City Research Online - A privacy-aware authentication and usage-controlled access protocol for IIoT decentralized data marketplace

A privacy-aware authentication and usage-controlled access protocol for IIoT decentralized data marketplace

Dixit, A. ORCID: 0000-0002-5476-0772, Zarpelao, B. B., Smith-Creasey, M. & Rajarajan, M. ORCID: 0000-0001-5814-9922 (2024). A privacy-aware authentication and usage-controlled access protocol for IIoT decentralized data marketplace. Computers & Security, 146, article number 104050. doi: 10.1016/j.cose.2024.104050

Abstract

Data is ubiquitous, powerful and valuable today. With vast instalments of Industrial Internet-of-Things (IIoT) infrastructure, data is in abundance albeit sitting in organizational silos. Data Marketplaces have emerged to allow monetization of data by trading it with interested buyers. While centralized marketplaces are common, they are controlled by few and are non-transparent. Decentralized data marketplaces allow the democratization of rates, trading terms and fine control to participants. However, in such a marketplace, ensuring privacy and security is crucial. Existing data exchange schemes depend on a trusted third party for key management during authentication and rely on a ‘one-time-off’ approach to authorization. This paper proposes a user-empowered, privacy-aware, authentication and usage-controlled access protocol for IIoT data marketplace. The proposed protocol leverages the concept of Self-Sovereign Identity (SSI) and is based on the standards of Decentralized Identifier (DID) and Verifiable Credential (VC). DIDs empower buyers and give them complete control over their identities. The buyers authenticate and prove claims to access data securely using VC. The proposed protocol also implements a dynamic user-revocation policy. Usage-controlled based access provides secure ongoing authorization during data exchange. A detailed performance and security analysis is provided to show its feasibility.

Publication Type:	Article
Additional Information:	This article is available under the Creative Commons CC-BY-NC license and permits non-commercial use, distribution and reproduction in any medium, provided the original work is properly cited.
Publisher Keywords:	Data marketplace, Authentication, Usage control, Decentralized Identifiers (DID), Verifiable Credentials (VC), Privacy, User-revocation
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science T Technology > T Technology (General)
Departments:	School of Science & Technology School of Science & Technology > Engineering
SWORD Depositor:	Symplectic Administrator

[thumbnail of 1-s2.0-S0167404824003559-main.pdf]

Preview

Text - Published Version
Available under License Creative Commons Attribution Non-commercial.
Download (2MB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Metadata

Altmetric

CORE (COnnecting REpositories)

Actions (login required)

Admin Login

Creators:	Dixit, A. ORCID: 0000-0002-5476-0772 Zarpelao, B. B. Smith-Creasey, M. Rajarajan, M. ORCID: 0000-0001-5814-9922
Status:	Published
Refereed:	Yes
Journal or Publication Title:	Computers & Security
Publisher:	Elsevier BV
ISSN:	0167-4048
e-ISSN:	1872-6208
URI:	https://openaccess.city.ac.uk/id/eprint/33516
Date available in CRO:	19 Aug 2024 13:44
Date deposited:	19 August 2024
Dates:	Date Event 6 August 2024 Accepted 8 August 2024 Published Online 30 November 2024 Published