A novel entitlement-based blockchain-enabled security architecture for IoT

There has been a massive growth of Internet of Things (IoT) applications recently for both personal and organization use cases. But an IoT network is vulnerable to many privacy and security concerns. While some researchers have tried to define different access control models for IoT and tried to use blockchain in some cases, the solutions presented to date lacks a flexible and robust access control model that can be used for complex organization and cross-organization resource access scenarios and lacks the scalability and performance needed for IoT. This paper introduces a novel entitlement-based access control model that provides an efficient and secure way to delegate resource access rights to any entity. The solution uses service-oriented approach and a combination of public blockchain (with smart contracts) and local off-chain data for entitlements management and control. To analyze the proposed architecture, a large-scale cross-organization IoT scenario is taken into consideration and some qualitative evaluations are presented while implementation with Ethereum blockchain and smart contracts are currently in progress.