Integrity-Based Protection of Access Control Tokens using Keccak-256 in Smart Contracts for IoT

Abstract

The Internet of Things (IoT) is transforming the world into a smarter and more adaptive system by seamlessly integrating the digital and physical realms. IoT devices are now utilized across diverse industries, ranging from smart homes, automotive services, and network sensors to more complex sectors like healthcare systems and smart cities. To address access control challenges in IoT systems, a notable scheme is the decentralized and trustworthy token-based capability access control structure (capBAC). This scheme leverages Ethereum smart contracts, creating a dedicated smart contract for each IoT device or object. The token manages access rights and actions, granting permissions to users and objects. CapBAC offers fine-grained, flexible management capabilities to ensure consistency between delegated information and token data. However, one significant limitation of CapBAC is the lack of integrity for access rights. Since tokens are stored in the blockchain without hashing, anyone can read the access rights and identify the object owner, posing critical challenges for integrity and authentication. To address this, we propose using the Keccak-256 hash algorithm to hash capability access tokens and safeguard their integrity. Keccak-256 is the recommended hashing algorithm in Ethereum, standardized for mobile telephony (TUAK) and the NIST standard. In the proposed solution, after an object owner creates and delegates a capability access token, the token will be hashed before being stored in the blockchain. This approach prevents attackers from reading blockchain storage and discovering token contents and access privileges, enhancing integrity and security.