A. Access Control

Access control is a process to protect the resources from invalid usage in the network. The model specifies the objects as resources of the network for which subjects can request multiple operations in the network [13]. The subjects can be a user, entity, device, or service that can participate in the network. Several ACL methods are proposed in the research paradigm including discretionary ACL (DAC), RBAC [22], ABAC [23], and a mixture of these models to make hybrid ACL systems [13]. With each ACL system having its strengths, its usage will guarantee the protected usage of the network resources especially in distributed environments.

In this paper, the strength of the RBAC is focused on making it more flexible for the IIoT environment. As the IIoT environment is automated, dynamic, and complex, the change in the device state can create conflicting scenarios in the network. The main focus of this paper is to make RBAC flexible to resolve such issues concerning the requirements of the IIoT requirements to support better scalability without any additional cost overhead. Figure 1 shows the naive representation of the RBAC system in working.

FIGURE 1.

A naive working of RBAC system.

Show All

B. Blockchain

The IIoT is heavily dependant on middleware technologies such as cloud computing, and edge computing. The key reason behind this dependence is that IIoT is a network of resource-constrained devices [24]. These devices have limited capabilities in terms of data storage, processing, and smart decisions. To make IIoT efficient, cloud computing and edge computing were explored by researchers to scale these networks for various business domains [24]. However, with these middleware technologies integrated into the IIoT network, there were still key problems such as privacy, proof-of-identity, and unauthorized physical access to end devices [25]. With the emergence of blockchain, these issues were attempted for an efficient solution as blockchain provided a way to establish trust, the privacy of information at different levels, and tamper-proof transactions for information exchange between these interconnected devices [25].

Blockchain refers to the decentralized storage of data into several batches called blocks. Each block is linked with other blocks in chronological order making a chain in the network. The chain of blocks is broadly referred to as blockchain. However, blockchain consists of several key components such as a decentralized ledger, consensus algorithm, smart contracts, and cryptographic hashing algorithm. The ledger is stored on multiple nodes in the network and each update in the state is validated using the consensus algorithm [25]. The consensus algorithm ensures that each node in the blockchain agrees to the current state of the network. Further, using the cryptographic hash, each block also contains the hash of the previous connected block in the ledger making it nearly impossible to tamper and alter.

In the existing literature, there exist different types of blockchain frameworks that provide different working models of decentralization at the core [26]. These frameworks are majorly categorized into public and private networks. The public networks are open to anyone and data is available broadly for read and write. The public networks are usually suitable for decentralized financial use cases such as Bitcoin and Ethereum [26]. However, private networks require predefined rules for becoming a member of a blockchain network by providing proof of identity. These networks are largely categorized into permissioned and consortium networks.

C. Hyperledger Fabric

Hyperledger fabric (HF) is an open-source blockchain platform that supports the modular and distributed approach that suits the requirements of the IIoT networks [27]. The HF not only supports the decentralized ledger, group consensus, and immutability but also supports many consensus approaches such as PBFT, RAFT, Solo, and Kafka [28]. With this efficient consensus mechanism, the network can enable the model to achieve higher throughput for the ACL operations over the blockchain network. Further, public blockchain networks suffer from low transaction throughput, high latency due to proof of work (PoW), consistency issues, and the long time required for transaction confirmation. [29] This makes the HF a popular choice for private networks to use for such scenarios to support the ACL operations occurring in real time [30].

HF uses the modular approach for smart contracts, data storage, and other services in isolation from each other in the form of docker containers. The containers make the sandbox environment separating the physical objects from the application program ensuring the high security of the application. [29]. The main components of the HF include Certificate authority that generates or removes the security credentials of the participating nodes in the network. HF includes two layers of the clients where the first layer is responsible for the peer node interaction and management while the second layer serves the configurations or management of the chaincode in the network. A description of HF components is as follows:

1. Peer Nodes: The peer node is a full node in the hyper ledger and is responsible for executing the chaincodes. The execution of chaincodes is then validated by as well using the transaction signatures. After the transaction is validated, it is then included in the ledger. Based on these functionalities, the peer node is categorized into types, a) endorsing peers, and b) committing peers. The endorsing peers are responsible for validation while committing peers are responsible for including the transaction in the ledger after endorsement is achieved.

2. Orderer Nodes: Orderer is another full node in the blockchain that is responsible for achieving the consensus in the hyper ledger. However, when a transaction is endorsed by the endorsing peers, the orderer will package it into different blocks before appending it into the ledger. The blocks are then sorted into certain ordering and then sent back to committing nodes to append them to the ledger. These peers and orderer nodes work collaboratively to reach a consensus in the blockchain network.

3. Channel: The channel isolates the data in the blockchain to enhance data privacy and confidentiality. Each organization in HF can be isolated in a separate channel that can have its ledger making it multi multi-ledger, multi-blockchain network. This is an important concept that we use for our proposed method. The domains can reside in their channels securely and can interact with each other for operations over the network.

4. Chaincode: The smart contracts in HF are called chaincode in HF. The chaincode is responsible for generating transactions in the network and helps the network to manage the transactions that able the outer world to interact with HF. In our proposed model, we implement multi-domain policies using chaincode to enforce the ACL mechanism for the IIoT network.

FIGURE 2.

A typical architecture of the Hyperledger Fabric in working.

Show All

A. System Model

The proposed model is based on a framework proposed by [39] that combines the ABAC process with the blockchain to make it suitable for the distributed nodes available in the network. We take ideas for the proposed model based on [39] using RBAC to resolve the large overhead issues by ABAC. The efficiency in computational overhead can be achieved using the RBAC but RBAC traditionally fails to comply with the changing situations in the IIoT network. The RBAC systems can better comply with the requirement if they deal with the roles in dynamic situations. This phenomenon is taken as motivation for the proposed model using RBAC and the network is defined including the following components:

Definition 1 (Role):

Role is defined as the context state of any node that exists in the network. The representation of any device in this context is helpful to assign access privileges for a single or set of nodes to operate over subjects. This can be written mathematically as:

$$\begin{equation*} n_{i} = r_{i} \tag{1}\end{equation*}$$ View Source\begin{equation*} n_{i} = r_{i} \tag{1}\end{equation*} where $n_{i} \in N$ , and N is a set of nodes in the network, Where $r_{i} \in R$ , and R is a set of roles that exist in the AC policy.

Definition 2 (Policy):

Policy is defined as a rule that determines the level of access privilege, or a guideline, under which a device or node is permitted for a set of actions on the resources in the network. The policy will define a constraint satisfaction that a node must meet to perform any operation. Mathematically, a policy can be defined as:

$$\begin{equation*} P(r) = (s, \hat {p}) \tag{2}\end{equation*}$$ View Source\begin{equation*} P(r) = (s, \hat {p}) \tag{2}\end{equation*} where r is an arbitrary role representing the context of any node in the network, s represents the subject or resource in the network, and $\hat {p}$ is a set of actions allowed for the role to perform on the resource. For example in the IIoT environmental monitoring system, where logger is an arbitrary role that can read and write into data, a policy represented in 2 can be rewritten for this as: $$\begin{equation*} P(logger) = (data, \{Read, Write\}) \tag{3}\end{equation*}$$ View Source\begin{equation*} P(logger) = (data, \{Read, Write\}) \tag{3}\end{equation*}

B. Infrastructure Model

For the proposed model, the distributed IIoT equipment in the physical world is integrated with decentralized and permissioned blockchain using HF. The blended integration of IIoT devices with blockchain is summarized into the following components that when combined make the whole infrastructure for the IIoT application. Figure 3 shows the layered architecture of the infrastructural model of the proposed system. All these components’ interactions are shown in Figure 4. A brief overview of infrastructural components is as follows:

FIGURE 3.

The layered representation of the infrastructure model of the proposed framework.

Show All

FIGURE 4.

An architectural representation of the proposed framework for IIoT application.

Show All

IIoT Nodes: The nodes are equipment that capture, process, or exchange information with each other in the network. The nodes in the information exchange process can be referred to as client and service depending on their role in the network. The nature of the node can be both physical and digital.

IIoT Users: IIoT user is referred to as an application user who provides the policies for the network initially. The users are connected with the blockchain using the interface for policy feed suitable for the network. Similarly, users can also use the network data for better decision making about the environment.

Gateway: The gateway is the hub of the network where all nodes are connected with the network for the information flow.

Blockchain: Blockchain is a communication network that provides business logic and enforces the policies with their privacy levels.

Chaincodes: Chaincodes are responsible for enforcing the overall management of the proposed system. The policies and their management are executed on the blockchain using multiple domain chaincodes.

C. IIoT Application Scenarios

In the system model, a large factory is considered with multiple departments such as control, production, and manufacturing. The departments have their array of equipment such as sensors, actuators, etc., that can capture and exchange information with each other for coordination of the tasks. Each department in the factory is responsible for the mutually exclusive tasks, however, for the joint tasks the departments can coordinate with each other. For example, department x can have its process $P_{x}$ that is private to department x. Similarly, the department y can have its process $P_{y}$ that is private to department y. However, there can be a process $P_{x,y}$ that is a joint task between x, y. The coordination between these departments is necessary to complete the process $P_{x,y}$ . The factory creates a huge amount of data due to departmental processes that need to be protected by different privacy levels. We consider the factory to have an environmental monitoring department where nodes are responsible for providing sensing information about the weather conditions, such as temperature, humidity, wind speed, and many more. Based on this information, some nodes in the network can be serviced as they would be required to turn on the ventilation systems, turn off lights, and other appropriate actions based on the environmental constraints set by IIoT users in the network. We provide two different scenarios happening in the IIoT application for this department to emphasize the security required in the flow of information and the access framework required to deal with it.

D. Chaincode Architecture

We use the chaincode functionality provided by the HF to handle the ACL process on the blockchain. To better understand the architecture, a parameter representation is provided in Table 3. However, three types of chaincode are mainly responsible for dealing with the process requirement. The three chaincodes include device contract (DC), access contract (AC), and policy contract (PC). The DC is responsible for validating the device credentials with the help of CA and providing functions for the service and client devices to read and write IIoT data in the network. The PC is assigned to perform the access delegation, and policy management in the blockchain network. Similarly, the PC is responsible for the role and permission management of each device that participates in the network. The details of each chaincode in the blockchain are as follows:

1. DC: A device contract that is responsible for validating the device certificates and providing functions for the client or service nodes to add and read data to SDB. The contract provides $F(x)$ of addAsset() and readAsset() for the nodes. The DC has two input parameters such as device ID, and a record for which the $F(x)$ adds the data to the SDB or queries it from the SDB as per the given device ID in the parameter.

2. PC: The policy contract is compiled by the agent nodes and deployed to the blockchain. The PC is responsible for providing the policy management in the network. The admin defines the RP initially for all the nodes and sends the request to add it to the blockchain system. The data is signed with the public keys of the agent nodes and all requests are encrypted with private. This provides the mechanism for validation of the identity of the IIoT user in the network. The identity validation is done using the agents by public keys of the IIoT user and decrypting with its private key.

   However, the PC provides addRole(), deleteRole() for the user to update the RP state in the PC. For AddRole() the input parameter is role id, and set of SP.

   validatePolicy(): This method provides the validation of the RP in the blockchain system. For the valid RP, it must have proper definitions of SR and SP. The method checks the appropriate types of each definition in JSON format and returns the boolean. A policy sample is shown in Table 4 and the process is shown in Algorithm 1. This process is necessary for the cases where a new policy is being added in the chaincode using addPolicy() shown in Algorithm 2.

   updatePolicy(): This method provides an interface for both agent and user to update the RP by adding new SP or SR in the current context of RP. The method would use the atomic methods of addRole(), deleteRole() and then update the ctx in the SDB. The other methods involve the queryPolicy() and deletePolicy() where both are related to the query and delete the ctx of SDB in PC. CouchDB is used as SDB for PC to facilitate rich query operators for PC to fetch the SP and SR whenever required by the agent, user, or other chaincode in the blockchain.

   revokePermission(): This method provides the interface for the agent nodes only to manipulate the SP in the current state of RP and remove the recovable permissions to bypass the conflict in the RP.

3. AC: This chaincode is responsible for managing the access of client nodes to service nodes in the network. The service node compiles of deploys the contract on the blockchain when the request is initiated by the PC. The AC can further check if the role exists in the chaincode by querying the SDB of the blockchain using getRole() by client id as a parameter to the function. Similarly, when the roles are fetched, the chaincode can then again query the SP against the fetched role. The summary of the main functions in this chaincode is as follows:

   checkAccess(): Verifies if the access is allowed against the fetched role and assigned SP in the ctx. If the access is allowed, it returns the boolean and vice versa.

   addAccess(): Adds the access of the client to service nodes as requested by the agent after determining the possible conflict in the RP. The conflicts are determined by querying the role hierarchy from the SDB and then detecting the overlapping permissions using the getOverlappingPermissions() bypassing the role ID of the client node. The permissions are removed in case there exists any overlapping permission. That way, a new access level is added and SP is updated in the ctx of the blockchain.

   delegateAccess(): Responsible for delegating the access privileges of the client node to another node assuming that both clients are the same and have the same access privileges provided to a new client in the network. This method is invoked by the PC agent on behalf of the IIoT user in cases where delegation is required for smooth operations in the network. The process is shown in Algorithm 3

TABLE 3 Symbolic Representation of the Parameters Used in the Chaincode

TABLE 4 A Sample Policy JSON in the Policy Contract

Algorithm 1

PolicyContract.validatePolicy(): Check Policy in the Blockchain

Show All

Algorithm 2

Policy Contract.addPolicy(): Add Policy in the Blockchain

Show All

Algorithm 3

AccessContract.delegateAccess(): Delegate the Access in the Blockchain

Show All

E. Access Control Process Workflow

For the ACL on the network, we use the interaction of three chaincodes to manage the flow of information with protected privacy levels between the nodes in the IIoT application. To start with the process, the IIoT user must feed the RP to the PC to validate the RP if it meets the satisfactory criteria. Initially, the whole blockchain network would be set up, CA will generate the certificates for the nodes in the networks and each node will then deploy their chaincodes in the blockchain. For two scenarios represented in Figure 5 and 6, the ACL process for scenario 1 would be as follows:

1. Process 1: The IIoT user specifies the set of SR and SP to define the RP and feed it to PC and SDB. A basic representation of the RP is represented in Equation 4.

   $$\begin{equation*} RP \rightarrow \left \lbrace{ SR, SP, }\right \rbrace \tag{4}\end{equation*}$$ View Source\begin{equation*} RP \rightarrow \left \lbrace{ SR, SP, }\right \rbrace \tag{4}\end{equation*} The RP is then validated by the PC for possible missing constraints and committed to SDB if the PC validates the policy successfully. This process can be represented as shown in Equation 5. $$\begin{equation*} PC (RP) \rightarrow \left \lbrace{ Ledger, SDB}\right \rbrace \tag{5}\end{equation*}$$ View Source\begin{equation*} PC (RP) \rightarrow \left \lbrace{ Ledger, SDB}\right \rbrace \tag{5}\end{equation*}

2. Process 2: Client node requests to process the chunk of data by requesting DC and this request is processed against the access, and then access is granted if the SR has permission for it. This is done by invoking the AC to get the RP and access is provided to the client for data read.

3. Process 3: The AC gets invoked by the DC with the role ID of the client, for which it checks the access privileges of the client in the RP. The AC further invoked the PC to get the RP and permissions are checked.

4. Process 4: The permissions are checked, and the client request is served with the requested operation by querying the data from the SDB, and transaction is posted in the blockchain ledger. This process will call back to AC to grant access and AC will reflect DC for the deployment of the transaction.

FIGURE 5.

Scenario 1: Normal access process in IIoT application.

Show All

FIGURE 6.

Scenario 2: Conflict in access process in IIoT application.

Show All

FIGURE 7.

Activity diagram of access control framework in the blockchain.

Show All

For Scenario 2 as represented in Figure 6, process 4 will involve the agent with possible conflicts in the RP got by the PC. In that case, the agent will find the overlapping SP and will revoke to bypass the conflicting situation. After revoking the permissions, the callbacks will initiate from AC to DC, and the process will deploy the transaction on the ledger updating the ctx of the blockchain. Similarly, the updated RP will be committed to SDB. However, for this scenario, the client policy will be restored to its previous state after the transaction is posted successfully by the DC of the client node. The process is shown in Algorithm 4 and workflow of this operation is shown in Figure 8.

FIGURE 8.

Access control workflow for conflict management in the network.

Show All

Algorithm 4

PolicyContract.manageConflict(): Manage the Policy Conflict in the Blockchain

Show All

For the atomic operations, where there is any change required by the user to update the RP it can use the agent to update the RP using the PC and new $\hat {RP}$ will be committed to the ledger and SDB. This process would remain the same for the operation of delegate access where the authority of one device can be delegated to another device. In that case, the IIoT user can invoke the AC using the agent interface and AC would be invoked. The policy will be updated by PC just same as previous. All operations in the blockchain for ACL will be done with the interaction of these chaincodes where client or service nodes can only interact with DC and DC will invoke the other chaincodes thus ensuring the isolation and privacy for each chaincode involved in overall ACL process.

A. Structure Implementation

This section introduces the structure of the blockchain network and the proposed framework. In the network, there are a total of eight different types of network images running on the docker as shown in Table 6. The environment build is based on the many steps to establish the interaction between these images running in isolation. To build the network, the HF cryptographic tool is used initially to generate the root certificates and secret key pairs for nodes in the network. The secret keys provide membership service to peer nodes running in the network by assigning it identity and permission to join the network.

The second step involves mounting these generated certificates and secret key pairs to docker images of CA. The effect of these certificates will take place when the container running on the docker. After this, the other nodes in the network can validate their identity using their signature to the CA.

The third step involves deploying the identity of all nodes in the blockchain network. For this, the configtxgen tool is used to generate the genesis block that would contain the configurations of the nodes and channels in the package form. This genesis block is written into the blockchain network and identity information moves to the network by this. Once the genesis block is written into the blockchain, the information becomes immutable and tamper-proof. After this, the dependencies of the docker-compose are installed in a specified order. Once all the container runs successfully, the peer nodes will be added to the network.

The next step is to move all the chaincodes to the blockchain using the HF client by running a command to package the chaincode to a peer node in the network. All three chaincodes are mounted on peer nodes in their channel and peer nodes are upgraded simultaneously one by one.

B. RBAC Implementation

To implement the RP the chaincodes are installed on peer nodes. Peer nodes in the HF are responsible for achieving the consensus in the network. The Node JS client is used to connect the peer node to query the SDB by achieving a consensus using RAFT [32] that achieves better results than the PBFT in real-time scenarios [32]. The steps of chaincode are followed to add the SP by invoking the PC chaincode method addPolicy() as shown in Algorithm 2 and verify the addition by invoking the queryPolicy(). The result of addPolicy() invocation is shown in Figure 9 and Figure 10 shows the results of method queryPolicy() invocation.

FIGURE 9.

Deployment results of add policy in the blockchain.

Show All

FIGURE 10.

Deployment results of query policy in the blockchain.

Show All

In case, where network dynamics get changed, the policy will require the updation to adjust itself with the changes. In that case, the updation of policy is accommodated by the updatePolicy(), and invocation results are shown in Figure 11.

FIGURE 11.

Deployment results of update policy in the blockchain.

Show All

Similarly, the service nodes can add data in the network using the device contract by invoking the addAsset(), and results are shown in Figure 12. The client nodes in the network can then use this data by invoking the readAsset(). The readAsset() operation is performed after the AC checks the access privileges and grants it successfully.

FIGURE 12.

Deployement result of add asset in the blockchain.

Show All

A. Simulation Results

The cost is defined as the processing time consumed by the network to respond to the operations of virtual clients. The virtual clients are set by concurrent requests by multithreaded invocation of the chaincode for different operations. The number of virtual clients is set to 50, 100, 200, 500, and 1000 to test the cost of the network under normal to heavy operational load.

The increasing number of virtual clients would help to test the scalability of the system which is crucial in IIoT applications. For the simulation results, the results are divided into two separate experiments where in the first case, the system cost for each contract is considered for their operations for the specified number of virtual clients. In the second case, the system is tested for the average cost for each contract for its operations. The results are represented in Figures 13 and 14, where Figure 13 represents the individual cost and 13 represents the average cost of the proposed system. For the PC, statistical results for both individual and average cases are shown in Figures 13a and 14a. The cost of the proposed system is observed to increase with increasing virtual clients, however, the trend of this growth is linear, and with a certain amount of the clients in the network, the cost tends to be stable. The average time per transaction is observed to decrease with an increased number of virtual clients as shown in Figure 14a.

FIGURE 13.

Total Cost of the proposed system for virtual concurrent requests.

Show All

FIGURE 14.

Average cost of the proposed system for virtual concurrent requests.

Show All

The reason behind this phenomenon is likely to be the caching for the recent results to be fetched by the chaincode in the network from the state database. Similarly, the cost of the blockchain network would increase with an increased number of clients if the operations requests by clients are different. Similarly, the network cost would also depend on the complexity of the tasks involved in the chaincode. It is observed from Figure 13a and 14a that the write (add, update) operations are more complex than the read (get, read) operations as the cost for write operations is higher than read operations. This is because external data needs to be validated by the orderer nodes before committing it to the blockchain ledger. However, for individual responses, the cost increases concerning the number of clients in the network due to the validation required by each node in the network. The same trend is observed for DC operations where service and client nodes request and serve the data to and from the network. Figures 13b and 14b show the average time consumed per transaction in the blockchain for both individual and average cases. For DC operations, the read operation tends to show the same pattern as it was in PC.

For the AC, the system is tested for ACL to evaluate the system for the cost it takes to check access against the request by client nodes in the network. The concurrent requests were tested for delegate access, get role, and conflict management, and average cost results are shown in Figure 13c. From Figure 14c, it can again observed the same phenomenon where read operations incur less cost than write operations and transaction time is increased with an increased number of virtual clients. However, the growth behavior is independent of the size of the virtual client thus the average time shows the downtrend in Figure 14c.

B. Baseline Comparisons

RBAC is traditionally a simple ACL mechanism in comparison to ABAC systems, thus it fails to meet the requirements of the IIoT network. The proposed framework improves the RBAC lacking to make it suitable for IIoT applications. Theoretically, it is believed that using RBAC can overcome the high computation overhead of the ABAC system. To test this hypothesis, the computation cost of the proposed framework is compared with the study proposed in [30] and [32] that used the ABAC for information flow control in blockchain networks. For the comparison, the concurrent requests for virtual clients are considered as 50, 100, and 200 as common ground between these studies. These concurrent virtual clients are then used to compare the studies for write operations for all chaincodes to test the studies for their average computation overhead.

In this test, the proposed system outperforms the baseline studies significantly for write operations of chaincodes. Table 7 shows the performance results of studies for their chaincode computation overhead. While both ABAC studies represented consistent performance for virtual clients, the proposed RBAC system time overhead is significantly less than ABAC. This significant drop in time overhead demonstrates the efficiency of RBAC to provide consistent control flow in IIoT applications if RBAC is tailored to meet the requirements of IIoT use cases.

TABLE 7 Comparison of Average Computation Time (Seconds) for Access Control Operations