RBAC-SC: Role-Based Access Control Using Smart Contract

The role-based access control (RBAC) framework is a mechanism that describes the access control principle. As a common interaction, an organization provides a service to a user who owns a certain role that was issued by a different organization. Such trans-organizational RBAC is common in face-to-face communication but not in a computer network, because it is difficult to establish both the security that prohibits the malicious impersonation of roles and the flexibility that allows small organizations to participate and users to fully control their own roles. In this paper, we present an RBAC using smart contract (RBAC-SC), a platform that makes use of Ethereum's smart contract technology to realize a trans organizational utilization of roles. Ethereum is an open blockchain platform that is designed to be secure, adaptable, and flexible. It pioneered smart contracts, which are decentralized applications that serve as "autonomous agents" running exactly as programmed and are deployed on a blockchain. The RBAC-SC uses smart contracts and blockchain technology as versatile infrastructures to represent the trust and endorsement relationship that are essential in the RBAC and to realize a challenge-response authentication protocol that verifies a user's ownership of roles. We describe the RBAC-SC framework, which is composed of two main parts, namely, the smart contract and the challenge-response protocol, and present a performance analysis. A prototype of the smart contract is created and deployed on Ethereum's Testnet blockchain, and the source code is publicly available.