Multi-Authority Attribute-Based Access Control with Smart Contract
This addresses access control challenges in decentralized systems for users and organizations, though it is incremental as it builds on existing smart contract and attribute-based methods.
The paper tackles the problem of decentralized attribute validation in access control by proposing a multi-authority scheme using Ethereum smart contracts, resulting in a prototyped system evaluated on the Rinkeby Testnet with performance metrics provided.
Attribute-based access control makes access control decisions based on the assigned attributes of subjects and the access policies to protect objects by mediating operations from the subjects. Authority, which validates attributes of subjects, is one key component to facilitate attribute-based access control. In an increasingly decentralized society, multiple attributes possessed by subjects may need to be validated by multiple different authorities. This paper proposes a multi-authority attribute-based access control scheme by using Ethereum's smart contracts. In the proposed scheme, Ethereum smart contracts are created to define the interactions between data owner, data user, and multiple attribute authorities. A data user presents its attributes to different attribute authorities, and after successful validation of attributes, obtains attribute tokens from respective attribute authorities. After collecting enough attribute tokens, a smart contract will be executed to issue secret key to the data user to access the requested object. The smart contracts for multi-authority attribute-based access control have been prototyped in Solidity, and their performance has been evaluated on the Rinkeby Ethereum Testnet.