Traditional Versus Decentralized Access Control for Internet of Things (IoT): Survey

  • Mohammed SaghirEmail author
  • Bassam Ahmed H. Abu Al Khair
  • Jamil Hamodi
  • Nibras Abdullah
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1073)


Internet of Things concept has started from the stage of early construction and increased with full speed to become a part of the Internet in the future. In our world, there are billions of an internet device has the technical challenges to manage them. Although Internet access management techniques exist, they are using 3rd party or centralized techniques to offer a set of technical constraints to manage them globally. The Block-Chain (BC), a notebook technology, offers a solution to secure trust in decentralized systems, and combines the trust, consistency and use of the shared Ledger in a public network that could be useful for building confidence in Internet objects. However, the use of BC with Internet things by itself involves a lot of challenges and has become a hot topic. Therefore, a methodical review of literature is necessary to know what is the proposed on this subject. This paper discusses a survey of key issues and design factors in IoT security that need to be considered for Access Control (AC) model designers as the IoT security requirements. In addition, we offer a broad survey of modern AC frameworks in IoT object research. We classify the proposed mechanisms into two categories: traditional and decentralized. Besides, we are discussing how the BC can be a key enabling factor for the access management model designed in IoT security.


IoT security BC IoT protocols Network security Smart contracts AC 


  1. 1.
    Siddiqa, A., Shah, M.A., Khattak, H.A., Akhunzada, A., Ali, I., Razak, Z.B., Gani, A.: Social internet of vehicles. Complexity, adaptivity, issues and beyond. IEEE Access 6, 62089–62106 (2018)Google Scholar
  2. 2.
    Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: FairAccess: a new blockchain based access control framework for the Internet of Things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)CrossRefGoogle Scholar
  3. 3. XACML 3.0.: enhancements, Nano scales Res. Lett. 6(1), 297 (2011).,
  4. 4.
    Hardt, D.: The OAuth 2.0 authorization framework (2012).
  5. 5.
    Tschofenig, H., Maler, E., Wahlstroem, E., Erdtman, S.: Authentication and authorization for constrained environments using OAuth and UMA. IETF Internet Draft (2015). draft-maler-ace-oauth-uma-00.txtGoogle Scholar
  6. 6.
    Xu, R., Chen, Y., Blasch, E., Chen, G.: A federated capability-based access control mechanism for Internet of Things (IoTs). In: 2017 Sensors and Systems for Space Applications XI, vol. 10641, p. 106410U. International Society for Optics and Photonics, May 2018Google Scholar
  7. 7.
    Pinno, O.J.A., Gregio, A.R.A., De Bona, L.C.: ControlChain: blockchain as a central enabler for access control authorizations in the IoT. In: GLOBECOM 2017-2017 IEEE Global Communications Conference, December 2017, pp. 1–6. IEEE (2017)Google Scholar
  8. 8.
    Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5(2), 1184–1195 (2018)CrossRefGoogle Scholar
  9. 9.
    Otte, P., de Vos, M., Pouwelse, J.: TrustChain: a Sybil-resistant scalable blockchain. Future Gener. Comput. Syst. (2017)Google Scholar
  10. 10.
    Alphandy, O., Amoretti, M., Claeysy, T., Dall’Asta, S., Duday, A., Ferrari, G., Rousseauy, F., Tourancheauy, B., Veltri, L., Zanichelli, F.: Department of Engineering and Architecture, University of Parma, Italy University of Grenoble Alpes, CNRS, Grenoble INP, LIG, F-38000 Grenoble, France. IoTChain: A BC Security Architecture for the Internet of Things (2018).
  11. 11.
    Xu, R., Chen, Y., Blasch, E., Chen, G.: BlendCAC: a blockchain-enabled decentralized capability-based AC for IoTs. arXiv:1804.09267v1 [cs.NI], 24 April 2018.,
  12. 12.
    El-Aziz, A.A., Kannan, A.: A comprehensive presentation to XACML (2013)Google Scholar
  13. 13.
    Seitz, L., Selander, G., Gehrmann, C.: Authorization framework for the Internet-of-Things. In: 2013 IEEE 14th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–6. IEEE, June 2013Google Scholar
  14. 14.
    Cantor, S.M., Kemp, I.J., Philpott, N.R., Maler, E.: Assertions and protocols for the oasis security assertion markup language. OASIS Standard, pp. 1–86, March 2005Google Scholar
  15. 15.
    Hammer-Lahav, E.: The oauth 1.0 protocol (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Mohammed Saghir
    • 1
    Email author
  • Bassam Ahmed H. Abu Al Khair
    • 1
  • Jamil Hamodi
    • 2
  • Nibras Abdullah
    • 3
  1. 1.Computer Science DepartmentUniversity of Science and TechnologySana’aYemen
  2. 2.Computer Science DepartmentHodeida UniversityHodeidaYemen
  3. 3.National Advanced IPv6 CenterUniversity Saints Malaysia (USM)George TownMalaysia

Personalised recommendations