{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T18:18:35Z","timestamp":1775585915280,"version":"3.50.1"},"reference-count":54,"publisher":"MDPI AG","issue":"15","license":[{"start":{"date-parts":[[2021,7,26]],"date-time":"2021-07-26T00:00:00Z","timestamp":1627257600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["19K14983, 19H01103"],"award-info":[{"award-number":["19K14983, 19H01103"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Unauthorized resource access represents a typical security threat in the Internet of Things (IoT), while distributed ledger technologies (e.g., blockchain and IOTA) hold great promise to address this threat. Although blockchain-based IoT access control schemes have been the most popular ones, they suffer from several significant limitations, such as high monetary cost and low throughput of processing access requests. To overcome these limitations, this paper proposes a novel IoT access control scheme by combining the fee-less IOTA technology and the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) technology. To control the access to a resource, a token, which records access permissions to this resource, is encrypted by the CP-ABE technology and uploaded to the IOTA Tangle (i.e., the underlying database of IOTA). Any user can fetch the encrypted token from the Tangle, while only those who can decrypt this token are authorized to access the resource. In this way, the proposed scheme enables not only distributed, fee-less and scalable access control thanks to the IOTA but also fine-grained attribute-based access control thanks to the CP-ABE. We show the feasibility of our scheme by implementing a proof-of-concept prototype system using smart phones (Google Pixel 3XL) and a commercial IoT gateway (NEC EGW001). We also evaluate the performance of the proposed scheme in terms of access request processing throughput. The experimental results show that our scheme enables object owners to authorize access rights to a large number of subjects in a much (about 5 times) shorter time than the existing access control scheme called Decentralized Capability-based Access Control framework using IOTA (DCACI), significantly improving the access request processing throughput.<\/jats:p>","DOI":"10.3390\/s21155053","type":"journal-article","created":{"date-parts":[[2021,7,26]],"date-time":"2021-07-26T22:22:46Z","timestamp":1627338166000},"page":"5053","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":29,"title":["Combining IOTA and Attribute-Based Encryption for Access Control in the Internet of Things"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3248-5909","authenticated-orcid":false,"given":"Yuanyu","family":"Zhang","sequence":"first","affiliation":[{"name":"School of Computer Science and Technology, Xidian University, Xi\u2019an 710071, China"},{"name":"Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan"}]},{"given":"Ruka","family":"Nakanishi","sequence":"additional","affiliation":[{"name":"Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1200-9112","authenticated-orcid":false,"given":"Masahiro","family":"Sasabe","sequence":"additional","affiliation":[{"name":"Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9785-8350","authenticated-orcid":false,"given":"Shoji","family":"Kasahara","sequence":"additional","affiliation":[{"name":"Graduate School of Science and Technology, Nara Institute of Science and Technology, 8916-5 Takayama-Cho, Ikoma, Nara 630-0192, Japan"}]}],"member":"1968","published-online":{"date-parts":[[2021,7,26]]},"reference":[{"key":"ref_1","unstructured":"(2021, June 25). Gartner Identifies Top 10 Strategic IoT Technologies and Trends. Available online: https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2018-11-07-gartner-identifies-top-10-strategic-iot-technologies-and-trends\/."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Zikria, Y.B., Ali, R., Afzal, M.K., and Kim, S.W. (2021). Next-Generation Internet of Things (IoT): Opportunities, Challenges, and Solutions. Sensors, 21.","DOI":"10.3390\/s21041174"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"4719","DOI":"10.1080\/00207543.2017.1402140","article-title":"Internet of things and supply chain management: A literature review","volume":"57","author":"Hassini","year":"2019","journal-title":"Int. J. Prod. Res."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1121","DOI":"10.1109\/COMST.2020.2973314","article-title":"The Future of Healthcare Internet of Things: A Survey of Emerging Technologies","volume":"22","author":"Qadri","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1190","DOI":"10.1080\/24725854.2018.1555383","article-title":"The Internet of things for smart manufacturing: A review","volume":"51","author":"Yang","year":"2019","journal-title":"IISE Trans."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"100129","DOI":"10.1016\/j.iot.2019.100129","article-title":"A survey on Internet of things security: Requirements, challenges, and solutions","volume":"14","author":"HaddadPajouh","year":"2019","journal-title":"Internet Things"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"101728","DOI":"10.1016\/j.scs.2019.101728","article-title":"Internet of Things: Evolution and technologies from a security perspective","volume":"54","author":"Ande","year":"2020","journal-title":"Sustain. Cities Soc."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"616","DOI":"10.1109\/COMST.2019.2953364","article-title":"Security of the Internet of Things: Vulnerabilities, attacks, and countermeasures","volume":"22","author":"Butun","year":"2019","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"2702","DOI":"10.1109\/COMST.2019.2910750","article-title":"Demystifying IoT security: An exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-scale IoT exploitations","volume":"21","author":"Neshenko","year":"2019","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Xu, R., Chen, Y., Blasch, E., and Chen, G. (August, January 30). BlendCAC: A blockchain-enabled decentralized capability-based access control for IoTs. Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada.","DOI":"10.1109\/Cybermatics_2018.2018.00191"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"041609","DOI":"10.1117\/1.OE.58.4.041609","article-title":"Exploration of blockchain-enabled decentralized capability-based access control strategy for space situation awareness","volume":"58","author":"Xu","year":"2019","journal-title":"Opt. Eng."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Nakamura, Y., Zhang, Y., Sasabe, M., and Kasahara, S. (2019, January 9\u201313). Capability-based access control for the Internet of things: An Ethereum blockchain-based scheme. Proceedings of the IEEE GLOBECOM 2019, Big Island, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9013321"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Nakamura, Y., Zhang, Y., Sasabe, M., and Kasahara, S. (2020). Exploiting Smart Contracts for Capability-Based Access Control in the Internet of Things. Sensors, 20.","DOI":"10.3390\/s20061793"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Dukkipati, C., Zhang, Y., and Cheng, L.C. (2018, January 19\u201321). Decentralized, BlockChain Based Access Control Framework for the Heterogeneous Internet of Things. Proceedings of the 3rd ACM Workshop on Attribute-Based Access Control, Tempe, AZ, USA.","DOI":"10.1145\/3180457.3180458"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1016\/j.cose.2019.03.016","article-title":"A blockchain based approach for the definition of auditable Access Control systems","volume":"84","author":"Maesa","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Yutaka, M., Zhang, Y., Sasabe, M., and Kasahara, S. (2019, January 9\u201313). Using Ethereum blockchain for distributed attribute-based access control in the Internet of things. Proceedings of the IEEE GLOBECOM 2019, Big Island, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9014155"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"6372","DOI":"10.1109\/JIOT.2020.3033434","article-title":"Attribute-Based Access Control for Smart Cities: A Smart Contract-Driven Framework","volume":"8","author":"Zhang","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"12240","DOI":"10.1109\/ACCESS.2018.2812844","article-title":"RBAC-SC: Role-based access control using smart contract","volume":"6","author":"Cruz","year":"2018","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Rahman, M.U., Guidi, B., Baiardi, F., and Ricci, L. (2020, January 15\u201317). Context-aware and dynamic role-based access control using blockchain. Proceedings of the International Conference on Advanced Information Networking and Applications, Caserta, Italy.","DOI":"10.1007\/978-3-030-44041-1_122"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1594","DOI":"10.1109\/JIOT.2018.2847705","article-title":"Smart Contract-Based Access Control for the Internet of Things","volume":"6","author":"Zhang","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Sultana, T., Almogren, A., Akbar, M., Zuair, M., Ullah, I., and Javaid, N. (2020). Data sharing system integrating access control mechanism using blockchain-based smart contracts for IoT devices. Appl. Sci., 10.","DOI":"10.3390\/app10020488"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1184","DOI":"10.1109\/JIOT.2018.2812239","article-title":"Blockchain meets IoT: An architecture for scalable access management in IoT","volume":"5","author":"Novo","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"5943","DOI":"10.1002\/sec.1748","article-title":"FairAccess: A new Blockchain-based access control framework for the Internet of Things","volume":"9","author":"Ouaddah","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"ref_24","unstructured":"Maesa, D.D.F., Mori, P., and Ricci, L. (2017, January 19\u201322). Blockchain based access control. Proceedings of the IFIP International Conference on Distributed Applications and Interoperable Systems, Neuch\u00e2tel, Switzerland."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Pinno, O.J.A., Gregio, A.R.A., and De Bona, L.C. (2017, January 4\u20138). ControlChain: Blockchain as a central enabler for access control authorizations in the IoT. Proceedings of the IEEE GLOBECOM 2017, Singapore.","DOI":"10.1109\/GLOCOM.2017.8254521"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"38431","DOI":"10.1109\/ACCESS.2019.2905846","article-title":"A novel attribute-based access control scheme using blockchain for IoT","volume":"7","author":"Ding","year":"2019","journal-title":"IEEE Access"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Zhu, Y., Qin, Y., Gan, G., Shuai, Y., and Chu, W.C.C. (2018, January 23\u201327). TBAC: Transaction-based access control on blockchain for resource sharing with cryptographically decentralized authorization. Proceedings of the 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan.","DOI":"10.1109\/COMPSAC.2018.00083"},{"key":"ref_28","unstructured":"(2021, June 25). Bitcoin\u2014Open Source P2P Money. Available online: https:\/\/bitcoin.org\/en\/."},{"key":"ref_29","unstructured":"(2021, June 25). Home|Ethereum. Available online: https:\/\/ethereum.org\/."},{"key":"ref_30","unstructured":"(2021, June 25). Introduction to Smart Contracts. Available online: https:\/\/ethereum.org\/en\/developers\/docs\/smart-contracts\/."},{"key":"ref_31","unstructured":"(2021, June 25). Blockchain Technology Overview, Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2018\/NIST.IR.8202.pdf."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Conoscenti, M., Vetro, A., and De Martin, J.C. (December, January 29). Blockchain for the Internet of Things: A systematic literature review. Proceedings of the 2016 IEEE\/ACS 13th International Conference of Computer Systems and Applications (AICCSA), Agadir, Morocco.","DOI":"10.1109\/AICCSA.2016.7945805"},{"key":"ref_33","unstructured":"(2021, June 25). Fully Decentralized IOTA 2.0 Explained in Under 3 Minutes. Available online: https:\/\/blog.iota.org\/fully-decentralized-iota-explained-in-under-3-minutes\/."},{"key":"ref_34","unstructured":"(2021, June 25). Introducing IOTA Access. Available online: https:\/\/blog.iota.org\/introducing-iota-access-686a2f017ff\/."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Pinjala, S.K., and Sivalingam, K.M. (2019, January 15\u201318). DCACI: A Decentralized Lightweight Capability Based Access Control Framework using IOTA for Internet of Things. Proceedings of the 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), Limerick, Ireland.","DOI":"10.1109\/WF-IoT.2019.8767356"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Bethencourt, J., Sahai, A., and Waters, B. (2007, January 20\u201323). Ciphertext-Policy Attribute-Based Encryption. Proceedings of the IEEE Symposium on Security and Privacy (SP \u201907), Berkeley, CA, USA.","DOI":"10.1109\/SP.2007.11"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Nakanishi, R., Zhang, Y., Sasabe, M., and Kasahara, S. (2020, January 28\u201330). IOTA-Based Access Control Framework for the Internet of Things. Proceedings of the 2nd Conference on Blockchain Research and Applications for Innovative Networks and Services (BRAINS), Paris, France.","DOI":"10.1109\/BRAINS49436.2020.9223293"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/35.312842","article-title":"Access Control: Principle and Practice","volume":"32","author":"Sandhu","year":"1994","journal-title":"IEEE Commun. Mag."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","article-title":"Role-based access control models","volume":"29","author":"Sandhu","year":"1996","journal-title":"Computer"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1109\/MC.2015.33","article-title":"Attribute-based access control","volume":"48","author":"Hu","year":"2015","journal-title":"Computer"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.1016\/j.mcm.2013.02.006","article-title":"A capability-based security approach to manage access control in the Internet of things","volume":"58","author":"Gusmeroli","year":"2013","journal-title":"Math. Comput. Model."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Bhatt, S., Patwa, F., and Sandhu, R. (2017, January 21\u201323). Access control model for AWS Internet of things. Proceedings of the International Conference on Network and System Security, Helsinki, Finland.","DOI":"10.1007\/978-3-319-64701-2_57"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Gusmeroli, S., Piccione, S., and Rotondi, D. (2012, January 4\u20136). IoT access control issues: A capability based approach. Proceedings of the 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Palermo, Italy.","DOI":"10.1109\/IMIS.2012.38"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Liu, J., Xiao, Y., and Chen, C.P. (2012, January 18\u201321). Authentication and access control in the Internet of things. Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China.","DOI":"10.1109\/ICDCSW.2012.23"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1016\/j.comnet.2016.11.007","article-title":"Access control in the Internet of Things: Big challenges and new opportunities","volume":"112","author":"Ouaddah","year":"2017","journal-title":"Comput. Netw."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1016\/j.clsr.2009.11.008","article-title":"Internet of Things\u2014New security and privacy challenges","volume":"26","author":"Weber","year":"2010","journal-title":"Comput. Law Secur. Rev."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Pilkington, M. (2016). Blockchain technology: Principles and applications. Research Handbook on Digital Transformations, Edward Elgar Publishing.","DOI":"10.4337\/9781784717766.00019"},{"key":"ref_48","unstructured":"(2021, June 25). Introducing Masked Authenticated Messaging\u2014IOTA. Available online: https:\/\/blog.iota.org\/introducing-masked-authenticated-messaging-e55c1822d50e\/."},{"key":"ref_49","unstructured":"(2021, June 25). IOTA Networks\u2014IOTA Documentation. Available online: https:\/\/docs.iota.org\/docs\/getting-started\/1.1\/networks\/overview."},{"key":"ref_50","unstructured":"(2021, June 25). Masked Authentication Messaging Wrapper for Javascript (Browser and Node). Available online: https:\/\/github.com\/iotaledger\/mam.client.js\/."},{"key":"ref_51","unstructured":"(2021, June 25). Zlwen\/Cpabe-Java: The Implementation of Ciphertext Policy Attribute Based Encryption in Java. Available online: https:\/\/github.com\/zlwen\/cpabe-java\/."},{"key":"ref_52","unstructured":"(2021, June 25). Transaction Fields\u2014IOTA Documentation. Available online: https:\/\/docs.iota.org\/docs\/getting-started\/1.1\/references\/transaction-fields."},{"key":"ref_53","unstructured":"(2021, June 25). Sending Transactions\u2014IOTA Documentation. Available online: https:\/\/docs.iota.org\/docs\/getting-started\/1.1\/first-steps\/sending-transactions."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Singla, A., and Bertino, E. (2018, January 18\u201320). Blockchain-Based PKI Solutions for IoT. Proceedings of the 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, USA.","DOI":"10.1109\/CIC.2018.00-45"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/15\/5053\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:35:10Z","timestamp":1760164510000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/15\/5053"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,26]]},"references-count":54,"journal-issue":{"issue":"15","published-online":{"date-parts":[[2021,8]]}},"alternative-id":["s21155053"],"URL":"https:\/\/doi.org\/10.3390\/s21155053","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7,26]]}}}