Distributed Access Control with Blockchain

by   Jordi Paillisse, et al.
Universitat Politècnica de Catalunya

The specification and enforcement of network-wide policies in a single administrative domain is common in today's networks and considered as already resolved. However, this is not the case for multi-administrative domains, e.g. among different enterprises. In such situation, new problems arise that challenge classical solutions such as PKIs, which suffer from scalability and granularity concerns. In this paper, we present an extension to Group-Based Policy -- a widely used network policy language -- for the aforementioned scenario. To do so, we take advantage of a permissioned blockchain implementation (Hyperledger Fabric) to distribute access control policies in a secure and auditable manner, preserving at the same time the independence of each organization. Network administrators specify polices that are rendered into blockchain transactions. A LISP control plane (RFC 6830) allows routers performing the access control to query the blockchain for authorizations. We have implemented an end-to-end experimental prototype and evaluated it in terms of scalability and network latency.


page 1

page 2

page 3

page 4


Blockchain for Access Control in e-Health Scenarios

Access control is a crucial part of a system's security, restricting wha...

A Secure File Sharing System Based on IPFS and Blockchain

There is a great interest in many approaches towards blockchain in provi...

Physical Access Control Management System Based on Permissioned Blockchain

Using blockchain as a decentralized backend infrastructure has grabbed t...

Blockchain access control Ecosystem for Big Data security

In recent years, the advancement in modern technologies has experienced ...

Controlling Resource Allocation using Blockchain-Based Delegation

Allocation of resources and their control over multiple organisations is...

Effcient logging and querying for Blockchain-based cross-site genomic dataset access audit

Background: Genomic data have been collected by different institutions a...

XACML Extension for Graphs: Flexible Authorization Policy Specification and Datastore-independent Enforcement

The increasing use of graph-structured data for business- and privacy-cr...

Please sign up or login with your details

Forgot password? Click here to reset