The implementation of IP technology in wireless sensor networks has promoted the development of many smart scenarios. To enhance secure access in IP-enabled wireless sensor networks, access control to sensor nodes is a necessary process. However, access control currently faces two challenges, feasibility and preservation of user access privacy. In this paper, we propose eHAPAC, a novel privacy-preserving access control model for IP-enabled wireless sensor networks. The contributions of our paper include three parts. First, this paper integrates the Hidra access control protocol and APAC privacy-preserving model, addressing the issue of privacy-preserving access control in resource-constrained devices. Second, this paper proposes an enhanced Hidra protocol to implement the unlinkability of protocol message exchanges. Third, to solve the problem of third party credibility, this paper improves the group signature-based APAC model and utilizes blockchain technology to manage the storage and publication of public group signature keys. Security analysis and performance evaluation prove that our protocol is secure and effective.
Wireless sensor networks (WSNs), as an important part of the Internet of Things (IoT), enable us to create smart environments. They are typically composed of thousands of tiny, low-cost, low-power, resourced-constrained sensors that detect environment conditions such as temperature, noise, light, or the movement of objects. With their low cost, WSNs have been widely used in military reconnaissance, industrial monitoring, medical health care and other fields [1,2].
However, there are still many problems in traditional WSNs, such as poor scalability and single point of failure issues [3,4]. Recently, in virtue of the development of solutions like the 6LoWPAN standard, the problems which block the native integration of sensors and the Internet (e.g., IPv6 header overhead, packet transmission, etc. on the IEEE 802.15.4 network) have been solved [5–7]. The end-to-end (E2E) communication between Internet users and sensor nodes can really be realized, which promotes the application of WSNs. However a new security crisis has been introduced for IP-enabled WSNs whereby adversaries can more easily access data on sensor nodes by using global addressing [8–10]. Moreover, the high frangibility of the WSN itself (e.g., its resource constrained nature) makes it a easy target for many security attacks [3,11] (e.g., hacking, data theft, remote hijacking) or a tool for hackers to launch security attacks  (e.g., Mira, composed of IoT devices that constituted a million-level botnets, launched a crazy DDoS attack on Krebson Security). Therefore, the access to sensor nodes must be strictly controlled in IP-enabled WSNs. A basic access control model includes three components: authentication, authorization and auditing . Generally, authentication and authorization imply transmitting user identity-related information to the targeted service, which will cause another problem, namely privacy security of data access. Currently, user access behavior is a target for data collection , from which users’ behavior patterns and preferences can be summarized, posing a threat to users’ privacy and even property and lives [14–18]. Therefore, it is necessarily to implement access control in IP-enabled WSNs without revealing users’ private information.
The key challenges for secure remote access to IP-enabled RCDs are the availability of feasible access control solutions and preserving user data access privacy. This paper establishes a privacy-preserving access control model eHAPAC for IP-enabled WSNs, a severely resourced-constrained environment. This paper enhances the formally validated Hidra access protocol with unlinkability of message exchanges. In the authorization phase, the self-renewed TGTs is used to prevent the authorization request messages from being linked. A fake ticket mechanism is introduced in the authorization response message to ensure the unlinkability between authorization request process and service access process. This paper improves the group signature-based APAC privacy-preserving access control model by setting up two mutually restrictive third parties to avoid third-party monitoring and cheating. The proposed model ensures user data access privacy without disclosure to any entity including the third parties participating in the security protocol, which makes it more practical. This paper modifies the XSGS group signature scheme and chooses it as an example to describe the implementation process of the enhanced privacy-preserving model. However, there are still some problems: it is unable to resist resource attacks, the accountability process of group signatures cannot be above board, which easily causes disputes, and the management and publishing methods of group public keys are not flexible enough. To this end, this paper introduces blockchain technology and designs a smart contract to solve these problems taking advantage of the distributed, transparent and irreversible attributes of the blockchain. In the system setup phase, blockchain acts as a platform for group public key management and publishing to increase the flexibility of public key management. In the authentication phase, blockchain serves as an intermediate platform for message exchange between ACS and users to resist resource consumption attacks on ACS. In the accountability phase, this paper proposes a new accountability mechanism based on blockchain, which makes the accountability process to prevent arbitration organizations from cheating, and makes the results more convincing. The security analysis shows that the proposed model can meet our expected security goals. Through experimental simulations and analyzing the performance of the proposed model, it is demonstrates that the proposed model is feasible and rationality.