doi: 10.17586/2226-1494-2024-24-5-797-805


Enhancing attribute-based access control with Ethereum and ZK-SNARK technologies

M. Maalla, S. V. Bezzateev


Read the full article  ';
Article in English

For citation:
Maalla M., Bezzateev S.V. Enhancing attribute-based access control with Ethereum and ZK-SNARK technologies. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2024, vol. 24, no. 5, pp. 797–805. doi: 10.17586/2226-1494-2024-24-5-797-805


Abstract
Attribute Based Access Control (ABAC) is one the most efficient, scalable, and well used access control. It’s based on attributes not on users, but even when the users want to get access to some resource, they must submit their attributes for the verification process which may reveal the privacy of the users. Many research papers suggest blockchain-based ABAC which provides an immutable and transparent access control system. However, the privacy of the system may be compromised depending on the nature of the attributes. A Zero-Knowledge Proof, Ethereum-Based Access Control (ZK‑ABAC) is proposed in this paper to simplify the management of access to the devices/objects and provide an efficient and immutable platform that keeps track of all actions and access management and preserve the privacy of the attributes. Our ZK-ABAC model utilizes smart contracts to facilitate access control management, Zero-Knowledge Succinct NonInteractive Argument of Knowledge (ZK-SNARK) protocol to add privacy to attributes, InterPlanetary File System (IPFS) network to provide distributed storage system, and Chainlink to manage communications and data between on/ off-chain systems. Comprehensive experiments and tests were conducted to evaluate the performance of our model, including the implementation of ZK-SNARK on the Ethereum blockchain. The results demonstrated the scalability challenges in the setup and proving phases, as well as the efficiency gains in the verification phase, particularly when scaled to higher numbers of users. These findings underscore the practical viability of our ZK-ABAC model for secure and privacy-preserving access control in decentralized environments.

Keywords: ABAC, Ethereum, ZK-SNARK, zero-knowledge proofs, privacy, blockchain

References
  1. Goldwasser S., Micali S., Rackoff C. The knowledge complexity of interactive proof-systems. Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, 2019, pp. 203–225. https://doi.org/10.1145/3335741.3335750
  2. Chiesa A., Hu Y., Maller M., Mishra P., Vesely N., Ward N. Marlin: Preprocessing zkSNARKs with universal and updatable SRS. Lecture Notes in Computer Science, 2020, vol. 12105, pp. 738–768. https://doi.org/10.1007/978-3-030-45721-1_26
  3. Campanelli M., Gailly N., Gennaro R., Jovanovic P., Mihali M., Thaler J. Linear time prover snarks with constant size proofs and square root size universal setup. Lecture Notes in Computer Science, 2023, vol. 14168, pp. 331–351. https://doi.org/10.1007/978-3-031-44469-2_17
  4. Fuchsbauer G., Orrù M., Seurin Y. Aggregate cash systems: A cryptographic investigation of mimblewimble. Lecture Notes in Computer Science, 2019, vol. 11476, pp. 657–689. https://doi.org/10.1007/978-3-030-17653-2_22
  5. Ozdemir A., Wahby R. Scaling verifiable computation using efficient set accumulators. Proc. of the 29th USENIX Conference Security Symposium, 2020, pp. 2075–2092.
  6. Xie T., Zhang J., Cheng Z., Zhang F., Zhang Y., Jia Y., Boneh D., Song D. zkbridge: Trustless cross-chain bridges made practical. Proc. of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022, pp. 3003–3017. https://doi.org/10.1145/3548606.3560652
  7. Parno B., Howell J., Gentry C., Raykova M. Pinocchio: Nearly practical verifiable computation. Communications of the ACM, 2016, vol. 59, no. 2, pp. 103–112. https://doi.org/10.1145/2856449
  8. Luong D.A., Park J.H. Privacy-preserving blockchain-based healthcare system for IoT devices using ZK-SNARK. IEEE Access, 2022, vol. 10, pp. 55739–55752. https://doi.org/10.1109/access.2022.3177211
  9. Lin X., Zhang Y., Huang C., Xing B., Chen L., Hu D., Chen Y. An access control system based on blockchain with zero-knowledge rollups in high-traffic IoT environments. Sensors, 2023, vol. 23, no. 7, pp. 3443. https://doi.org/10.3390/s23073443
  10. Norvill R., Pontiveros B.B.F., State R., Cullen A. IPFS for reduction of chain size in Ethereum. Proc. of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018, pp. 1121–1128. https://doi.org/10.1109/cybermatics_2018.2018.00204
  11. Breidenbach L., Cachin C., Chan B., Coventry A., Ellis S., Juels A., Koushanfar F., Miller A., Magauran B., Moroz D., Nazarov S., Topliceanu A., Tramer F., Zhang F. Chainlink 2.0: Next steps in the evolution of decentralized oracle networks. Chainlink Labs, 2021, 136 p.
  12. Ouaddah A. A blockchain based access control framework for the security and privacy of IoT with strong anonymity unlinkability and intractability guarantees. Advances in Computers, 2019, vol. 115, pp. 211–258. https://doi.org/10.1016/bs.adcom.2018.11.001
  13. Figueroa S., Anorga J., Arrizabalaga S., Irigoyen I., Monterde M. An attribute-based access control using chaincode in RFID systems. Proc. of the 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2019, pp. 1–5. https://doi.org/10.1109/ntms.2019.8763824
  14. Cruz J.P., Kaji Y., Yanai N. RBAC-SC: Role-based access control using smart contract. IEEE Access, 2018, vol. 6, pp. 12240–12251. https://doi.org/10.1109/access.2018.2812844
  15. Wang S., Zhang Y., Zhang Y. A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. IEEE Access, 2018, vol. 6, pp. 38437–38450. https://doi.org/10.1109/access.2018.2851611
  16. Khan F., Li H., Zhang L., Shen J. An expressive hidden access policy CP-ABE. Proc. of the IEEE Second International Conference on Data Science in Cyberspace (DSC), 2017, pp. 178–186. https://doi.org/10.1109/dsc.2017.29
  17. Xu R., Chen Y., Blasch E., Chen G. BlendCAC: A smart contract enabled decentralized capability-based access control mechanism for the IoT. Computers, 2018, vol. 7, no. 3, pp. 39. https://doi.org/10.3390/computers7030039
  18. Nishide T., Yoneyama K., Ohta K. Attribute-based encryption with partially hidden encryptor-specified access structures. Lecture Notes in Computer Science, 2008, vol. 5037, pp. 111–129. https://doi.org/10.1007/978-3-540-68914-0_7
  19. Liu H., Han D., Li D. Fabric-IoT: A blockchain-based access control system in IoT. IEEE Access, 2020, vol. 8, pp. 18207–18218. https://doi.org/10.1109/access.2020.2968492
  20. Ding S., Cao J., Li C., Fan K., Li H. A novel attribute-based access control scheme using blockchain for IoT. IEEE Access, 2019, vol. 7, pp. 38431–38441. https://doi.org/10.1109/access.2019.2905846
  21. Zhou Z., Huang D., Wang Z. Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Transactions on Computers, 2015, vol. 64, no. 1, pp. 126–138. https://doi.org/10.1109/tc.2013.200
  22. Maalla M.A., Bezzateev S.V. An Ethereum based attribute-based access control for IoT. Proceedings of the Instittute for Systems Analysis Russian Academy of Sciences (ISA RAS), 2024, vol. 74, no. 1, pp. 29–34. https://doi.org/10.14357/20790279240104
  23. Eberhardt J., Tai S. ZoKrates - scalable privacy-preserving off-chain computations. Proc. of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018, pp. 1084–1091. https://doi.org/10.1109/cybermatics_2018.2018.00199
  24. Baghery K., Pindado Z., Ràfols C. Simulation extractable versions of Groth’s ZK-SNARK revisited. Lecture Notes in Computer Science, 2020, vol. 12579, pp. 453–461. https://doi.org/10.1007/978-3-030-65411-5_22
  25. Baghery K., Kohlweiss M., Siim J., Volkhov M. Another look at extraction and randomization of Groth’s ZK-SNARK. Lecture Notes in Computer Science, 2021, pp. 457–475. https://doi.org/10.1007/978-3-662-64322-8_22


Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Copyright 2001-2024 ©
Scientific and Technical Journal
of Information Technologies, Mechanics and Optics.
All rights reserved.

Яндекс.Метрика