National Institute of Standards and technology issues Blockchain for Access Control Systems NISTIR 8403
May 27, 2022 |
The National Institute of Standards and Technology (“NIST”) has issued a guideline Blockchain for Access Control Systems.
The abstract provides:
The rapid development and wide application of distributed network systems have made network security – especially access control and data privacy – ever more important. Blockchain technology offers features such as decentralization, high confidence, and tamper-resistance, which are advantages to solving auditability, resource consumption, scalability, central authority, and trust issues – all of which are challenges for network access control by traditional mechanisms. This document presents general information for blockchain access control systems from the views of blockchain system properties, components, functions, and supports for access control policy models. Considerations for implementing blockchain access control systems are also included.
Blockchain systems provide an alternative (or complimentary) system for reliability, security, accountability, and scalability for AC systems. Blockchain characteristics – such as transparency, distributed computing/storage, and a tamper-evident/tamper-resistant design – help to prevent AC data from being accessed or modified by malicious users. Access logs are also recorded in blocks that allow for the detection of malicious activities. Blockchain system components and their advantages for AC systems are:
- A node is an individual computer system within a blockchain which is called an AC node within the AC network. AC nodes include:
- lightweight nodes (i.e., a node that does not store or maintain a copy of the blockchain),
- full nodes (i.e., a node that stores the entire blockchain and ensures that transactions are valid), and
- publishing nodes (i.e., a full node that also publishes new blocks).
- A block contains trustable and tamper-resistant AC data as well as a history of access logs without third parties or centralized management. Distributed blocks solve the single point of failure problem and provide information for distributed architectures, which often involve a much larger set of AC entities or organization. Distributed ownership of blocks is necessary because of possible trust, security, and reliability concerns that are associated with the centralized management of AC enforcement or AC data ownership.
- Full blockchain nodes;
- are a repository of AC data and logs of blocks
- can also store objects.
Blockchain contents are tamper-evident and tamper-resistant.
- A smart contract is an event-driven computer program distributed to and executed by AC nodes to facilitate and enforce AC processes (i.e., authorisation processes and AC data transitions) between them without going through a trusted third A smart contract can perform calculations, store data in storage spaces, expose environment conditions to reflect the current system state via callable functions, and – if appropriate – automatically send data or function calls to other smart contracts. Adding a smart contract to a block means executing code and updating the AC state (i.e., previous access permissions, environment conditions, and system status) accordingly. The smart contract code is also tamper-evident and tamper-resistant. It is copied to each AC node to reduce human error and avoid disputation, thus providing a secure way to specify AC policies and transform the authorization process into a distributed execution. Such a capability works especially well for a system that requires each distributed AC entity to perform local authorization so that the authorization chain can be verified in a decentralized manner.
- A consensus mechanism ensures that only valid transactions are recorded on the blockchain. Different kinds of consensus mechanisms can be used for AC systems, including proof of work (PoW), proof of stake (PoS), and single committee-based [LQLL]. For mandatory AC (MAC) policies, the integrity and consistency of AC administrations are maintained by consensus mechanisms configured for permissioned blockchains. Consensus mechanisms configured for permissionless blockchains are crucial for discretional AC (DAC) policies due to the dynamic management requirement for scalability and decentralization of the system
Regarding access control:
- it is concerned with determining the allowed activities of legitimate users and mediating every attempt by a user to access a resource in the system.
- access control systems are described in terms of protecting system resources against inappropriate or undesired user access.
- there is need for an access control mechanism to support the requirements of decentralization, scalability, and trust for accessing objects, all of which are challenging for traditional mechanisms.
For those who do not know what Blockchains are the NIST paper provides a very useful description stating:
- it is tamper-evident and tamper-resistant cryptographically linked blocks of data (which create digital ledgers) implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government).
- it uses replicated, shared, and synchronized digital blocks between the users of a private or public distributed computer network located in different sites or organizations.
- it can be utilized for access control systems as a trustable alternative for a single entity/organization or a member of a large-scale system to enforce access control policies.
- the robust, distributed nature of blockchain technology can overcome the limitations of traditional access control systems in a decentralized and efficient way.
- it is supported by:
- tamper-evident and tamper-resistant design which:
- prevents the alteration of access control data (i.e., attributes, policy rules, environment conditions, and access requests) and access control logs (i.e., request permissions and previous access control data) and
- reduces the probability of frauds.
- authorisation processing which is decentralised, and
- the storage of access control data/logs having no single point of failure, thus providing more system tolerance and
- the traceability of blocks allows access control data/logs and system states to be seen and
- the execution of arbitrary programs in smart contracts allows for controls on distributed access control data and authorization
- Consensus mechanisms and protocols which jointly regulate the participating access control entities/organizations in determining policy rules through blocks or smart contracts
- tamper-evident and tamper-resistant design which:
On a more detailed level the Blockchain’s advantages are that it:
- removes control from a centralized system and provides flexibility in AC data management and AC processes, such as workflow control or localization control, and thus avoids possible leakages or faults of access privileges by excessive powers of centralized server
- Increases performance for managing a large number of subjects and objects, such as IoT AC systems, where each IoT device is an AC node of an AC entity or organization
- allows for the enforcement of flexible, fine-grained, and responsive policy by transferring or propagating access privileges from one AC node to others through smart contract functions
- supports communication between subjects, AC administrators, and protocols for the administration of heterogeneous AC policies and security analysis
- avoids tampering and single points of failure (e.g., caused by network attacks like distributed denial-of-service (DDoS)) to increase integrity, availability, and traceability through recording, distributing, and storing AC data and log information in the blockchain. However, as all subjects can see all entries in the blockchain, privacy can be an issue for this capability
- dispenses heavy and complex authorization or management tasks between AC nodes to enhance performance and scalability, as well as decrease the cost and responsibility of administration traditionally assigned to central or third-party services