decentralized approach ( trusted third party model)
  5. 5. Distributed approach ( trustless model) 1. Send Access request 2. Make an authorization decision preconfigured policies and local parameters 3. Access or deny Identity & Access management provider End user/End Device ( object to be accessed) SERVICE OR UTILITY PROVIDER ( Requester) PROS 1. fit the real IoT vision: smart devices are autonomous to take access control decisions 2. Real time decisions 3. Resource owners are able to control way access to their own resources. 4. Do not need to trust any third party CONS Current access control technologies are not supported by IoT constrained devices
  6. 6. Goal a balance solution that solves the dilemma of : decentralized approach (possibility to reuse alredy exsiting access control technologies with No need to trust any third ) & centralized approach (end user transparency and anonimity , contextual access control decisons taken by smart devices) FairAccess : using blockchain technology as access control infrastructure
  7. 7. Contents What Why How Access control challenges in IoT ? blockchain technology as solution to face access control issues in IoT ? FairAccess: a crypthocurency blockchain based access control framework
  8. 8. Traditional Trusted Third Party system Decentralised and trustless system • Enables parties to directly transfer a digital currency (Bitcoins) without a TTP (i.e., banks).! • Instead, a network of untrusted peers ensures the validity of all transactions.! • All correct transactions are publicly verifiable through a public ledger (the blockchain).! Internet of ThingsVoting HealthcareBanking Web Domain More are comin g Crypthocurrency 2.0
  9. 9. Blockchain in a nutshell Smart Contract CryptographyShared Ledger Consensus Ensuring secure, authenticated & verifiable transactions conditions embedded in transaction database & executed with transactions All users in the network can come to collectively agree on the validity of the data recorded Append-only distributed system of record shared across the network
  10. 10. Contents What Why How Access control challenges in IoT ? blockchain technology as solution to face access control issues in IoT ? FairAccess: a cryptocurrency blockchain based access control framework
  11. 11. FairAccess: building blocks Fairness, user driven, lightweight, trustless FairAcess building blocks Pseudonymous Identification & Ownership SmartContract (access control policies) Transactions & Authorization token Blockchain ( PRP)
  12. 12. FairAccess: building blocks • Ownership and identification in FairAccess is established through digital keys, bitcoin-like addresses, and digital signatures. • Keys enable many of the interesting properties of FairAccess including: 1. Thing to thing interaction 2. Pseudonymity and Unlikability (no real-world name or identifying information are required ) FairAcess building blocks Identification & Ownership Transactions & Authorization token Blockchain ( PRP) SmartContract( Access control policies)
  13. 13. FairAccess: building blocks 𝑇𝑥=(𝑚,𝑠𝑖𝑔 𝑟𝑠(𝑚)) 𝑤ℎ𝑒𝑟𝑒 𝑚= (𝐼𝐷𝑥,𝑖𝑛𝑝𝑢𝑡 ( 𝑟𝑠),𝑜𝑢𝑡𝑝𝑢𝑡(𝑟𝑞,𝜋𝑥,𝑇𝐾𝑁𝑟𝑠,𝑟𝑞) • IDx The index of the current transaction Tx where x = H (Tx) , H is a hash function • rs The address of requested resource. • rq The address of the requester who is the receiver of the current transaction • πx Locking script (access control policies written in scripting language) • 𝑇𝐾𝑁𝑟𝑞,𝑟𝑠 Encrypted "access token associated to couple (rs,rq). FairAcess building blocks Identification & Ownership Transactions & Authorization token Blockchain ( PRP) SmartContract( Access control policies) Grant Access GetAccess Allow access update/revoke Access
  14. 14. FairAccess: building blocks Fine grained access control policies : A policy is a set of rules and conditions (based on a specific context or attribute, etc) that a requester entity has to fulfill in order to obtain the Access Token and gets access to the specific resource. This rules could be expressed by any access control model but must be transformed to a script language considered as locking script placed on the output of a transaction. • scripting languages : Multisig, pay to public key • Smart contract: ethereum programming language ( turning complete language) FairAcess building blocks Identification & Ownership Transactions & Authorization token Blockchain ( PRP) SmartContract( Access control policies)
  15. 15. FairAccess: building blocks The blockchain : • Database or policy retrieval point ( PRP) (access control policies= SmartContracts). • logging databases ( auditing functions). • Detecting token reuse (double spending detection mechanism) • Lightweight FairAcess building blocks Identification & Ownership Transactions & Authorization token Blockchain ( PRP) SmartContract( Access control policies)
  16. 16. Policy management block Token Authorization management block RO-Wallet= PEP Resource Owner (RO) BLOCCKCHAIN = (PRP) PDP PDP PDP PDP PDP 5.broadcasts transcation to the network IF VALID YES 6. Reloads policy to the blockchian in form of SmartContract N O Rejects transaction and notify the sender Access Policy <Transaction> 000012DF545 FFF55000012 DF545FFF550 00012DF545F FF55000012D F545F TKN database getting update 1. The RO defines for the couple (Resource, Requester) an access control policy 𝑃𝑂𝐿𝐼𝐶𝑌𝑟𝑠,𝑟𝑞 2. The wallet transforms this access control policy to a SmartContract 𝑃𝑂𝐿𝐼𝐶𝑌𝑟𝑠,𝑟𝑞 →𝜋𝑥 3. The wallet generates a GrantAccess Transaction in the following form: 𝑇𝑥=(𝑚,𝑠𝑖𝑔𝑟𝑠(𝑚)) 𝑤ℎ𝑒𝑟𝑒 𝑚= (𝐼𝐷𝑥,𝑓𝑟𝑜𝑚 ( 𝑟𝑠),𝑡𝑜( 𝜋 𝑥) 4. Each node verifies the transaction within the transaction validation process. Phase 1: reload access control policy in form of smart contract to the blockchain trough: Grant access transaction
  17. 17. Target Device A AMP= PEP PDP PDP PDP PDP PDP 4) Execute the SmartContract validate transactions AMP= PEP Requester Device 3) calls the SmartContract in GetAccess transcation blockchain blockchain blockchain blockchain blockchain IF VALID Rejects transaction and notify the sender 7) The SmartContra Sends en encrypted Token to the requester in an AllowAccess TRansaction type BLOCCKCHAIN = (PRP) blockchain FairAccess:Phase 2: Get Access 1. The requester device sends a request access 2. The target device redirects the requester to the address of The SmartContract to get the token 3. The wallet gets the SmartContract address 𝜋𝑥 4. The requester fulfills access control condition placed in 𝜋𝑥 The wallet generates a GetAccess transaction to the SmartContract 6. The wallet broadcasts the transaction to the network
  18. 18. Blockchain – not for all . . . Fullfiled items • Pseudonymity and Unlikability • Identification enabling thing to thing interaction. • Lightweight • User driven & transparency • Distributed nature and the lack of a central authority • Fine-granularity Disscussed issues • Realtime ( 10 min to validate transcations) • The public aspect of blockchain:  Secure MultyParty Computetion (sMPC) (enigma MIT PROJECT)  Succinct Non-interactive ARguments of Knowledge (SNARKs). (zerocash and HAWK)  Private Blockchain solution or permissioned blockchain (Mijin)
  19. 19. Thank you for your attention ! Any questions

×