{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T04:14:51Z","timestamp":1774412091142,"version":"3.50.1"},"reference-count":50,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2023,2,16]],"date-time":"2023-02-16T00:00:00Z","timestamp":1676505600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>The connected or smart environment is the integration of smart devices (sensors, IoT devices, or actuator) into the Internet of Things (IoT) paradigm, in which a large number of devices are connected, monitoring the physical environment and processes and transmitting into the centralized database for advanced analytics and analysis. This integrated and connected setup allows greater levels of automation of smart systems than is possible with just the Internet. While delivering services to the different processes and application within connected smart systems, these IoT devices perform an impeccably large number of device-to-device communications that allow them to access the selected subsets of device information and data. The sensitive and private nature of these data renders the smart infrastructure vulnerable to copious attacks which threat agents exploit for cyberattacks which not only affect critical services but probably bring threat to people\u2019s lives. Hence, advanced measures need to be taken for securing smart environments, such as dynamic access control, advanced network screening, and monitoring behavioural anomalies. In this paper, we have discussed the essential cyberthreats and vulnerabilities in smart environments and proposed ZAIB (Zero-Trust and ABAC for IoT using Blockchain), a novel secure framework that monitors and facilitates device-to-device communications with different levels of access-controlled mechanisms based on environmental parameters and device behaviour. It is protected by zero-trust architecture and provides dynamic behavioural analysis of IoT devices by calculating device trust levels for each request. ZAIB enforces variable policies specifically generated for each scenario by using attribute-based access control (ABAC). We have used blockchain to ensure anonymous device and user registrations and immutable activity logs. All the attributes, trust level histories, and data generated by IoT devices are protected using IPFS. Finally, a security evaluation shows that ZAIB satisfies the needs of active defence and end-to-end security enforcement of data, users, and services involved in a smart grid network.<\/jats:p>","DOI":"10.3390\/info14020129","type":"journal-article","created":{"date-parts":[[2023,2,16]],"date-time":"2023-02-16T04:51:46Z","timestamp":1676523106000},"page":"129","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":66,"title":["A Blockchain-Inspired Attribute-Based Zero-Trust Access Control Model for IoT"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4442-1563","authenticated-orcid":false,"given":"Samia Masood","family":"Awan","sequence":"first","affiliation":[{"name":"Department of Computer Science, NED University of Engineering & Technology, Karachi 74200, Pakistan"}]},{"given":"Muhammad Ajmal","family":"Azad","sequence":"additional","affiliation":[{"name":"School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7BD, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0424-9498","authenticated-orcid":false,"given":"Junaid","family":"Arshad","sequence":"additional","affiliation":[{"name":"School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7BD, UK"}]},{"given":"Urooj","family":"Waheed","sequence":"additional","affiliation":[{"name":"Department of Computer Science, DHA Suffa University, Karachi 74200, Pakistan"}]},{"given":"Tahir","family":"Sharif","sequence":"additional","affiliation":[{"name":"College of Science and Engineering, University of Derby, Derby DE22 1GB, UK"}]}],"member":"1968","published-online":{"date-parts":[[2023,2,16]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"10248","DOI":"10.1109\/JIOT.2020.3041042","article-title":"A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture","volume":"8","author":"Chen","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Syed, A.S., Sierra-Sosa, D., Kumar, A., and Elmaghraby, A. (2021). IoT in Smart Cities: A Survey of Technologies, Practices and Challenges. Smart Cities, 4.","DOI":"10.3390\/smartcities4020024"},{"key":"ref_3","unstructured":"(2022, December 30). What Is Stuxnet?. Available online: https:\/\/www.trellix.com\/en-us\/security-awareness\/ransomware\/what-is-stuxnet.html."},{"key":"ref_4","unstructured":"U.S. Institute of Peace (2021, April 12). Israeli Sabotage of Iran\u2019s Nuclear Program, Available online: https:\/\/iranprimer.usip.org\/blog\/2021\/apr\/12\/israeli-sabotage-iran%E2%80%99s-nuclear-program."},{"key":"ref_5","unstructured":"Zetter, K. (2010, October 30). Inside the Cunning, Unprecedented Hack of Ukraine\u2019s Power Grid, Published in Wired. Available online: https:\/\/www.wired.com\/2016\/03\/inside-cunning-unprecedented-hack-ukraines-power-grid\/."},{"key":"ref_6","first-page":"383","article-title":"Security issues in the Internet of Things (IoT): A comprehensive study","volume":"8","author":"Razzaq","year":"2017","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"106436","DOI":"10.1016\/j.ymssp.2019.106436","article-title":"An intrusion detection framework for energy constrained IoT devices","volume":"136","author":"Arshad","year":"2020","journal-title":"Mech. Syst. Signal Process."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1049\/iet-net.2018.5036","article-title":"COLIDE: A collaborative intrusion detection framework for Internet of Things","volume":"8","author":"Arshad","year":"2019","journal-title":"IET Netw."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1016\/j.future.2016.11.005","article-title":"Deployment of an open sensorized platform in a smart city context","volume":"76","author":"Trilles","year":"2017","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"e3188","DOI":"10.1002\/ett.3188","article-title":"Anomaly behavior analysis for IoT sensors","volume":"29","author":"Pacheco","year":"2018","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Samaniego, M., and Deters, R. (2018, January 2\u20137). Zero-trust hierarchical management in IoT. Proceedings of the 2018 IEEE International Congress on Internet of Things (ICIOT), San Francisco, CA, USA.","DOI":"10.1109\/ICIOT.2018.00019"},{"key":"ref_12","unstructured":"Bruno, E., Gallier, R., and Gabillon, A. (2019). Proceedings of the International Conference on Future Data and Security Engineering, Springer."},{"key":"ref_13","unstructured":"Zimmer, B. (2018). Proceedings of the Enigma 2018 (Enigma 2018), USENIX Association."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Alramadhan, M., and Sha, K. (August, January 31). An overview of access control mechanisms for internet of things. Proceedings of the 2017 26th International Conference on Computer Communication and Networks (ICCCN), Vancouver, BC, Canada.","DOI":"10.1109\/ICCCN.2017.8038503"},{"key":"ref_15","unstructured":"Kindervag, J. (2010). Build Security into Your Network\u2019s DNA: The Zero Trust Network Architecture, Forrester Research Inc."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Muralidharan, S., and Ko, H. (2019, January 11\u201313). An InterPlanetary file system (IPFS) based IoT framework. Proceedings of the 2019 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA.","DOI":"10.1109\/ICCE.2019.8662002"},{"key":"ref_17","unstructured":"Rose, S.W., Borchert, O., Mitchell, S., and Connelly, S. (2023, February 01). Zero Trust Architecture, Available online: https:\/\/www.nist.gov\/publications\/zero-trust-architecture."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"e4391","DOI":"10.1002\/ett.4391","article-title":"A comprehensive survey on secure software-defined network for the Internet of Things","volume":"33","author":"Fatema","year":"2022","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Dhar, S., and Bose, I. (2020). Securing IoT Devices Using Zero Trust and Blockchain. J. Organ. Comput. Electron. Commer., 1\u201317.","DOI":"10.1080\/10919392.2020.1831870"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Li, B., Liu, B., Wu, J., Wang, Y., and Yang, X. (2020). An attribute-based collaborative access control scheme using blockchain for IoT devices. Electronics, 9.","DOI":"10.3390\/electronics9020285"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"18207","DOI":"10.1109\/ACCESS.2020.2968492","article-title":"Fabric-IoT: A blockchain-based access control system in IoT","volume":"8","author":"Liu","year":"2020","journal-title":"IEEE Access"},{"key":"ref_22","unstructured":"Benet, J. (2014). Ipfs-content addressed, versioned, p2p file system. arXiv."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Naz, M., Al-zahrani, F.A., Khalid, R., Javaid, N., Qamar, A.M., Afzal, M.K., and Shafiq, M. (2019). A secure data sharing platform using blockchain and interplanetary file system. Sustainability, 11.","DOI":"10.3390\/su11247054"},{"key":"ref_24","unstructured":"Assun\u00e7\u00e3o, P. (2019, January 15\u201317). A Zero Trust Approach to Network Security. Proceedings of the Digital Privacy and Security Conference 2019, Miami, FL, USA."},{"key":"ref_25","unstructured":"Lukaseder, T., Halter, M., and Kargl, F. (2020). Sicherheit 2020, Gesellschaft f\u00fcr Informatik e.V."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Picard, N., Colin, J.N., and Zampunieris, D. (2018, January 19\u201321). Context-aware and attribute-based access control applying proactive computing to IoT system. Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security (IoTBDS 2018). SCITEPRESS, Madeira, Portugal.","DOI":"10.5220\/0006815803330339"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Zhang, X., and Jiang, X. (2020, January 24\u201326). IoT architecture based on ABAC smart contract. Proceedings of the 2020 3rd International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE), Shenzhen, China.","DOI":"10.1109\/AEMCSE50948.2020.00033"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"204441","DOI":"10.1109\/ACCESS.2020.3036811","article-title":"Preserving Privacy in Mobile Health Systems Using Non-Interactive Zero-Knowledge Proof and Blockchain","volume":"8","author":"Tomaz","year":"2020","journal-title":"IEEE Access"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1145\/3422648.3422665","article-title":"Revealing Every Story of Data in Blockchain Systems","volume":"49","author":"Ruan","year":"2020","journal-title":"SIGMOD Rec."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"975","DOI":"10.14778\/3329772.3329775","article-title":"Fine-Grained, Secure and Efficient Data Provenance on Blockchain Systems","volume":"12","author":"Ruan","year":"2019","journal-title":"Proc. VLDB Endow."},{"key":"ref_31","first-page":"178","article-title":"A comparison of attribute based access control (ABAC) standards for data service applications","volume":"800","author":"Ferraiolo","year":"2016","journal-title":"NIST Spec. Publ."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MCOMSTD.001.1900027","article-title":"Zero-knowledge proofs do not solve the privacy-trust problem of attribute-based credentials: What if alice is evil?","volume":"3","author":"Arnold","year":"2019","journal-title":"IEEE Commun. Stand. Mag."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Arasteh, H., Hosseinnezhad, V., Loia, V., Tommasetti, A., Troisi, O., Shafie-khah, M., and Siano, P. (2016, January 7\u201310). Iot-based smart cities: A survey. Proceedings of the 2016 IEEE 16th International Conference on Environment and Electrical Engineering (EEEIC), Florence, Italy.","DOI":"10.1109\/EEEIC.2016.7555867"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Waheed, U., Khan, M.S.A., Awan, S.M., Khan, M.A., and Mansoor, Y. (2023, January 13). Decentralized Approach to Secure IoT Based Networks Using Blockchain Technology. 3C Tecnolog\u00eda_Glosas de Innovaci\u00f3n Aplicadas a la Pyme (2019). Available online: https:\/\/dialnet.unirioja.es\/servlet\/articulo?codigo=6933920.","DOI":"10.17993\/3ctecno.2019.specialissue2.182-205"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"5943","DOI":"10.1002\/sec.1748","article-title":"FairAccess: A new Blockchain-based access control framework for the Internet of Things","volume":"9","author":"Ouaddah","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"11354","DOI":"10.1109\/ACCESS.2022.3144681","article-title":"CES Blocks\u2014A Novel Chaotic Encryption Schemes-Based Blockchain System for an IoT Environment","volume":"10","author":"Durga","year":"2022","journal-title":"IEEE Access"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Bezawada, B., Haefner, K., and Ray, I. (2018, January 21). Securing home IoT environments with attribute-based access control. Proceedings of the Third ACM Workshop on Attribute-Based Access Control, Tempe, AZ, USA.","DOI":"10.1145\/3180457.3180464"},{"key":"ref_38","first-page":"14","article-title":"BlockShare: A Blockchain empowered system for privacy-preserving verifiable data sharing","volume":"1","author":"Peng","year":"2022","journal-title":"Bull. IEEE Comput. Soc. Tech. Comm. Data Eng."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Alevizos, L., Ta, V.T., and Eiza, M.H. (2021). Augmenting Zero Trust Architecture to Endpoints Using Blockchain: A Systematic Review. arXiv.","DOI":"10.1002\/spy2.191"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"38431","DOI":"10.1109\/ACCESS.2019.2905846","article-title":"A novel attribute-based access control scheme using blockchain for IoT","volume":"7","author":"Ding","year":"2019","journal-title":"IEEE Access"},{"key":"ref_41","unstructured":"Yan, X., and Wang, H. (2020). Proceedings of the International Conference on Artificial Intelligence and Security, Springer."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"15100","DOI":"10.1109\/JIOT.2022.3147478","article-title":"A Decentralized Location-Based Reputation Management System in the IoT Using Blockchain","volume":"9","author":"Weerapanpisit","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"1763","DOI":"10.1007\/s00500-015-1705-6","article-title":"TACIoT: Multidimensional trust-aware access control system for the Internet of Things","volume":"20","author":"Bernabe","year":"2016","journal-title":"Soft Comput."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Xu, R., Chen, Y., Blasch, E., and Chen, G. (2018). Blendcac: A smart contract enabled decentralized capability-based access control mechanism for the iot. Computers, 7.","DOI":"10.20944\/preprints201805.0079.v1"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Cruz-Piris, L., Rivera, D., Marsa-Maestre, I., De La Hoz, E., and Velasco, J.R. (2018). Access control mechanism for IoT environments based on modelling communication procedures as resources. Sensors, 18.","DOI":"10.3390\/s18030917"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Eidle, D., Ni, S.Y., DeCusatis, C., and Sager, A. (2017, January 19\u201321). Autonomic security for zero trust networks. Proceedings of the 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), New York, NY, USA.","DOI":"10.1109\/UEMCON.2017.8249053"},{"key":"ref_47","unstructured":"Fran\u00e7ois, J., Abdelnur, H., and Festor, O. (2009). Proceedings of the International Workshop on Recent Advances in Intrusion Detection, Springer."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1109\/TDSC.2014.2369033","article-title":"GTID: A technique for physical device and device type fingerprinting","volume":"12","author":"Radhakrishnan","year":"2014","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Sivanathan, A., Gharakheili, H.H., and Sivaraman, V. (2018, January 21\u201322). Can we classify an iot device using tcp port scan?. Proceedings of the 2018 IEEE International Conference on Information and Automation for Sustainability (ICIAfS), Colombo, Sri Lanka.","DOI":"10.1109\/ICIAFS.2018.8913346"},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s42979-019-0022-z","article-title":"Access controls for IoT networks","volume":"1","author":"Gabillon","year":"2020","journal-title":"SN Comput. Sci."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/2\/129\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:38:02Z","timestamp":1760121482000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/2\/129"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,2,16]]},"references-count":50,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2023,2]]}},"alternative-id":["info14020129"],"URL":"https:\/\/doi.org\/10.3390\/info14020129","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,2,16]]}}}