Towards Secure and Decentralized Sharing of IoT Data

TL;DR

This paper introduces Sash, a blockchain-based framework for secure, decentralized IoT data sharing that enforces access control, enables data monetization, and minimizes cryptographic overhead, demonstrated through a prototype with acceptable performance.

Contribution

Sash is a novel framework that integrates blockchain for access control, data marketplace, and cryptography-enforced security in IoT, improving upon existing solutions.

Findings

Sash effectively enforces access policies and supports auditable decisions.

The data marketplace facilitates remunerating data producers.

Prototype shows tolerable overhead in realistic settings.

Abstract

The Internet of Things (IoT) bears unprecedented security and scalability challenges due to the magnitude of data produced and exchanged by IoT devices and platforms. Some of those challenges are currently being addressed by coupling IoT applications with blockchains. However, current blockchain-backed IoT systems simply use the blockchain to store access control policies, thereby underutilizing the power of blockchain technology. In this paper, we propose a new framework named Sash that couples IoT platforms with blockchain that provides a number of advantages compared to state of the art. In Sash, the blockchain is used to store access control policies and take access control decisions. Therefore, both changes to policies and access requests are correctly enforced and publicly auditable. Further, we devise a ``data marketplace'' by leveraging the ability of blockchains to handle financial transaction and providing ``by design'' remuneration to data producers. Finally, we exploit a special flavor of identity-based encryption to cater for cryptography-enforced access control while minimizing the overhead to distribute decryption keys. We prototype Sash by using the FIWARE open source IoT platform and the Hyperledger Fabric framework as the blockchain back-end. We also evaluate the performance of our prototype and show that it incurs tolerable overhead in realistic deployment settings.