A Mechanism to Resolve the Unauthorized Access Vulnerability Caused by Permission Delegation in Blockchain-Based Access Control

Abstract

Read online

Permission delegation in access control provides the subject with a second method to obtain object permissions in addition to permission granting. It is especially applicable when the owner and manager of the object are inconsistent. With the development of the Internet of Things, there are more and more scenes where object owners and managers are inconsistent, but the research on permission delegation in access control based on blockchain is not perfect. Therefore, once implemented in these blockchain-based access control algorithms, the permission delegation tends to have an unauthorized access. Based on the analysis of the causes for the unauthorized access vulnerability, this paper proposes a token-constrained permission delegation algorithm (TCPDA), which converts the access control policy corresponding to permissions into constraints for permission use, embeds the constraints in the permission token, and forms constraints on the transfer of tokens. Only subjects that meet the constraint conditions can receive tokens, thereby solving unauthorized access vulnerability caused by permission delegation. Since not all access control models can transform strategies into constraints and integrate them into blockchain tokens, this paper also proposes a permission delegation algorithm for decision-making entities to make desirable decisions. Finally, the security analysis shows that the two proposed schemes can overcome the unauthorized access vulnerability caused by permission delegation, and the algorithm performance is analyzed through experiments.

Keywords

• Access control
• blockchain
• permission delegation
• unauthorized access vulnerability