Collective access management
Distributed access control for co-owned resources
More Info
expand_more
Abstract
Swiss watches are known around the world as a luxury product. Due to the fact that the product is considered a status symbol of wealth the market for counterfeit watches is a continuing concern of the industry. Historically the watches have primarily been manufactured in Switzerland. In recent years, however, manufacturing is done all over the world due to the shortage of trained labour in Switzerland. The need for managing the flow of partial products and authenticity has therefore increased. Collaboration in supply chain management allows participants to obtain the benefits of cooperation using each other's expertise to develop a product. The benefits include the sharing of knowledge or resources to create products more economically than individually. Collaboration encounters challenges such as vast geological distances between participants and large amounts of shared information. In a supply chain, many participants contribute information about a resource. In our research scenario, the resource information is co-owned by all contributing participants and includes a range of relevant information such as transportation documents and product patents. Some of this information is private and should only be shared on a need-to-know basis. In our research, we aim to design a protocol that supports the privacy of each owner's partial access decision while maintaining verifiability in a distributed system. We achieve our goal by using an owner-controlled blockchain to create a shared platform for data control and access management. A part of the platform is a network of trusted operators to evaluate the access decision for each owner. Participants on the blockchain can make requests to the operators to access information. During an access request an operator requests the relevant access policy for the request, evaluates it and sends the result to the owner. The owner validates the results by signing the partial decision if they agree with the operator. The operators collect partial decisions of the owners before reaching a final decision using a consensus mechanism. All final access decisions are stored on a blockchain for verification.
Based on a comparative evaluation of the related work, we found that, to the best of our knowledge, this is the first protocol that designs and evaluates a blockchain-based access control system with the focus on verifiable access decisions of co-owned resources. In our evaluation, we found that the protocol performed efficiently regarding time and communication complexity but had a large memory overhead. We believe that the proposed problem and protocol has relevance in the real world in scenarios where many entities contribute and need access to information regarding a shared resource.