Skip to main content
SpringerLink
Log in

User authentication using Blockchain based smart contract in role-based access control

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Since the last few decades, information security has become a significant challenge for organizations’ system administrators. However, the Role-Based Access Control (RBAC) model has emerged as a viable solution for organizations to meet the security requirement due to its less administrative overhead. Blockchain technology is distributive and can be used effectively in user authentication and authorization challenges. This paper proposes an RBAC model using a blockchain-based smart contract for managing user-role permissions in the organization. We design a threat and security model to resist attacks such as man-in-the-middle attacks in an organization scenario. The proposed approach uses the Ethereum blockchain platform and its smart contract functionalities to model user-resource communications. The proposed method is tested on Ropsten Ethereum Test Network and evaluated to analyze user authentication, verification, cost, and security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Chen Y, Bellavitis C (2020) Blockchain disruption and decentralized finance: the rise of decentralized business models. J Bus Ventur Insights 13:e00151

    Article  Google Scholar 

  2. Bhardwaj A, Shah SBH, Shankar A, Alazab M, Kumar M, Gadekallu TR (2020) Penetration testing framework for smart contract blockchain. Peer-to-Peer Networking and Applications pp 1–16

  3. Solidity (2020) Solidity. [Online]. Available:. URL https://solidity.readthedocs.io/en/develop/

  4. Park JS, Costello KP, Neven TM, Diosomito JA (2004) A composite RBAC approach for large, complex organizations. In: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 163–172

  5. Bera P, Ghosh SK, Dasgupta P (2010) Integrated security analysis framework for an enterprise network–a formal approach. IET Inf Secur 4(4):283–300

    Article  Google Scholar 

  6. He X (2014) Role security access control of the distributed object systems. In: 11th international computer conference on wavelet Actiev media technology and information processing (ICCWAMTIP), IEEE, pp 389–392

  7. Kamboj P, Trivedi MC, Yadav VK, Singh VK (2017) Detection techniques of DDoS attacks: a survey. In: 4th IEEE Uttar Pradesh section international conference on electrical, Computer and Electronics (UPCON), IEEE, pp. 675–679

  8. Scholer K (2016) An introduction to Bitcoin and Blockchain technology. Kaye Scholer LLP pp 3–22

  9. Gao W, Hatcher WG, Yu W (2018) A survey of blockchain: techniques, applications, and challenges. In: 27th international conference on computer communication and networks (ICCCN), IEEE, pp 1–11

  10. Vujiˇci’c D, Jagodi’c D, Rani’c S (2018) Blockchain Technology, Bitcoin, and Ethereum: A Brief Overview. In: 17th International Symposium INFOTEH-JAHORINA (INFOTEH), pp 1–6, DOI 10.1109/INFOTEH.2018.8345547

  11. Ding Y, Sato H (2020) Bloccess: towards fine-grained access control using blockchain in a distributed untrustworthy environment. In: 2020 8th IEEE international conference on Mobile cloud computing, services, and engineering (MobileCloud), IEEE, pp 17–22

  12. Perlman R (1999) An overview of PKI trust models. IEEE Netw 13(6):38–43

    Article  Google Scholar 

  13. Kosba A, Miller A, Shi E, Wen Z, Papamanthou C (2016) Hawk: The Blockchain model of Cryptography and Privacy-Preserving Smart Contracts. In: IEEE symposium on security and privacy (SP), IEEE, pp 839–858

  14. Matsumoto S, Reischuk RM (2017) IKP: turning a PKI around with decentralized automated incentives. In: IEEE symposium on security and privacy (SP), IEEE, pp 410–426

  15. Zhang R, Xue R, Liu L (2019) Security and privacy on Blockchain. ACM Computing Surveys (CSUR) 52(3):1–34

    Article  Google Scholar 

  16. Feng C, Yu K, Bashir A, AI-Otaibi Y, Lu Y, Chen S, Zhang D (2020) Efficient and secure data sharing for 5G flying drones: a BlockchainEnabled approach. IEEE Netw

  17. Hunt R (2001) Technological infrastructure for PKI and digital certification. Comput Commun 24(14):1460–1471

    Article  Google Scholar 

  18. Kamboj P, Raj G (2016) Analysis of role-based access control in softwaredefined networking. In: Proceedings of Fifth International Conference on Soft Computing for Problem Solving, Springer, pp. 687–697

  19. Cruz JP, Kaji Y, Yanai N (2018) RBAC-SC: role-based access control using smart contract. IEEE Access 6:12240–12251

    Article  Google Scholar 

  20. Shi N, Tan L, Yang C, He C, Xu J, Lu Y, Xu H (2020) Bacs: a blockchainbased access control scheme in distributed internet of things. Peer-to-peer networking and applications pp 1–15

  21. Fuchs L, Pernul G, Sandhu R (2011) Roles in information security–a survey and classification of the research area. Computers & security 30(8):748–769

    Article  Google Scholar 

  22. Zyskind G, Nathan O, et al. (2015) Decentralizing privacy: Using blockchain to protect personal data. In: 2015 IEEE security and privacy workshops, IEEE, pp 180–184

  23. Yu KP, Tan L, Aloqaily M, Yang H, Jararweh Y (2021) BlockchainEnhanced data sharing with traceable and direct revocation in IIoT. IEEE transactions on industrial informatics pp 1–1, DOI https://doi.org/10.1109/TII.2021.3049141

  24. Ma G, Ge C, Zhou L (2020) Achieving reliable timestamp in the bitcoin platform. Peer-to-Peer Networking and Applications pp 1–9

  25. Maesa DDF, Mori P, Ricci L (2017) Blockchain based access control. In: International Conference on Distributed Applications and Interoperable Systems, Springer, pp. 206–220

  26. Ouaddah A, Abou Elkalam A, Ait Ouahman A (2016) FairAccess: a new Blockchain-based access control framework for the internet of things. Secur Commun Netw 9(18):5943–5964

    Article  Google Scholar 

  27. Calero JA, Perez GM, Skarmeta AG (2010) Towards an authorisation model for distributed systems based on the semantic web. IET Inf Secur 4(4):411–421

    Article  Google Scholar 

  28. Li X, Jiang P, Chen T, Luo X, Wen Q (2020) A survey on the security of blockchain systems. Futur Gener Comput Syst 107:841–853

    Article  Google Scholar 

  29. Shi N, Tan L, Li W, Qi X, Yu K (2020) A blockchain-empowered AAA scheme in the large-scale HetNet. Digital Communications and Networks

  30. Yu K, Tan L, Shang X, Huang J, Srivastava G, Chatterjee P (2020) Efficient and privacy-preserving medical research support platform against COVID-19: a Blockchain-based approach. IEEE Consumer Electronics Magazine

  31. Ghazal R, Malik AK, Qadeer N, Raza B, Shahid AR, Alquhayz H (2020) Intelligent role-based access control model and framework using semantic business roles in multi-domain environments. IEEE Access 8:12253–12267

    Article  Google Scholar 

  32. Contiu S, Pires R, Vaucher S, Pasin M, Felber P, Reveillere L (2018) IBBE-SGX: Cryptographic Group Access Control using Trusted Execution Environments. In: 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, pp 207–21

  33. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47

    Article  Google Scholar 

  34. Zhou L, Wang Q, Sun X, Kulicki P, Castiglione A (2018) Quantum technique for access control in cloud computing II: encryption and key distribution. J Netw Comput Appl 103:178–184

    Article  Google Scholar 

  35. Karbasi AH, Shahpasand S (2020) A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks. Peer-to-peer networking and applications pp 1–19

  36. Astorga J, Jacob E, Huarte M, Higuero M (2012) Ladon: end-to-end authorisation support for resource-deprived environments. IET information security 6(2):93–101 5

  37. Choi N, Kim H (2019) A Blockchain-based user authentication model using MetaMask. Journal of Internet Computing and Services 20(6):119–127

    Google Scholar 

  38. Anilkumar C, Subramanian S (2020) A novel predicate based access control scheme for cloud environment using open stack swift storage. Peer-toPeer networking and applications pp 1–13

  39. Ropsten (2020) The Ethereum Block Explorer: ROPSTEN (Revival) TESTNET. Etherscan. [Online]. Available:. https://ropsten.etherscan.io

  40. Jha S, Sural S, Atluri V, Vaidya J (2018) Security analysis of abac under an administrative model. IET Inf Secur 13(2):96–103

    Article  Google Scholar 

  41. Al-Bassam M (2017) SCPKI: a smart contract-based PKI and identity system. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 35–40

  42. Nakamoto S (2008) Bitcoin: A Peer-to-Peer Electronic Cash System,” http://bitcoin.org/bitcoin.pdf

  43. Paci F, Squicciarini A, Zannone N (2018) Survey on access control for community-centered collaborative systems. ACM Comput Surv (CSUR) 51(1):1–38

    Article  Google Scholar 

  44. Ferraiolo D, Richard D (1992) Role-based access controls. In: proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland

  45. Community E (2020) Ethereum Homestead Documentation. [Online]. Available:. URL https://readthedocs.org/projects/ethereum-homestead/downloads/pdf/latest/

  46. Zheng Z, Xie S, Dai H, Chen X, Wang H (2017) An overview of Blockchain technology: architecture, consensus, and future trends. In: IEEE international congress on big data (BigData congress), IEEE, pp 557–564

  47. Wood G et al (2014) Ethereum: a secure decentralised generalised transaction ledger. Ethereum project yellow paper 151:1–32

    Google Scholar 

  48. Tariq U, Ibrahim A, Ahmad T, Bouteraa Y, Elmogy A (2019) Blockchain in internet-of-things: a necessity framework for security, reliability, transparency, immutability and liability. IET Commun 13(19):3187–3192

    Article  Google Scholar 

  49. Rouhani S, Deters R (2019) Blockchain based access control systems: state of the art and challenges. In: IEEE/WIC/ACM International Conference on Web Intelligence, pp. 423–428

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, Indian Institute of Technology, Ropar, Punjab, 140001, India

    Priyanka Kamboj, Shivang Khare & Sujata Pal

Authors
  1. Priyanka Kamboj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shivang Khare
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sujata Pal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sujata Pal.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the Topical Collection: Special Issue on Blockchain for Peer-to-Peer Computing

Guest Editors: Keping Yu, Chunming Rong, Yang Cao, and Wenjuan Li

Appendix

Appendix

The role-issuer SC was deployed on Ropsten Ethereum Test Network using the below address:

0xAF2C389Da75dE14e368132b6aA144841f7271b4B.

The resource owner SC was deployed on Ropsten Ethereum Test Network using the given address:

0xF600AC5b557d56DF8784fB751962c5bDB19566dD.

With the given address, the reader can see the transactions at:

https://ropsten.etherscan.io/

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kamboj, P., Khare, S. & Pal, S. User authentication using Blockchain based smart contract in role-based access control. Peer-to-Peer Netw. Appl. 14, 2961–2976 (2021). https://doi.org/10.1007/s12083-021-01150-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-021-01150-1

Keywords

Search

Navigation