Master's Thesis Jan-Niklas Strugala

Leveraging TLS/SSL-based Identity Assertion and Verification Systems for On-chain Authentication and Authorization of Real-world Entities

As the popularity of blockchain systems is continuously growing and advantages of blockchain technology is common knowledge, organizations and users with new business ideas explor blockchain systems for their use-cases. However, many of these use-cases require authentication and access control of real-world entities, as only a limited group of people from a certain organization or with specific attributes should be able to use the functionality of a smart contract. Opposed to traditional systems, authentication and access control on the public blockchain still is in an early stage with few mechanisms and research available. Hence, with this work complement this research by proposing an authentication and access control mechanism at smart contracts for real-world entities.

During our research we define potential use-cases and survey existing research of traditional access control systems. Furthermore, we explore related work of authentication and access control at smart contracts. Considering the insights we design and implement an authentication and attribute based access control (ABAC) system that allows owners of smart contracts to restrict access to trusted accounts of real-world entities that hold certain attributes. As the smart contract that evaluates the access request from a real-world entity needs to trust the authenticity of attributes, we bootstrap the SSL/TLS certificate public key infrastructure to associate attributes and endow trust to accounts of real-world entities. To create this link between SSL/TLS certificates and the accounts of real-world entities we leverage the SSL/TLS-based identity assertion and verification system On-Chain AuthSC and create a sub-endorsement framework. Subsequently, we design the ABAC framework such that it can be implemented in any smart contract to protect its functionality. The interview-based evaluation of the system design unveils strong interest in our approach. Thus we implement and integrate the different components into a prototype for the Ethereum blockchain and conduct an analysis to evaluate its performance.