With the dramatically increasing deployment of intelligent devices, the Internet of Things (IoT) has attracted more attention and developed rapidly. It effectively collects and shares data from the surrounding environment to achieve better IoT services. For data sharing, the publish-subscribe (PS) paradigm provides a loosely coupled and scalable communication model. However, due to the loosely coupled nature, it is vulnerable to many attacks, resulting in some security threats to the IoT system, but it cannot provide the basic security mechanisms such as authentication and confidentiality to ensure the data security. Thus, in order to protect the system security and users’ privacy, this paper presents a secure blockchain-based privacy-preserving access control scheme for the PS system, which adopt the fully homomorphic encryption (FHE) to ensure the confidentiality of the publishing events and leverage the ledger to store the large volume of data events and access crossdomain information. Finally, we analyze the correctness and security of our scheme; moreover, we deploy our proposed prototype system on two computers and evaluate its performance. The experimental results show that our PS system can efficiently achieve the equilibrium between the system cost and the security requirement.

1. Introduction

With the rapid development of Internet of Things (IoT) in recent years, IoT devices deployed in application scenarios such as smart grid, smart city and smart home have increased sharply [13]. It was estimated that there will be over 24.9 billion IoT devices connected to the Internet by 2025 [4]. These interconnected mass terminal devices store and forward data to better realize system functions. As an attractive communication paradigm, publish-subscribe (PS) system can be used to build distributed data sharing across the Internet by separating the sender from the receiver. However, due to the loose coupling between publishers and subscribers, it is a challenge to provide security mechanisms such as authentication and confidentiality among each domain of the IoT [5]. Thus, we need to find out a method to ensure the data is only delivered to eligible subscribers who are interested and protect the confidentiality of the published events and the privacy of sensitive information in the process [6, 7].

Access control technology can protect the confidentiality, integrity, and availability of PS service and user data in the traditional IoT PS system. However, the traditional access control schemes cannot be used directly to provide fine-grained and scalable requirements for publish-subscribe systems [8]. The original publish-subscribe model relies on a trusted third-party broker such as MQTT [9], LooCI [10], and NesC [11], where data from all devices flows to subscribers through a central broker. Such a centralized architecture makes the PS model have the following disadvantages: (i)The centralized architecture is vulnerable to a single point of failure. Since the broker is a centralized server, which coordinates the communication between the publishers and subscribers, if the server fails or is attacked by a malicious adversary, it may cause a large amount of sensitive information be compromised, thus threatening the privacy of the users and even making the whole system down(ii)The semitrusted broker may be immoral, and it may lead to unauthorized access, abuse, and tampering with data(iii)Since centralized servers rely on computationally greedy encryption algorithms, this is not suitable for computing resources-constrained IoT devices

Therefore, a novel decentralized PS model needs to be designed to address these issues. Due to the advantages of decentralization, anonymity and nontampering of records of blockchain [12, 13], it can provide reliable subscription record storage, subscription content forwarding, and subscription information verification for the PS system. The application of blockchain in the PS system has the following benefits: (i)Decentralization: the published encrypted data and the subscription records are stored in blocks in the distributed ledger, and the consistency of network records is maintained through the consensus mechanism. Due to the decentralized nature of blockchain, it can increase the fault tolerance and antiaggression of the system, thus avoiding the impact of a single point of failure(ii)Anonymity: all subscription contents are stored in the blockchain in an encrypted way, and the subscriber can access the data through its public key address. However, malicious users can only link to the public key address through hash pointer but do not know the real identity of the users(iii)Nontampering: the subscription information is added to the blockchain after consensus verification, and then it will be recorded by all nodes together and related to each other through cryptography; so, tampering the data is very difficult and expensive

In order to solve the mentioned challenges in the PS system, this paper designs a novel blockchain-based PS model and proposes an access control mechanism based on the fully homomorphic encryption (FHE) algorithm [14] to protect the privacy of data sharing among multiple domains in the IoT. The proposed model mainly includes four entities: publishers, subscribers, broker based on private blockchain, and consortium blockchain, where publisher is responsible for publishing specific encrypted data, and subscriber receives related content by subscribing to the interested topics. Each broker based on private blockchain is composed of multiple distributed and decentralized gateway devices, and it only serves a subset of IoT devices to match user needs, delivers subscription content, and stores the subscription records, whereas the consortium blockchain connects private blockchain to facilitate crossdomain data sharing.

It is noteworthy that with the dramatically increasing of mobile services and applications, the broker needs to be equipped with more computing and storage capacity, but IoT devices are usually resource constrained, and they cannot bear the resource consumption caused by complex verification calculation of blockchain; so, we mitigate this problem by using edge computing. Edge computing utilizes nearby edge servers to bring real-time computations and communications [13, 15, 16]. As one way to process data at the network edge, it greatly expands the capacity and feasibility of terminal devices. In our model, we make full use of the private blockchain that has been formed through the gateway in [17], and then use the edge servers to create the consortium blockchain and perform FHE. By this way, it can provide publishers and subscribers with effective privacy protection. Our contributions are as follows: (i)We propose a blockchain-based PS model for data sharing among multiple domains of IoT. This model eliminates the disadvantages of traditional PS model based on centralized broker and can make full use of consortium blockchain to carry out crossdomain subscription services in the large-scale IoT(ii)We combine edge computing to provide computing power for data validation and all cryptographic computations and make it possible to deploy blockchain in the resource-constrained IoT. In addition, the cryptographic accumulator is used to quickly verify whether the subscription information on the one private blockchain is valid or not, which reduces the cost and latency of cross-domain data sharing(iii)We use FHE with IND-CPA security to realize the attribute-based access control mechanism, so that the edge servers can perform arbitrary calculation of ciphertext without decryption, in this way, while ensuring the confidentiality and privacy of the subscription information and realizing the fine-grained access control of user data

The rest of this paper is organized as follows. Section 2 introduces some related work and briefly analyzes the pros and cons of various solutions. Section 3 reviews the preliminaries used in this paper. In Section 4, we present a blockchain-based privacy-preserving PS model. Section 5 analyses the performance and security of our scheme by deploying it on two computers. Finally, we summarize the paper with a further research discussion.

2. Preliminaries

In this section, we review some of the relevant theoretical basis of this study and briefly introduce and analyze the related background technologies, which mainly include the concepts of publish-subscribe system, attribute-based authorization, blockchain, fully homomorphic encryption, and edge computing.

2.1. Publish-Subscribe System

Publish-subscribe system can be seen as a way of data-centric message distribution [18]. During the distribution of a message, the publisher can publish the message without specifying the identity of the user, and the subscriber also does not need to know the identity of the data owner to use message. In such a middleware solution, a message is represented as an event that can be detected in the application. As is shown in Figure 1, the PS model relies on three elements: publisher, subscriber, and the broker.

In the model, a publisher is an actor who generates any content and publishes it to the specified topic; subscriber is a user of events who subscribes the interested topics, and subscriber gets the published event when a publisher creates a publication for its subscription request. The broker is responsible for receiving the published events and notifying subscribers of the interested topics.

2.2. Attribute-Based Authorization [19]

An attribute is defined as , meaning that the attribute have value. A user has one attribute that can be represented by conjunctive formula . For a given system event topic , authorization policy restricts access to event data with a topic by using a user’s specific attribute value.

Definition 1. The expression for an authorization policy is , which means that when a subscriber has at least a set of attributes from attribute concatenation to , the subscriber can access the data with topic .

For a subscriber whose attribute expression is , he/she has group connection attributes. As long as one of the group conjunctive attributes appears in , then is defined to satisfy .

2.3. Blockchain and Edge Computing

Since Nakamoto [12] published the Bitcoin white paper in 2008, the blockchain, as the underlying technology of Bitcoin, has quickly attracted a lot of attention due to its characteristics such as decentralization, no tampering, public verification and anonymity. The blockchain works as a distributed database that records all transactions that have occurred in the peer-to-peer (P2P) network. As is shown in Figure 2, the blockchain is a series of blocks connected one by one by hash. Blocks are added to the longest main blockchain by consistency protocol among most nodes in the network. Each block contains two parts: block header and block body, where all transactions involved in the block body, and the block header consists of the link pointers of the previous block header, a Merkle root of all transactions and a timestamp. Hyperledger Fabric [13, 20, 21] is a consortium blockchain based on distributed ledger. Unlike public or private blockchain, it executes the verification of transactions by a set of preselected nodes in the consortium blockchain, and the nodes can change dynamically; so, the consortium blockchain is more suitable for the scenario that supports node scalability.

Due to the limited computing capacity and available energy consumption of IoT terminal device, it has become the key bottleneck restricting the application of blockchain in IoT, but edge computing can help mitigate this problem. Edge computing transfers data processing from the remote cloud center to the edge of the network, and the computation and data storage can be dispersed to the edge of the Internet near the endpoint of things, sensors, and users. It brings real-time computation and communication by leveraging nearby edge servers.

2.4. Fully Homomorphic Encryption [14]

Let be prime, be the integer field of modulo , and be an integer. For the given plaintext and the key generated by the parameters and , there are encryption function and decryption function where ciphertext is an -dimensional vector. Public key generated by key can be used to encrypt , and then

Let and When and exist in the decryption function, the FHE algorithm satisfies the following additional homomorphism properties:

where is vector addition, and is scalar multiplication of vectors.

The homomorphic operation of multiplication also requires the public evaluation key , which is generated by . For obtained from ciphertext and , it can be expressed as

For a given publisher’s secret key and subscriber’s public key , the ciphertext encrypted with can be converted to the ciphertext encrypted with subscriber’s secret key . The key exchange process is as follows:

Let be the generating function of exchange key , and then , where any is an -dimensional vector. Suppose there is , then the reencryption of ciphertext with exchange key can be expressed as , let , and then .

In recent years, most of the research on PS system has focused on effective event routing, event filtering, and composite event detection, and little has been done to address privacy issues. Here, we briefly summarize some relevant work in recent years and find that it can be divided into two categories: (1) PS system based on traditional broker server and (2) PS system based on P2P (peer-to-peer) network. This section mainly analyzes the current research status of privacy-preserving PS system.

3.1. Based on Traditional Broker Servers

Duan et al. [22] proposed a comprehensive access control framework CACF to guarantee the data confidentiality and service privacy of the publish-subscribe model in different domains. It uses fully homomorphic encryption to encrypt data and bidirectional privacy-preserving policy to match access policies and subscription policy. We can see from the performance analysis result that the CACF scheme can provide confidentiality and privacy-preserving with acceptable latency, but the centralized message-oriented Java Message Service (JMS) broker can cause a single point of failure.

AKPS [23] is a privacy-preserving attribute-keyword-based data publish-subscribe scheme. This scheme uses attribute-based encryption with decryption outsourcing to encrypt the published data. While realizing the publisher’s own control of data access, it transfers the main decryption overhead from subscribers to the cloud server. And subscribers who search by keyword can choose to receive the data according to their own interests. However, the publisher has only one identity; that is, it cannot receive the information as a subscriber.

In [24], Wang et al. proposed a privacy protection scheme for a content-based publish/subscribe system with differential privacy in a fog computing environment. It used the -Apriori algorithm to extract the collection of the first frequent items from uncertain data sets and then applied the exponential and Laplace mechanism to ensure differential privacy. Brokers mine the first item sets to eventually match the appropriate publishers and subscribers. This method reduces the cost of user computation and storage, but the complex attribute matching method increases the delay of matching time and increases with the number of users.

In order to provide basic security mechanisms for fog computing-based publish-subscribe system in IoT, Diro et al. [25] proposed a secure lightweight publish-subscribe protocol based on elliptic curve cryptography (ECC). It reduces the overhead of computations, storage, and communications in traditional security protocols such as SSL/TSL. In [26], Diro et al. proposed a resource efficient end-to-end security scheme by offloading computations and storage of security parameters to fog nodes in the vicinity. In addition, a symmetric-key payload encryption has been used to minimize the overhead of message communication in the resource-contested IoT environment.

Borcea et al. [27] introduced PICADOR, a topic-based publish-subscribe system designed using proxy reencryption. This system provides end-to-end encrypted information distribution service, and it ensures the information confidentiality between publishers and subscribers without sharing encryption and decryption keys. The system not only reduces the communication cost but also reduces the vulnerability of internal attack. However, reencryption also brings a heavy computing burden to proxy server.

3.2. Based on P2P Network

Zhao et al. [28] built a fair and secure publish-subscribe system (SPS) based on blockchain. In SPS, in order to realize fair data exchange, publishers publish a topic on the blockchain, and subscribers subscribe the interested topic by deposit. At the same time, the publisher and subscriber use hybrid encryption to ensure data confidentiality and take advantage of the pseudoanonymity of bitcoin system to ensure the identity privacy of both parties. However, because this scheme cannot provide fine-grained access control, it cannot provide users with more accurate and efficient services according to their own features.

In [29], Lv et al. propose a privacy-preserving publish/subscribe model by using the blockchain technique, which ensures the system confidentiality by employing public key encryption with equality test (PKEwET), and they solved the single point of failure and the anonymity of the participants by using the Ethereum.

Tariq et al. [30] proposed a new approach to provide authentication and confidentiality in broker-less content-based publish/subscribe system. Credentials are assigned to publishers and subscribers by adapting the pairing-based cryptography mechanisms. Because the private keys and ciphertext assigned to publishers and subscribers are marked with credentials, a particular subscriber can decrypt an event only if the credentials associated with the event match the private key. However, Tariq et al. do not consider the anonymity of subscriber.

In [31], the authors contributed Trinity, a novel distributed publish-subscribe broker with blockchain-based immutability. It distributes the published data to all brokers in the network and stores the distributed data in an immutable ledger by using the blockchain technology. In this way, it can guarantee persistence, ordering, and immutability across trust boundaries, but the Trinity framework increases the end-to-end delay while consuming bandwidth and computation resources.

Gao et al. [32] proposed a new trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain, named TrustAccess, to achieve trustworthy access. To address the privacy issues of access policy and user attribute in the TrustAccess, an optimized hidden policy CP-ABE named OHP-CP-ABE to ensure policy privacy while satisfying the large universe access requirement. In addition, the authors use the multiplicative homomorphic ElGamal cryptosystem to ensure the attribute privacy during authorization validation.

4. BPAC System Model

In this section, we mainly explain how the proposed blockchain-based IoT publish-subscribe system works. For convenience, some notations will appear in our BPAC scheme as shown in Table 1.

4.1. Security Model

In our work, we assume the certificate authority (CA) that creates the public/private keys for the publisher or subscriber and assigns public parameters to the system is honest; that is, the CA follows the rules to perform computations. And the publisher who can correctly and truly publish the encrypted data is legal. All published events are stored in the global ledger maintained by the edge devices, and all data validation and publish-subscribe services processing are performed by the edge devices to reduce the workload of an IoT device. It is worth emphasizing that the storage and protection of the published events are only performed by blockchain, without intervention of any other entity. Therefore, the security of our scheme is mainly guaranteed by blockchain. In our scheme, publishers and subscribers within the domain directly interact with each other through private blockchain, and the crossdomain users connect private blockchain through consortium blockchain for temporary crossdomain information interaction. In the actual collaborative IoT services, there may have a many-to-many relationship among multiple publishers and subscribers. Here, we just take one publisher and one subscriber to discuss the access control procedure in our framework. The system model is shown in Figure 3.

4.2. Blockchain-Based Security Publish-Subscribe System

We propose a secure PS scheme which is based on FHE [14]. Assume that a publisher contains a key pair , and a subscriber contains a key pair . The specific dynamic data flow is shown in Figure 4. The access control procedure mainly contains the following phases: Setup, Publish, Subscribe, Match, and Receive.

4.2.1. Setup

The setup algorithm takes the security parameter , a number of levels , and as input parameters to generate the system parameter . This algorithm is run by CA, and only CA knows the value of , where let , whose modulus is prime , and , , , and . Finally, the key pair and are generated as follows:

where the key pair of publisher and subscriber is, respectively, and .

4.2.2. Publish

The publisher randomly selects random number and hash function in advance, where is greater than the number of topics in the publishing event , then generates , and encrypts event with topic and policy as through edge servers. For each set of attribute conjunction formula the publisher generates through the attribute filter function , uses the edge servers to convert it into access credentials: and finally publishes and on a private blockchain. The encryption process for publishing events is as follows:

When the private blockchain receives the encrypted event , the edge servers packaged it into a block and stored in the edge ledger after being authenticated by the whole network.

4.2.3. Subscribe

First, the subscriber with property expression subscribes to an interested topic through edge ledger, and then subscriber encrypts its property index value to and finally sends it to the private blockchain broker.

4.2.4. Match and Key Switching

When the publisher receives a subscription request from the subscriber, it first checks whether subscriber’s attribute conjunction satisfies . If the condition is met, the subscriber is certified as a valid user, and his subscription request is allowed. Then, the publisher will reencrypt the ciphertext through edge servers to . The conversion process is as follows:

Finally, the publisher authorizes the subscriber to access and from the edge ledger.

If subscriber fails to meet the requirement, the edge servers simply refuse the subscriber’s access requests.

4.2.5. Receive

After subscriber receives and , it first decrypts to obtain index , thus obtaining the authorization attribute conjunction . Then it decrypts and to get the random values and . Then, the subscriber uses hash function to restore :

Finally, the subscriber decrypts the ciphertext and gets , and the modular operation is then performed on to recover the event .

4.3. Efficient Crossdomain Access and Authentication

For the crossdomain PS system, there is no direct connection among edge ledgers, and no copies of other ledgers are kept. Therefore, after obtaining the authorization information, the subscriber needs to verify whether the authorization information block belonging to another edge ledger is valid.

Assume that and are two subscribers of edge ledger in different domains. needs to access the publishing events in through the global ledger and verifies its validity. The verification process after obtaining the authorization information block is shown in Figure 5. (1) processes the new authorization information block (i) initiates a verification request for information block to the global ledger . forwards it to and initializes the value of the accumulator after receiving the verification request(ii) packs into a new block and updates the accumulator value to (iii)All nodes in run the consensus protocol to add and update accumulator value to the blockchain(2) updates its status to (i) only updates the accumulator value to after a certain number of new blocks are created(ii) checks whether has achieved consensus on , if it passes the check, then the latest state of is included in the new block(3) checks the validity of (i) obtains the current accumulator value of from (ii) requests to provide evidence that block contains the authorization information block (iii) responses to ’s request and provides a proof that is included in the edge ledger

verifies the evidence. After verification, it can utilize the information in .

5. Security and Performance Analysis

In this section, we first theoretically analyze the security of the proposed scheme and illustrate the correctness of our scheme, where our scheme only aims to resist collusion attack and spoofing attacks. Then, we implement the prototype system to evaluate its performance.

5.1. Security Analysis
5.1.1. Confidentiality

For our proposed publish-subscribe scheme, the security of data sharing is based on the security of blockchain and FHE algorithm. Among them, since the FHE is IND-CPA secure, that is to say, an adversary first gets a properly generated , then specifies message ( is a message ring), and finally gets for a random number ; it cannot guess the value of with probability , where is a negligible function in the security parameter . In other words, for a given ciphertext, an adversary is not able to know any useful information about the corresponding plaintext; that is, it is secure against chosen-plaintext attack. And we adopted the FHE algorithm to set up a credible PS system for IoT, which can separate data processing rights and data ownership, so as to prevent data privacy leakage while using edge servers computing power. In addition, blockchain lies on the hardness of preventing sibyl attacks and DDoS attacks. In the large-scale IoT environments, with more IoT devices connected to the blockchain network, the more gateway nodes in the network increases, and the more security will be improved; so, it is difficult for an attacker to launch a DDoS attacks in the blockchain network. This is because if you want to launch 51% attacks in the blockchain network, you need a lot of computing power to control the nodes that are distributed everywhere, since an adversary is not powerful enough to take over the majority of the nodes. Therefore, the scheme can guarantee the confidentiality of the message.

5.1.2. Resistance to Collusion Attack

For two collusive subscribers and , they cannot successfully pass the inspection of the property filter function in the edge servers, because neither of them has the authentication attribute authorized by the access control policy. Even if the edge servers are malicious and also participate in the collusion attack, consequently, make both pass the inspection and convert keys to generate and . However, and will only get the following ciphertext:

But since and do not know the values of , so and cannot recover and the event .

5.1.3. Resistance to Spoofing Attacks

In our scheme, an edge server is placed in the same local network as the IoT devices, aiming to help the IoT devices perform certain kinds of computations. If the edge server is fake, it may fake the access credentials to recover event e, but it does not have any private keys of the subscribers to decrypt ciphertexts. At the same time, if an edge device tries to forge encrypted data while performing cryptographic computations, it will be detected and excluded by other nodes in the consortium blockchain. In addition, the consortium blockchain composed of edge devices has a certain fault-tolerant. Even if there are false malicious nodes in the network, as long as the number does not exceed 1/3 of the total number of nodes, it can guarantee the normal and stable operation of the system. So, even if the edge devices are fake, as long as there are enough honest nodes in the network, our scheme is also available.

5.2. Correctness Analysis

Theorem 2. For the access control policy of an event with a topic , and an attribute conjunction of a subscriber , when and , and , then can access all events of topic .

Proof. In our scheme, the edge servers generate and for subscriber , and finally gets event by decrypting it. When , if , then Theorem 2 is satisfied; so, our scheme satisfies correctness.

We also compare our scheme with other related work from the aspects of confidentiality, data privacy, decentralization, fine-grained access, collusion resistance, and ant-spoofing attack in Table 1, and the specific comparison results are described in Table 1.

As is shown in Table 1, all solutions are realized data event confidentiality; however, the proposed PS systems adopt centralized architecture in literature [2227], in which all data are published to the subscriber by central broker, such a centralized architecture is vulnerable to the effects of a single point of failure, and the broker who is not fully trusted may leak or tamper with data, thus causing some insecure factors and posing a threat to the stable operation of the system. On the other hand, the data owner should have the right to determine who can use the data it provides, while in [2430], there did not reflect the control of publishers over the authorization granularity for different information and subscribers. And subscribing services can be dishonest in practice, and the subscribers may attempt to access unauthorized events by colluding with each other, but most of the other work did not consider this problem. On the contrary, our scheme can better solve the above problems.

5.3. Performance Analysis

In order to verify the availability and performance of our proposed BPAC mechanism, we deployed our prototype system on two computers: the publisher/subscriber and blockchain broker both ran on the configured with 8.0G of RAM, AMD 2.3GHz CPUs, and Windows10_64 operating system, which the private blockchain is built on Ethereum. Furthermore, we use the Hyperledger Fabric deployed on the IBM Cloud platform for the consortium blockchain. Here, we use system throughput and two types of time delay as the main performance evaluation criteria: (1) PS prototype system without using our proposed scheme and (2) using the proposed blockchain-based secure PS system. Among them, the time overhead of the prototype system is from the time the subscriber initiates the subscription request until the subscriber successfully obtains the publishing service or data. Our scheme would consist the additional time spent in running BPAC. This paper evaluates the proposed scheme in terms of the different event sizes of a publish event, the number of different policies, and the number of attributes of a subscriber, where the number of policies is 1, 2, 4, 6, and 8, and the number of attribute values is 1, 5, 10, 15, and 20. In addition, in order to better verify the efficiency of the proposed scheme, we compare our scheme with the CACF [22] scheme under the same test environment, which is a comprehensive access control framework using FHE scheme for publish/subscribe-based IoT services communication. The specific experimental results are shown as follows. It is worth noting that all data were obtained after running 100 times.

As is shown in Figure 6(a), with the publishing event sizes increases, the system delay gradually increases; that is, the size of the data event is one of the main factors that affect PS system latencies. Among them, the delay of the prototype system is significantly lower than our proposed scheme, and the CACF scheme is slightly higher than the prototype system but significantly lower than our scheme. This is due to the fact that the consensus validation process in our scenario consumes part of time and increase with the event complexity. Figure 6(b) shows the average sustainable throughput in processing the publishing events per second using different event sizes. Node that the throughput results are based on the average system latencies with or without our BPAC mechanism. As is shown in Figure 6(b), the system throughput decreases with the growth of data event sizes; that is to say, fewer the publishing events per second can be sent from the publisher to subscriber. In addition, we can know from the above two figures that the moderate amount of event data can complete PS service with low latency and acceptable throughput.

Figure 7 shows the impact on the system time overhead from both publisher and subscriber factors, where we mainly consider how the number of policies in one publishing event and attributes in one subscriber affect PS system latencies. In Figure 7(a), an increase in the number of subscriber attributes will result in an increase in the system time latency. This is because an increase in the number of attributes directly lead to more time in the attribute filtering and access control policy enforcement phases. Among them, the CACF scheme is still slightly lower than the scheme we proposed, which is because the FHE algorithm used in our scheme increases the time overhead. As shown in Figure 7(b), with the increase of access control policies, the time delay of the system gradually increases, and the delay of our scheme is about 43~50 ms. The time cost of the prototype system is significantly lower than ours, while CACF scheme is slightly higher than the prototype system but lower than our scheme. This is because our solution consumes part of the time and grows as the number of access control policies increases.

In Figure 8, in order to reflect the efficiency of crossdomain access operations, we test the throughput of our proposed PS system in different scenarios. All the experimental data is collected based on a minimum crossdomain access requirement that only involves one global ledger and two edge ledgers, and the average throughput in processing events per second is based on one KB event size. It is clear from Figure 8 that the physical location of the nodes also affects the performance of the PS system.

As can be seen from the results discussed above, although our proposed BPAC mechanism increases the system time delay compared with the CACF scheme, the absolute value of the delay increment is not large, and the application of blockchain in the PS system makes up for the lack of security and trust in the traditional scheme. We compromised the acceptable response time in exchange for higher reliability and solved the security problem in the PS system.

6. Conclusion and Future Work

In this paper, we propose an access control mechanism based on blockchain and FHE algorithm, which solves the security and privacy problems in the traditional centralized PS system. Our scheme protects the confidentiality of event data by encrypting the publishing data with the FHE algorithm. Meanwhile, it replaces the traditional central broker with the blockchain technology to realize decentralized distributed access control and realizes crossdomain information interaction by storing data in the global ledger. According to the theoretical analysis, it can guarantee the security and correctness of the system, and the experimental results show that our scheme is feasible and efficient to some extent.

However, our scheme also has certain deficiencies, such as our solution did not completely realize attribute revocation and update of access policies, and with the rapid growth of the IoT network scale, the attributes of one subscriber and access control policies for publishing events also become increasingly complex, as it may take more time in the matching stage, so as to further prolong system response time. In future research work, we will further solve the above problems. We plan to combine the two-strategy attribute-based authorization [33] and time-limited key management to realize more fine-grained access control and efficient key revocation and further adopt the Bloomer Filter [34] to optimize the matching process to achieve fast authentication.


:Security parameter
:A number of levels
:System parameter
:The key pair of publisher
:The key pair of subscriber
:Random number
:Hash function
:Publishing event
:Access policy
:The ciphertext of the publishing event
:Attribute collection
:Attribute filter function
:Access credentials
:Property index value
:The ciphertext of property index value
:Attribute conjunction
:The exchanged key
/:Edge ledger/global ledger.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.


A preprint has previously been published [35].

Conflicts of Interest

The authors declare no conflicts of interest.


This work was supported by the State Grid Liaoning Electric Power Supply Co., Ltd (No. 2022YF-22).