Secure Access Control in Cloud Computing Environments: Smart Contract Blockchain
Keywords:
Access Control, Blockchain, Cloud Computing, Ethereum, Smart ContractAbstract
Over the years, Cloud Computing has become rapidly embraced due to its flexibility and cost-effectiveness. However, it also presents a number of security challenges, especially with regards to access control. Conventional access control methods, like Role-based Access Control, have limitations in terms of centralized control, lack of transparency, and susceptibility to cyber-attacks. As a result, there is a need for more efficient, transparent, and secure Access Control mechanisms in Cloud Computing environments.
In this Research paper, we put forward a non-centralized and tamper-proof Access Control mechanism that uses smart contract blockchain technology to address these limitations. Our model leverages the Ethereum platform's smart contract feature to stockpile access control programs and enable secure verification of user’s access requests. The smart contract blockchain is immutable, transparent, and decentralized, which makes it resistant to tampering and provides a high degree of transparency in the access control process.
Our proposed model has several advantages over traditional access control mechanisms. Firstly, it provides an effective and automated approach to manage access control policies. With our model, access control policies can be easily updated and enforced through smart contracts, which eliminates the need for manual updates and reduces the risk of errors. Secondly, it provides a high degree of transparency in the access control process, which allows users to verify the legitimacy of their access requests and ensures that access control policies are being enforced fairly. Finally, it offers a heightened level of security, as the Smart Contract Blockchain is resistant to tampering and it offers a platform for Access Control that is both secure and non-centralized.
To assess the efficacy of our model for Access Control management, we performed a series of experiments in a simulated Cloud Computing environment. The findings revealed that our model offers a superior and secure approach for managing access control programs compared to conventional methods.
To conclude, our study suggests a secure and non-centralized access control solution by utilizing blockchain technology through smart contracts, to address the limitations of conventional Access Control methods in Cloud Computing environments. Our model provides a more efficient, transparent, and secure way to manage Access Control program to maintain the authenticity and confidentiality of Cloud services.
Downloads
References
K. Abouelmehdi, A. Beni-Hssane and H. Khaloufi, "Blockchain-Based Access Control for Secure Internet of Things Applications," International Journal of Information Security, vol. 17, no. 2, pp. 179-190, Apr. 2018. doi: 10.1007/s10207-017-0365-8.
C. Chen, X. Hu, Y. Liu and Y. Huang, "A Blockchain-Based Access Control Framework for Secure Sharing of Medical Data," Journal of Medical Systems, vol. 43, no. 9, p. 288, Aug. 2019. doi: 10.1007/s10916-019-1423-3.
A. Saini, Q. Zhu, N. Singh, Y. Xiang, L. Gao, and Y. Zhang, "A Smart Contract Based Access Control Framework for Cloud Smart Healthcare System," IEEE Internet of Things Journal, vol. 8, no. 7, Apr. 2021, doi: 10.1109/JIOT.2020.3032997.
Y. Zhang, M. Yutaka, M. Sasabe, and S. Kasahara, "Attribute-Based Access Control for Smart Cities: A Smart Contract-Driven Framework," IEEE Internet of Things Journal, vol. 7, no. 8, Oct. 2020, doi: 10.1109/JIOT.2020.3033434.
M. Sookhak, M.R. Jabbarpour, N.S. Safa, and F.R. Yu, "Blockchain and smart contract for access control in healthcare: A survey, issues and challenges, and open issues," Journal of Network and Computer Applications, vol. 178, article no. 102950, Mar.2021, doi: 10.1016/j.jnca.2020.102950.
D. R. Putra, B. Anggorojati, and A. P. P. Hartono, "Blockchain and smart-contract for scalable access control in Internet of Things," in Proceedings of the 2019 International Conference on Information Science and System (ICISS), Bandung, Indonesia, 2019, doi: 10.1109/ICISS48059.2019.8969807.
R. Xu, Y. Chen, and E. Blasch, "Decentralized Access Control for IoT Based on Blockchain and Smart Contract," in Proceedings of the 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Wuhan, China,2020, doi:10.1002/9781119593386.ch22.
H. Guo, E. Meamari and C.-C. Shen, "Multi-Authority Attribute-Based Access Control with Smart Contract," 2019 International Conference on Blockchain Technology (ICBCT), New York, NY, USA, 2019, doi: 10.1145/3320154.3320164.
J. P. Cruz, Y. Kaji, and N. Yanai, "RBAC-SC: Role-Based Access Control Using Smart Contract," in IEEEAccess, vol.6,2018, doi:10.1109/ACCESS.2018.2812844. [10] J. Kim and N. Park, "Role-based Access Control Video Surveillance Mechanism Modeling in Smart Contract Environment," Transactions on Emerging Telecommunications Technologies, vol. 33, no. 4, Apr. 2022, Art. no. e4227, doi: 10.1002/ett.4227.
Yuanyu Zhang, Shoji Kasahara, Yulong Shen, Xiaohong Jiang, and Jianxiong Wan, "Smart Contract-Based Access Control for the Internet of Things," in IEEE Internet of Things Journal, vol. 5, no. 3, June 2018, doi: 10.1109/JIOT.2018.2847705.
P. Kamboj, S. Khare, and S. Pal, "User authentication using Blockchain based smart contract in role-based access control," Peer-to-Peer Netw. Appl., vol. 14, no. 6,Nov. 2021, doi: 10.1007/s12083-021-01150-1.
I. Sukhodolskiy and S. Zapechnikov, "A blockchain-based access control system for cloud storage," in 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), Moscow and St. Petersburg, Russia, 2018, pp. 511-514, doi: 10.1109/EIConRus.2018.8317400.
O. Alkadi, N. Moustafa, and B. Turnbull, "A Review of Intrusion Detection and Blockchain Applications in the Cloud: Approaches, Challenges and Solutions," IEEE Access, vol. 8, pp. 95600-95622, 2020, doi: 10.1109/ACCESS.2020.2999715.
S. Pavithra, S. Ramya, and S. Prathibha, "A survey on cloud security issues and blockchain," in 2019 3rd International Conference on Computing and Communications Technologies (ICCCT), Chennai, India, 2019, pp. 1-6, doi: 10.1109/ICCCT2.2019.8824891.
B.K. Mohanta, D. Jena, S. Ramasubbareddy, M. Daneshmand, and A.H. Gandomi, "Addressing Security and Privacy Issues of IoT using Blockchain Technology," IEEE Internet of Things Journal, vol. 8, no. 2, pp. 881-888, Jan. 2021, doi: 10.1109/JIOT.2020.3008906.
R. Awadallah, A. Samsudin, J.S. Teh, and M. Almazrooie, "An Integrated Architecture for Maintaining Security in Cloud Computing Based on Blockchain," IEEE Access, vol. 9, pp. 69513-69526, May 2021, doi: 10.1109/ACCESS.2021.3077123.
G. Deep, R. Mohana, A. Nayyar, P. Sanjeevikumar, and E. Hossain, "Authentication Protocol for Cloud Databases Using Blockchain Mechanism," Sensors, vol. 19, no. 20, Oct. 2019, Art no. 4444, doi: 10.3390/s19204444.
Khan, S. N., Loukil, F., Ghedira-Guegan, C., Benkhelifa, E., & Bani-Hani, A. (2021). Blockchain smart contracts: Applications, challenges, and future trends. Peer-to-Peer Networking and Applications, 14, 2901-2925. doi: 10.1007/s12083-021-01168-5.
Taherdoost, H. (2023). Smart Contracts in Blockchain Technology: A Critical Review. Information, 14(2), 117