Rogue Device Mitigation in the Internet of Things: A Blockchain-Based Access Control Approach

Powered by TCPDF (www.tcpdf.org) This material is protected by copyright and other intellectual property rights, and duplication or sale of all or part of any of the repository collections is not permitted, except that material may be duplicated by you for your research use or educational purposes in electronic or print form. You must obtain permission for any other use. Electronic or print copies may not be offered, whether for sale or otherwise to anyone who is not an authorised user. Javaid, Uzair; Jameel, Furqan; Javaid, Umair; Khan, Muhammad Toaha Raza; Jäntti, Riku


Introduction
In recent years, Internet of ings (IoT) has gathered substantial popularity and wide acceptance for low-powered communication among devices [1,2]. e IoT networks enable connectivity of physical devices via the Internet that can operate, communicate, and actuate autonomously to provide innovative services in a wide array of applications [3]. It is expected that, by the end of the year 2020, almost 50-100 billion devices will be connected to the Internet [4]. ese devices would require unconventional and dynamic methodologies to support ultrareliable low-latency communication (URLLC) and enhanced mobile broadband (eMBB) services [5,6]. Furthermore, there would be a need for novel security mechanisms to ensure the integrity and authenticity of the data.
e interconnection of such a sheer number of devices will inevitably introduce security issues into an IoT-based system as IoT devices are generally resource-constrained in memory, energy, and computational resources, which exacerbate the architectural and security challenges of IoT [7,8]. To cope with the security issues of IoT networks and prevent future network breaches, several approaches and solutions have been proposed. For instance, some key exchange schemes have been proposed to provide resilience against different kinds of attacks, where key management is concerned with the generation, storing, and exchange of the keys. Moreover, mechanisms like authentication provide resistance against man-in-the-middle (MITM) and impersonation attacks [9,10].
With the rise of Bitcoin and cryptocurrency in general, the concept of distributed blockchain databases has received significantly wider attention. is is because a wide range of distributed applications can be built based on the distributed infrastructure of blockchain. One unique variant in this regard is the Ethereum blockchain platform, which includes a Turing-complete programming framework with system state information to realize the so-called smart contracts [11]. Furthermore, the blockchain facilitates a resilient and highly distributed ledger for recording transactions, attributing them to a specific node in a network, and ordering them relative to time. is phenomenon is made possible through a process known as mining, whereby a large number of dedicated high-powered computers running applicationspecific integrated circuits (ASICs) process the transactions in real time. e miners compete with each other for a small fee in addition to a subsidy in the form of a cryptocurrency or token. Moreover, data is permanently recorded in the blockchain network through a data structure called blocks.
us, a ledger of past transactions is called the blockchain as it is a chain of blocks that serves to confirm the transactions to the rest of the network [12].
Security protocols in IoT networks are still in a primitive stage and only make use of HTTP, MQTT, and XMPP protocols for routing the messages [13]. With blockchain technology, the issues of key distribution and management are completely solved due to the global unique identifier (GUID) of each IoT device.
is would eliminate the handshake procedures and exchange of PKI certificates for communication among IoT devices, thus, leading to a smoother communication experience. Blockchain technology in IoT networks acts as a tool to execute a system of contracts focused on the application of value exchange [14]. Furthermore, there is a multitude of applications that can be run alongside, or in conjunction with, the blockchain-enabled IoT networks, which takes advantage of the large amount of computing power or computational effort generated by the dedicated mining machines. In the next section, we review some of the recent literature in the domain of blockchain-enabled IoT networks.

Literature Review.
Research in IoT has recently received worldwide attention such that [7] highlights various challenges in IoT environments and identifies the following avenues for future research directions: architecture and dependencies, creating knowledge and big data, robustness, scaling, privacy, human-in-the-loop, and security in particular. is is because dealing with security attacks is one of the major problems that are prevalent on the Internet [13].
is is deeply problematic for IoT since its operation depends on the Internet connectivity. Moreover, we can define a blockchain as an online and distributed ledger that primarily consists of a list of blocks. Each block is an ordered record of application relevant data and a hash of the preceding block. is enables a system to achieve transparency in its operation and makes a blockchain highly resistant to data tampering. To achieve synchronization of the ledger, different consensus algorithms are used for sharing control across the blockchain network. is contributes to overall increased robustness. erefore, many applications have adopted it to provide trust-free and decentralized solutions. e authors of [14] provide a survey of existing blockchain-enabled IoT solutions for permission-less trading in the network. In another work [15], the authors propose a secure signing mechanism for ensuring the integrity of data. e proposed solution makes use of hash-based signing which is more efficient when compared to the existing approaches. e study in [16] proposes SMACS, which is a smart contract access control service. SMACS offloads the burden of expensive access control validation and management operations to an off-chain infrastructure, while only implementing the lightweight token-based access control on a blockchain. Moreover, healthcare is quickly adopting new technologies like artificial intelligence to automate the different modules in a standard clinical workflow for radiation oncology [17,18]. However, machine learning models are data demanding meaning that abundant data is required for optimal learning, where well-annotated medical data is scarce [19]. In a typical setting, data is collected at a single/different institute(s) and subsequently shared with others as per collaboration agreement. is traditional approach of data sharing is time consuming as it normally requires a centralized database, which is created and maintained by the host institute. Data sharing using blockchain can address this problem. e authors of [20] perform similar studies for private blockchain networks. More specifically, a practical byzantine fault tolerance protocol is proposed. is is an efficient protocol that allows devices to operate even if 33% of the nodes are honest while the rest 66% of nodes become rogue or malicious. e authors of [21] propose a novel approach called Enigma. It is a decentralized platform for guaranteeing the integrity and security of the collected data. e sensitive information in Enigma is stored in an off-chain database with strong encryption that mitigates the impact of cyberattacks. Similarly, a blockchain-based consent model for health data sharing platforms is also discussed in [22].
For smart home applications, the authors of [23] propose a new IoT authorization stack protocol in which the devices are connected to the cloud for exchanging commands with a mobile user. e proposed solution addresses the security leakage issues in an untrusted cloud communication architecture. In a similar work [24], the authors focus on the centrality of blockchain nodes to manage and monitor the IoT devices. Some interesting proposals for private blockchain networks are also provided in [25,26], wherein the authors created a threat model for evaluating the security protocols. ey demonstrated that the intrusion detection systems based on techniques like anomaly behavior analysis can prove quite useful against cyberattacks in IoTnetworks. Following the same approach, the authors of [27] point out different vulnerabilities and provided solutions for IoT networks.
To ensure the security and integrity of IoT networks, the authors of [28] provide a proof-of-concept implementation of a distributed ledger technology. is was done on multiple Raspberry Pi devices connected to the network in a realistic communication environment. An unclonable solution (used in key management and generation) for low-powered IoT devices and vehicular networks is proposed by [29][30][31]. Later, an extension of the same was provided in [32,33], which eliminated the high-cost process of key generation. Quantum security solution for distributed ledger technologies has also been explored in [34]. ey propose a onetime signature for reducing the signature time cost and size by 75% and 76%, respectively. e security issues of blockchain-enabled IoT networks for industry 4.0 have also been considered by many studies [35][36][37], in which different integration challenges and recommendations were highlighted by the authors.

Motivation and Contribution.
To help solve and address the aforementioned limitations, we propose a blockchainbased access control scheme for IoT that works in conjunction with smart contracts and achieves distributed and trustworthy access control in an IoT system. Blockchain is used to provide a device registration mechanism via its Public Key Infrastructure (PKI) framework as well as for distributing the control within the network, while smart contracts are used to implement the access control functions with Access Control List (ACL). Moreover, a higher computing capability with lower computation cost for establishing the access control methods is achieved by using smart contracts as opposed to [38][39][40]. In this backdrop, our work employs blockchain technology for providing access control in IoT networks. More specifically, this paper introduces a scheme for decentralized IoT access control. is is established by integrating the traditional device-to-server communication infrastructure with blockchain and smart contracts. To summarize, the blockchain offers a safe and secure device registration mechanism with its PKI, while the smart contracts enforce the access control functions by using an ACL mechanism. us, this paper makes the following contributions to the state of the art: (i) A novel blockchain-based decentralized IoT access control scheme is proposed. e proposed scheme makes use of the registration platform to register or remove a device in the network. (ii) e ACL mechanism is designed to authorize registered devices only. e integration of ACL mechanism with the proposed scheme mitigates the impact of rogue devices in an IoT network. (iii) A comprehensive analysis with a state-of-the-art blockchain-based IoT access control scheme is provided. e results demonstrate the feasibility and superior performance of the proposed scheme.

Paper
Organization. e remainder of the paper is organized in the following way. Section 2 describes the IoTblockchain model while Section 3 explains its operation. Section 4 presents the security analysis of the proposed scheme. Section 5 details its performance evaluation along with its relevant discussion and a comparative analysis. Finally, Section 6 presents the concluding remarks with potential directions for future research.

IoT-Blockchain Model
is paper presents a blockchain-based access control scheme for IoT that operates in conjunction with smart contracts. e scheme is based on Ethereum [41], a variant of blockchain technology that allows decentralized applications (DApps) to be built atop blockchain along with their corresponding states, which is composed of objects called accounts that have the following fields [41]: (i) A 20-byte address (i.e., ID) (ii) A smart contract code that may be empty (iii) A balance of Ether used to pay transaction fees (iv) A nonce so that each transaction is processed only once Furthermore, a state in Ethereum refers to the current data present in the blockchain, whereas a state transition occurs whenever a transaction occurs. Additionally, there are two types of accounts in Ethereum: (a) Externally owned account (EOA): these are user accounts managed with PKI (b) Contract: this is a computer program, and its corresponding account has its code and is controlled by the same Furthermore, by sharing data across the blockchain and committing transactions, the smart contracts can be executed in a decentralized manner. is adheres to their integrity and enables their transparent execution. Besides, there exists a gas limit for each transaction and process within Ethereum, where gas is an analogous word for "resource," i.e., a certain amount of gas for a function means that its execution has that much of resource to use. erefore, IoT devices have to use very negligible amounts of gas for their operation. It can be interpreted as a cost factor for the IoT devices but it also ensures security by limiting the devices to generate only as many requests as the amount of gas that they have [42]. Figure 1, the IoT-blockchain model consists of seven core components. us, the details of these components are provided herewith:

Network Model. As shown in
(1) Server. It represents a device or a set of devices that is responsible for providing different kinds of services to users and devices of the IoT-blockchain network. Moreover, the server is the host of the IoT-blockchain network; i.e., it initiates a blockchain with the first block but instead of being centralized, servers are decentralized here. is way, the servers act as the trusted hosts since they hold the genesis block that is trusted by all users and devices in the network.
Moreover, they may employ permissionless or permissioned consensus protocols to enable interactions between them and the network constituents that include and are not limited to collecting data, processing, querying data from, and/or writing data to storage devices. (2) Miner. It represents the volunteers of the IoTblockchain network, i.e., miners. ey are mainly responsible for solving the PoW puzzles and mine new blocks. us, they provide the computing power required by the proposed scheme to operate.
(3) Smart Contracts. It represents the computer programs or codes that act as the regulatory bodies in the proposed scheme, i.e., the smart contracts. ey enforce the access control functions and host the ACL. us, they are responsible for registering and removing devices as well as authorizing them. is way, they can block rogue devices and mitigate their impact. (4) User Device. is represents user setups that include and are not limited to PCs, laptops, and smartphones. A user can conveniently check and enjoy the services provided by the servers in the network using these devices, as well as read data from or write to the storage devices of the network. (5) IoT Device. is represents the things, i.e., devices that are responsible for sensing, processing, and communicating data to the server via gateways. ey may also read data from or write to a storage device as well as send control signals to actuators which in turn may operate another device.
(6) Gateway. is represents the service agent for IoT devices in the network. e devices can use the gateways for communication; i.e., it provides network connectivity to them via short-range communication technologies and protocols such as Bluetooth, Wi-Fi, and Zigbee. Moreover, a gateway may also provide additional functionalities such as data aggregation and specific security features. us, different gateways may be used for different types of devices or a single gateway can also be used for a range of devices, thereby, forming a device cluster. (7) Storage. It represents the reading and/or writing processes of data to storage devices, which may be permanent like read-only memory (ROM) or temporary like random-access memory (RAM). us, different data types (e.g., JSON, XML, CSV, etc.) can be written on them such that they can be used by other devices in the network.

System Assumptions.
e proposed scheme uses the following system configurations and assumptions: (i) e scheme uses a proof-of-work (PoW) consensus algorithm for its operation. (ii) All peers (servers/miners) have a blockchain account that allows them to claim a deployment instance of a smart contract during system initialization and, subsequently, identify themselves as the trusted hosts. (iii) An adversary/a group of adversaries cannot compromise the blockchain such that peers are not  resource-constrained and control more than 50% of the total computing power. (iv) Elliptic Curve Cryptography (ECC) with the Elliptic Curve Digital Signature Algorithm (ECDSA) is used to generate the account addresses (IDs) for both IoT devices and peer nodes. (v) Gateways act as the agents of IoT devices and are responsible for storing their accounts. It is assumed that gateways are physically accessible as well as secure, which makes them unlikely to be compromised. us, they can be trusted as agents. (vi) All peer nodes are assumed to be synchronized on the same blockchain block.

reat Model.
We consider a threat model where the objective of an adversary is to compromise the proposed access control scheme by exploiting a security loophole and gain unauthorized access into the system with his/her rogue device(s), which are just plain malicious in nature by definition. Note that the loophole can include endpoint vulnerabilities, malfunctioning hardware, and "bring your own device" (BYOD). us, by compromising the system with weak access control setup, the adversary intends to execute different kinds of cyberattacks on the system, which may include impersonation, resource depletion, sinkhole, denial of service (DoS), distributed DoS (DDoS), birthday, and spoofing. is presents serious security implications: if an adversary successfully enters into a system, he/she can target its specific components to steal information or disrupt the network operations, or in rare cases, permanently damage the whole system. erefore, effects of rogue devices and devices exhibiting rogue behavior must be mitigated.

Blockchain-Based IoT Access
Control Scheme e proposed scheme uses ECDSA for generating distinctive IDs for IoT devices and the peer nodes. e smart contracts maintain the ACL and can differentiate between registered and rogue devices. us, with the ACL mechanism, each device is required to first register itself with the network using its ID, which is handled through gateways. e registration process will generate a unique ID for each device, which can be used to interact with other devices or peers. ese interactions are enabled by the contracts by using ACL. Note that the contracts are hosted by the nodes that deployed them, i.e., peers. us, the smart contracts act as the regulatory bodies of the scheme and are responsible for facilitating secure communication between devices and peers. For this purpose, the contracts provide the following ABIs: deviceAdd: it functions to register a new device using its ID and store it in the ACL. Note that the ID here represents the 20-byte address of the IoT device which is used by this ABI to list the device name in ACL. deviceDelete: it functions to rescind the access of a device by removing it from the ACL. Similar to deviceAdd ABI, it also requires the 20-byte ID of the device to match against the ACL and remove it thereafter. sendMessage: this is the enabler of communication with smart contracts. It functions to fetch and return the address of a contract to a device; i.e., if a device wants to send a message, it needs to interact with a contract instance in the network via this ABI. accessControl: it is the core ABI that is responsible for authorizing and blocking devices with the application of ACL. For this purpose, it first checks if a device is registered in the ACL. us, whenever a device calls this ABI to authorize its current access request, it will start the validation process to check the validity of the request according to Algorithm 1, where access(d s [n]) is the access control routine of contracts, request(d s [n].node) represents a message generated by an IoT device (subject), d s represents a set of subjects, and ACL is the access control list hosted by the contracts. us, this ABI allows the requests of registered devices only and blocks rogue ones, thereby, limiting their impact.
It is worth noting here that only the smart contract creator can add, delete, or update the definitions of these ABIs. erefore, access control permissions must be carefully considered while designing them.

Mining Operation.
To handle the requests (we refer to them as transactions) generated in the IoT-blockchain network, miners (block producers) need to generate blocks efficiently with the optimal time cost. erefore, they need to complete the following steps: (i) collect, verify, and combine the transactions into a block and mine it; (ii) broadcast the mined block to reach a consensus in the network and append it to the blockchain as the latest block.
We now formulate the miners in our proposed scheme. Let us assume that there are N peer nodes and M miner nodes in the network, where peer nodes represent both miners and servers. Moreover, the set of peer nodes is represented by N � n 1 , n 2 , . . . , n N , where the computing power of node n n , n � 1, . . . , N is represented by Υ n , respectively. Note that Υ � Υ 1 , Υ 2 , . . . , Υ n is used here to represent the set of computing power of the network. us

Degree of Decentralization.
is paper introduces a novel way to measure the degree of decentralization in the proposed scheme by using Gini coefficient (G); it is well studied as a measurement for inequality of wealth or income [43]. Due to its accuracy in evaluating inequality, G has been employed in many fields that include and are not limited to capturing contrast intensity [44], system fairness [45], and resource difference degree [46]. For further details on G, we direct the reader to Appendix A.
us, we measure the decentralization of our scheme by considering the distribution of computing power among the miners. To formulate Mobile Information Systems this, G for miners with respect to (w.r.t.) computing power distribution can be calculated by in the following way: e values of G are within the range [0, 1], where 0 denotes full decentralization while 1 denotes the opposite (full centralization), respectively. Using this formulation, we can observe that the more uniform or decentralized the distribution of computing power is, the closer G is to 0. Figure 2 describes the decentralization performance of the proposed IoT-blockchain scheme. Different from [47], where decentralization performance of a blockchain is measured by the number of miners, a more general metric, G, is used here to capture the degree of decentralization w.r.t. the computing power distribution among miners. It can be seen from the figure that as the threshold of G decreases, the Lorenz curve gradually approaches the line of ideal decentralization, thereby, making the blockchain more decentralized. Note that Lorenz curve details are given in Appendix A. is demonstrates that G is an effective metric that can be used to measure the decentralization degree of blockchain-based systems. Similarly, G can also be calculated for other aspects of a blockchain quantitatively.

Security Analysis
is section presents the security analyses of the proposed scheme by discussing the following factors.

Distributed Servers.
Traditional IoT systems primarily rely on a centralized cloud server that is responsible for managing IoT devices and handling the majority of the computation and decision operations. Although a cloud server may in reality be replicated for authentication and decision processes, the system can still be considered as a single entity. is presents us with a serious security concern; i.e., the whole system can be potentially compromised if an adversary gains access to the server. us, the proposed scheme eliminates this concern by distributing the computation resources among miners. is results in high-security fidelity and enables a system to continue operation even if one or more of its peers cease to operate. Moreover, by distributing the computation in this manner, the resources required by a server can be relaxed. is will likely result in a situation where adversaries will consume mainly their resources to perform any malicious activity or attack.

Trust-Free System Operation. A typical IoT system
operates on trust which is normally established via third parties that work as the middlemen between the devices and the server. ese third parties have their associated costs in terms of labor and latency, where centralized IoT systems have to pay as trust a key security requirement for reliable network operation. e proposed scheme eliminates this reliance since it does not require any intermediary to guarantee its operation [48]. Moreover, a PoW distributed consensus protocol is used instead, which allows the network to reach consensus, and, thus, trust-free system operation is realized.

Rogue Device Mitigation. A conventional
IoT system usually lacks a device registration mechanism for effectively handling the devices. By using the ACL mechanism in the proposed scheme, the smart contracts authorize each device whenever they generate a request. us, when a device sends a message, it is checked against the ACL and granted access only if it is registered in it. is way, the proposed scheme can establish a defense mechanism against rogue devices and, therefore, mitigate their impact on the IoT-blockchain system.

Shorter Key Lengths.
e authenticity of messages in the proposed scheme is guaranteed via digital signatures by using ECDSA [49]. is ensures data integrity; i.e., data can be sent by registered devices only. For its feasibility, we present a comparison between ECC, Rivest-Shamir-Adleman (RSA), Digital Signature Algorithm (DSA), and Diffie-Hellman (DH) in Table 1 [49,50]. We can observe that for an 80-bit strength of a system's security, ECC needs only 160 bits while all of the other algorithms need 1024 bits. Similarly, for a 256-bit strength, ECC needs 521 bits compared to 15360 bits needed by the others. is proves that ECC needs shorter key lengths when compared with the other cryptographic algorithms to achieve similar security strength levels. is helps reduce the overhead in our scheme as smaller key lengths translate into lower computational overhead [51]. e quintessential factor of our scheme is the employment of blockchain technology in it. erefore, it is of paramount importance to guarantee its security. For this purpose, let us consider a case where an adversary A tries to create a dishonest chain faster than the honest chain. Note that the honest chain is hosted by the honest miners in the proposed scheme and we assume that they always control more than 50% of the total computational resources. Moreover, we say that A wants to catch up with the honest chain (we say i blocks behind) and, therefore, be able to invalidate it with his/her dishonest chain. us, the probability that A catches up from i blocks behind the honest chain is analogous to a Gambler's Ruin problem. Let us consider a player who starts to play with unlimited credit at a given deficit. e player potentially plays an infinite number of trials and tries to reach a breakeven point. en, the probability that A ever reaches breakeven, or in other words, that A ever catches up with the honest chain can be represented as [49] where q represents the probability that A finds the next block, p represents the probability that an honest miner in the IoT-blockchain network finds the next block, and Q i is the probability that A will catch up with the honest chain from i blocks behind. is is visually illustrated in Figure 3 that confirms the infeasibility of this attack as long as the honest miners have more than 50% of the total computing power. It can be seen that for values p � 1, 0.9, 0.8, 0.7, 0.6, Q i exponentially decreases with the increasing number of blocks of deficit. To elaborate, immediately after just 10 blocks, Q i reduces to 0. Moreover, for the average value p � 0.5, Q i increases to 1, which signifies again that whoever in the IoT-blockchain network controls more than 50% of the total computational capacity, controls the blockchain. However, given our assumption p > q, Q i exponentially drops with the increasing number of blocks of deficit A has to catch up.

Performance Evaluation
For evaluating our scheme, we realized its implementation by designing a smart contract in Solidity which is the programming language for writing smart contracts. Subsequently, simulations were conducted to validate the  : Quantifying the degree of decentralization performance of miners in a blockchain-enabled IoT network. e Gini coefficient here signifies how the distribution of computing power is made among the miners, i.e., whether it is in a centralized or decentralized manner. It can be seen that as the coefficient increases, the performance worsens and is more inclined towards centralization. interactions and access control functions between subject-object pair nodes.

Setup.
We conducted the simulations using a PC setup with Ubuntu OS on virtual machine client, Oracle VM VirtualBox. Subsequently, the shell scripting environment of Terminal was used for verifying the access control functions. e specifications of the PC were Intel ® Core ™ i7-7700HQ CPU @ 2.80 GHz (8 CPUs), 16384 MB RAM, NVIDIA GeForce GTX 1060 with 6052 MB memory and 1024 GB HDD + 128 GB SSD of storage. Moreover, the nodes were instantiated using the Ethereum Go client (Geth) according to Algorithm 2. Note that Geth is a command-line interface (CLI) implemented in the Go language for Ethereum development purposes. us, separate nodes were used to simulate the subject-object pair interactions with the distributed contracts. Furthermore, the contracts were written and compiled using the Remix integrated development environment (IDE), a browser-based IDE for Solidity, where an outlook of Remix IDE console can be seen in Figure 4. Note that the contracts are deployed at the object side as the blockchain is hosted by the objects.

Deployment Cost.
e cost of performing a task in the Ethereum platform is measured in terms of gas, i.e., for every operation executed in Ethereum, there exists a specified gas cost. Gas is measured in wei and is equal to 1 wei � 10 − 18 ether. us, we can observe that the more complex a task is, the more gas it will require. e gas consumption estimates for the proposed scheme are as follows: the amount required for deploying the contract is 985200 while that for executing it is 21128.

Experiments.
Once the subject-object pair nodes are initialized and the contracts are deployed at the object nodes (we refer to them as server), interaction is now possible with the contract from the subject nodes to simulate IoT-server interactions. us, the access control results of the proposed scheme are summarized in Figure 5 as follows: the mining of the contract instance for its address by an object node can be seen in Figure 5(a), whereas the functions used in the proposed scheme are demonstrated in Figure 5(b). It can be seen that a subject node with address 0x c7d9 2270 5023 924b 2073 16bc 7fec f794 f608 020a is first registered in the ACL by the contract and then authorized for a message it sends as well as it is subsequently removed and unauthorized. Finally, Figure 5(c) shows the interactions between a subject-object pair node. is demonstrates and confirms the functions of the proposed scheme.

Comparative Analysis.
is paper compares its scheme with the state-of-the-art scheme [39] that presents a similar contract-based access control mechanism for IoT. A summary of the comparison results is documented in Table 2. e authors in [39] design their scheme with three smart contracts that include multiple access control contracts (ACC), judge contract (JC), and register contract (RC). e operation of their scheme is defined in the following way: (i) ACC is responsible for enforcing one access control method at a time for a subject-object pair. It also checks and keeps into account the behavior exhibited by a subject. (ii) JC is responsible for subject behavior management based on the reports of ACC. It also provides functions (e.g., register, update, and delete) to manage the subjects. (iii) RC offers a storage hub for the scheme; i.e., it is responsible for storing ACC and JC contracts together with the methods associated with them (access control and subject behavior monitoring). Moreover, [39] does not particularly emphasize on rogue device mitigation, which limits its application and feasibility. It also fails to explain the decentralization degree of miners in a blockchain-enabled IoT network.
In contrast, the proposed scheme establishes the same access control methods by using only one contract with a significantly lesser cost of execution. It manages the malicious behavior of devices via an access control list, which blocks and mitigates the impact of rogue devices. is way, the scheme ensures network reliability by only allowing registered devices to communicate. Furthermore, it discusses the decentralization degree of miners in an  : e user interface console of Remix, which is an IDE that is predominantly used in Ethereum to design and compile a smart contract. It offers different settings for analysing and debugging a contract as well as study the execution costs associated with it. e account field represents the address of the contract while the gas limit represents its execution limit among other parameters.

Conclusion
is paper investigated the shortcomings of providing access control to devices in a traditional IoT-server communication-based model and presented a blockchain-based access control scheme to mitigate the impact of rogue devices in IoT environments. e proposed scheme uses blockchain in conjunction with smart contracts to provide a secure registration platform for IoT devices. It is also able to distinguish between registered and rogue devices via the application of access control list. To demonstrate the feasibility of the proposed scheme, a security analysis was presented. Additionally, a performance evaluation along with a comparative analysis was also performed for providing access control in a blockchain-based IoT network, which confirms the improvement of the scheme in achieving decentralized IoT access control.
It is noteworthy here that although the results provided in this paper demonstrate the feasibility of the proposed scheme, it can be improved and extended in a number of ways.
Future studies can focus on integrating machine/deep learning techniques to further mitigate the impact of rogue devices in IoT networks. For instance, neural networks can be trained on real data to better identify the attributes of rogue devices and facilitate in providing safeguarding measures together with decentralized access control. e obtained results can also be improved by adopting data sharing and power-domain nonorthogonal multiple access techniques for applications in 5G and beyond. e proposed scheme can be used with resource allocation in cyberphysical systems. For instance, a device can be considered as a subject, which is registered with the network, that requires resource assignment for application-specific purposes, e.g., edge computation offloading. Transaction fees in traditional blockchain platforms remain an open issue that needs to be addressed. erefore, the proposed implementation can be extended to such platforms where transaction fees are not required. e applicability and feasibility of the proposed scheme can be studied under different consensus protocols of blockchain technology, which will subsequently help identify the applicability of such protocols for providing decentralized and trust-free access control in IoT.
ese interesting yet challenging approaches to access control are some of the potential future research avenues that will eventually be discussed and addressed in future studies.

A Gini Coefficient
e Gini index or Gini coefficient is a statistical measure of distribution which was first introduced in 1912 by the Italian statistician Corrado Gini [43]. It is primarily used as a gauge of economic inequality and measuring income or wealth distribution among a population. e index ranges from 0 to 1 (or 0-100%), with 0 representing perfect equality and 1 representing perfect inequality. Moreover, there are two commonly accepted definitions of the Gini coefficient. e first definition is based on Lorenz curve which plots the proportion of the total income of population (y-axis) against the cumulative share of income earned by the population (x-axis). erefore, the Gini index can be defined as a ratio of the areas area(A)/area(A + B) [45,46] (an illustration for reference is presented in Figure 6). Using this argument, we can deduce from the figure that the Gini index can be interpreted as the degree of deviation from the line of ideal decentralization. e second definition is defined as "half of the relative mean absolute difference," which is mathematically equivalent to the definition of Lorenz curve [52]. e mean absolute difference can be calculated by the average absolute difference of all pairs of people in a population, while the relative mean absolute difference is simply the mean absolute difference divided by the relative average. erefore, the expression of Gini coefficient can be given as [44,52] G � where x i is the wealth or income of person i while n is the total number of persons. us, this paper uses this definition to calculate the Gini coefficient for measuring the degree of decentralization in a blockchain-enabled IoT network.

Data Availability
No data were used to support this study.