Securing the access control policies to the Internet of Things resources through permissioned blockchain

Security and privacy of information transmitted among the devices involved in an Internet of Things (IoT) network represent relevant issues in IoT contexts. Guaranteeing effective control and supervising access permissions to IoT applications is a complex task, mainly due to resources’ heterogeneity and scalability requirements. The design and development of highly customizable access control policies, along with an efficient mechanism for ensuring that the rules applied by the IoT platform are not tampered with or violated, will undoubtedly have a significant impact on the diffusion of IoT-based solutions. In such a direction, the paper proposes the integration of a permissioned blockchain within an honest-but-curious (i.e., not trusted) IoT distributed middleware layer, which aims to guarantee the correct management of access to resources by the interested parties. The result is a robust and lightweight system, able to manage the data produced by IoT devices, support relevant security features, such as integrity and confidentiality, and resist different kinds of attacks. The use of blockchain will ensure the tamper-resistance and synchronization of the distributed system, where various stakeholders own applications and IoT platforms. The methodology and the proposed architecture are validated employing a test-bed.