{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T19:00:54Z","timestamp":1774724454880,"version":"3.50.1"},"reference-count":50,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2020,3,24]],"date-time":"2020-03-24T00:00:00Z","timestamp":1585008000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["19H01103"],"award-info":[{"award-number":["19H01103"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100009427","name":"Telecommunications Advancement Foundation","doi-asserted-by":"publisher","award":["NULL"],"award-info":[{"award-number":["NULL"]}],"id":[{"id":"10.13039\/501100009427","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006091","name":"Support Center for Advanced Telecommunications Technology Research Foundation","doi-asserted-by":"publisher","award":["NULL"],"award-info":[{"award-number":["NULL"]}],"id":[{"id":"10.13039\/501100006091","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Due to the rapid penetration of the Internet of Things (IoT) into human life, illegal access to IoT resources (e.g., data and actuators) has greatly threatened our safety. Access control, which specifies who (i.e., subjects) can access what resources (i.e., objects) under what conditions, has been recognized as an effective solution to address this issue. To cope with the distributed and trust-less nature of IoT systems, we propose a decentralized and trustworthy Capability-Based Access Control (CapBAC) scheme by using the Ethereum smart contract technology. In this scheme, a smart contract is created for each object to store and manage the capability tokens (i.e., data structures recording granted access rights) assigned to the related subjects, and also to verify the ownership and validity of the tokens for access control. Different from previous schemes which manage the tokens in units of subjects, i.e., one token per subject, our scheme manages the tokens in units of access rights or actions, i.e., one token per action. Such novel management achieves more fine-grained and flexible capability delegation and also ensures the consistency between the delegation information and the information stored in the tokens. We implemented the proposed CapBAC scheme in a locally constructed Ethereum blockchain network to demonstrate its feasibility. In addition, we measured the monetary cost of our scheme in terms of gas consumption to compare our scheme with the existing Blockchain-Enabled Decentralized Capability-Based Access Control (BlendCAC) scheme proposed by other researchers. The experimental results show that the proposed scheme outperforms the BlendCAC scheme in terms of the flexibility, granularity, and consistency of capability delegation at almost the same monetary cost.<\/jats:p>","DOI":"10.3390\/s20061793","type":"journal-article","created":{"date-parts":[[2020,3,24]],"date-time":"2020-03-24T07:16:08Z","timestamp":1585034168000},"page":"1793","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":63,"title":["Exploiting Smart Contracts for Capability-Based Access Control in the Internet of Things"],"prefix":"10.3390","volume":"20","author":[{"given":"Yuta","family":"Nakamura","sequence":"first","affiliation":[{"name":"Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3248-5909","authenticated-orcid":false,"given":"Yuanyu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1200-9112","authenticated-orcid":false,"given":"Masahiro","family":"Sasabe","sequence":"additional","affiliation":[{"name":"Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9785-8350","authenticated-orcid":false,"given":"Shoji","family":"Kasahara","sequence":"additional","affiliation":[{"name":"Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan"}]}],"member":"1968","published-online":{"date-parts":[[2020,3,24]]},"reference":[{"key":"ref_1","unstructured":"(2020, March 03). Intel IoT Gateway. Available online: https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/product-briefs\/gateway-solutions-iot-brief.pdf."},{"key":"ref_2","unstructured":"(2020, March 03). Mirai Botnet Linked to Dyn DNS DDoS Attacks. Available online: https:\/\/www.flashpoint-intel.com\/ja\/blog\/cybercrime\/mirai-botnet-linked-dyn-dns-ddos-attacks\/."},{"key":"ref_3","unstructured":"Ur, B., Jung, J., and Schechter, S. (2013, January 24\u201326). The Current State of Access Control for Smart Devices in Homes. Proceedings of the Workshop on Home Usable Privacy and Security (HUPS), NewCastle, UK."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., and Boreli, R. (2014, January 29\u201331). An Experimental Study of Security and Privacy Risks with Emerging Household Appliances. Proceedings of the 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, USA.","DOI":"10.1109\/CNS.2014.6997469"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Sivaraman, V., Gharakheili, H.H., Vishwanath, A., Boreli, R., and Mehani, O. (2015, January 19\u201321). Network-Level Security and Privacy Control for Smart-Home IoT Devices. Proceedings of the 11th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications, Abu Dhabi, UAE.","DOI":"10.1109\/WiMOB.2015.7347956"},{"key":"ref_6","unstructured":"He, W., Golla, M., Bochum, R.U., Padhi, R., Ofek, J., D\u00fcrmuth, M., He, W., Golla, M., Padhi, R., and Ofek, J. (2018, January 15\u201317). Rethinking Access Control and Authentication for the Home Internet of Things (IoT). Proceedings of the 27th USENIX Security Symposium, Baltimore, MD, USA."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2971482","article-title":"Connected Car: Technologies, Issues, Future Trends","volume":"49","author":"Coppola","year":"2016","journal-title":"ACM Comput. Surv."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"269","DOI":"10.1109\/JIOT.2015.2460333","article-title":"Twenty Security Considerations for Cloud-Supported Internet of Things","volume":"3","author":"Singh","year":"2016","journal-title":"IEEE Internet Things J."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1016\/j.comnet.2016.11.007","article-title":"Access Control in the Internet of Things: Big Challenges and New Opportunities","volume":"112","author":"Ouaddah","year":"2017","journal-title":"Comput. Netw."},{"key":"ref_10","unstructured":"Ferraiolo, D.F., and Kuhn, D.R. (1992, January 13). Role-Based Access Controls. Proceedings of the 15th National Computer Security Conference, Baltimore, MD, USA."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","article-title":"Role-Based Access Control Models","volume":"29","author":"Sandhu","year":"1996","journal-title":"IEEE Comput."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Yuan, E., and Tong, J. (2005, January 11\u201315). Attributed Based Access Control (ABAC) for Web services. Proceedings of the IEEE International Conference on Web Services (ICWS\u201905), Orlando, FL, USA.","DOI":"10.1109\/ICWS.2005.25"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.future.2013.05.010","article-title":"An Extended Attribute Based Access Control Model with Trust and Privacy: Application to A Collaborative Crisis Management System","volume":"31","author":"Smari","year":"2014","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Gusmeroli, S., Piccione, S., and Rotondi, D. (2012, January 17\u201321). IoT@Work Automation Middleware System Design and Architecture. Proceedings of the 17th IEEE International Conference on Emerging Technologies Factory Automation (ETFA 2012), Krakow, Poland.","DOI":"10.1109\/ETFA.2012.6489652"},{"key":"ref_15","unstructured":"Anggorojati, B., Mahalle, P.N., Prasad, N.R., and Prasad, R. (2012, January 24\u201327). Capability-Based Access control Delegation Model on the Federated IoT Network. Proceedings of the 15th International Symposium on Wireless Personal Multimedia Communications, Taipei, Taiwan."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1109\/MC.2015.33","article-title":"Attribute-Based Access Control","volume":"48","author":"Hu","year":"2015","journal-title":"Computer"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.12785\/amis\/080416","article-title":"An Efficient Authentication and Access Control Scheme for Perception Layer of Internet of Things","volume":"8","author":"Ye","year":"2014","journal-title":"Appl. Math. Inform. Sci."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1016\/j.comnet.2014.11.008","article-title":"Security, Privacy and Trust in Internet of Things: The Road Ahead","volume":"76","author":"Sicari","year":"2015","journal-title":"Comput. Netw."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"2266","DOI":"10.1016\/j.comnet.2012.12.018","article-title":"On the Features and Challenges of Security and Privacy in Distributed Internet of Things","volume":"57","author":"Roman","year":"2013","journal-title":"Comput. Netw."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Skarmeta, A.F., and Moreno, M.V. (2014, January 6\u20138). A Decentralized Approach for Security and Privacy Challenges in the Internet of Things. Proceedings of the IEEE World Forum on Internet of Things, Seoul, Korea.","DOI":"10.1109\/WF-IoT.2014.6803122"},{"key":"ref_21","unstructured":"(2020, March 03). Bitcoin\u2014Open Source P2P Money. Available online: https:\/\/bitcoin.org\/en\/."},{"key":"ref_22","unstructured":"Buterin, V., Wood, G., and Wilcke, J. (2020, March 03). Ethereum Homestead Documentation. Available online: https:\/\/github.com\/ethereum\/wiki\/wiki\/White-Paper."},{"key":"ref_23","unstructured":"Gavin, W., and Andreas, M.A. (2018). Mastering Ethereum, O\u2019Reilly Media, Inc."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Xu, R., Nikouei, S.Y., Chen, Y., Blasch, E., and Aved, A. (2019, January 14\u201317). Blendmas: A blockchain-enabled decentralized microservices architecture for smart public safety. Proceedings of the 2019 IEEE International Conference on Blockchain (Blockchain), Atlanta, GA, USA.","DOI":"10.1109\/Blockchain.2019.00082"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"739","DOI":"10.1109\/TCSS.2019.2924442","article-title":"New Blockchain-Based Architecture for Service Interoperations in Internet of Things","volume":"6","author":"Viriyasitavat","year":"2019","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"key":"ref_26","first-page":"21","article-title":"When blockchain meets internet of things: Characteristics, challenges, and business opportunities","volume":"15","author":"Viriyasitavat","year":"2019","journal-title":"J. Ind. Inf. Integr."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s42400-018-0020-9","article-title":"Access control technologies for Big Data management systems: Literature review and future trends","volume":"2","author":"Colombo","year":"2019","journal-title":"Cybersecurity"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Xu, R., Chen, Y., Blasch, E., and Chen, G. (2018). BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT. Computers, 7.","DOI":"10.20944\/preprints201805.0079.v1"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Dorri, A., Kanhere, S.S., Jurdak, R., and Gauravaram, P. (2017, January 13\u201317). Blockchain for IoT Security and Privacy: The Case Study of a Smart Home. Proceedings of the IEEE PerCom Workshops, Kona, HI, USA.","DOI":"10.1109\/PERCOMW.2017.7917634"},{"key":"ref_30","unstructured":"Francesco, D.D.M., Mori, P., and Ricci, L. (2017, January 19\u201322). Blockchain Based Access Control. Proceedings of the IFIP International Conference on Distributed Applications and Interoperable Systems, Neuchatel, Switzerland."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"5943","DOI":"10.1002\/sec.1748","article-title":"FairAccess: A New Blockchain-Based Access Control Framework for the Internet of Things","volume":"9","author":"Ouaddah","year":"2017","journal-title":"Secur. Commun. Netw."},{"key":"ref_32","unstructured":"Francesco, D.D.M., Paolo, M., and Ricci, L. (August, January 30). Blockchain Based Access Control Services. Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"1594","DOI":"10.1109\/JIOT.2018.2847705","article-title":"Smart Contract-Based Access Control for the Internet of Things","volume":"6","author":"Zhang","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Sultana, T., Ghaffar, A., Azeem, M., Abubaker, Z., Gurmani, M.U., and Javaid, N. (2020). Data Sharing System Integrating Access Control Based on Smart Contracts for IoT. Advances on P2P, Parallel, Grid, Cloud and Internet Computing, Springer International Publishing.","DOI":"10.1007\/978-3-030-33509-0_81"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"12240","DOI":"10.1109\/ACCESS.2018.2812844","article-title":"RBAC-SC: Role-Based Access Control Using Smart Contract","volume":"6","author":"Cruz","year":"2018","journal-title":"IEEE Access"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Albreiki, H., Alqassem, L., Salah, K., Rehman, M.H., and Svetinovic, D. (2019, January 11\u201312). Decentralized Access Control for IoT Data Using Blockchain and Trusted Oracles. Proceedings of the IEEE International Conference on Industrial Internet (ICII), Orlando, FL, USA.","DOI":"10.1109\/ICII.2019.00051"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"102444","DOI":"10.1016\/j.jnca.2019.102444","article-title":"SBAC: A secure blockchain-based access control framework for information-centric networking","volume":"149","author":"Lyu","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Dukkipati, C., Zhang, Y., and Cheng, L.C. (2018, January 21). Decentralized, Blockchain Based Access Control Framework for the Heterogeneous Internet of Things. Proceedings of the 3rd ACM Workshop on Attribute Based Access Control, Tempe, AZ, USA.","DOI":"10.1145\/3180457.3180458"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Yutaka, M., Zhang, Y., Sasabe, M., and Kasahara, S. (2019, January 9\u201313). Using Ethereum Blockchain for Distributed Attribute-Based Access Control in the Internet of Things. Proceedings of the IEEE Global Communications Conference (IEEE GLOBECOM), Waikoloa, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9014155"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Wang, P., Yue, Y., Sun, W., and Liu, J. (2019, January 21\u201323). An Attribute-Based Distributed Access Control for Blockchain-enabled IoT. Proceedings of the International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Barcelona, Spain.","DOI":"10.1109\/WiMOB.2019.8923232"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1016\/j.cose.2019.03.016","article-title":"A blockchain based approach for the definition of auditable Access Control systems","volume":"84","author":"Maesa","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"38431","DOI":"10.1109\/ACCESS.2019.2905846","article-title":"A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT","volume":"7","author":"Ding","year":"2019","journal-title":"IEEE Access"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Yu, G., Zha, X., Wang, X., Ni, W., Yu, K., Yu, P., Zhang, J.A., Liu, R.P., and Guo, Y.J. (2020). Enabling Attribute Revocation for Fine-Grained Access Control in Blockchain-IoT Systems. IEEE Trans. Eng. Manag., 1\u201318.","DOI":"10.1109\/TEM.2020.2966643"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Suciu, G., Istrate, C.I., Vulpe, A., Sachian, M.A., Vochin, M., Farao, A., and Xenakis, C. (2019, January 10\u201312). Attribute-based Access Control for Secure and Resilient Smart Grids. Proceedings of the 6th International Symposium for ICS & SCADA Cyber Security Research, Athens, Greece.","DOI":"10.14236\/ewic\/icscsr19.9"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Tang, B., Kang, H., Fan, J., Li, Q., and Sandhu, R. (2019, January 4\u20136). Iot passport: A blockchain-based trust framework for collaborative internet-of-things. Proceedings of the 24th ACM Symposium on Access Control Models and Technologies, Toronto, ON, Canada.","DOI":"10.1145\/3322431.3326327"},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1016\/j.jnca.2017.04.002","article-title":"Internet of Things security: A survey","volume":"88","author":"Alaba","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1016\/j.jnca.2017.02.009","article-title":"A survey of intrusion detection in Internet of Things","volume":"84","author":"Miani","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Nakamura, Y., Zhang, Y., Sasabe, M., and Kasahara, S. (2019, January 9\u201313). Capability-Based Access Control for the Internet of Things: An Ethereum Blockchain-Based Scheme. Proceedings of the IEEE Global Communications Conference (IEEE GLOBECOM), Waikoloa, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9013321"},{"key":"ref_49","unstructured":"Nakamura, Y. (2020, February 29). Codes for Experiments. Available online: https:\/\/github.com\/YutaNakamura1413\/Blockchain-CapBAC."},{"key":"ref_50","unstructured":"(2020, March 03). Web3 Javascript API to Interact with Ethereum Nodes. Available online: https:\/\/github.com\/ethereum\/wiki\/wiki\/JavaScript-API."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/6\/1793\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:11:02Z","timestamp":1760173862000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/6\/1793"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,24]]},"references-count":50,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2020,3]]}},"alternative-id":["s20061793"],"URL":"https:\/\/doi.org\/10.3390\/s20061793","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,3,24]]}}}