Decentralized Access Control for Smart Buildings Using Metadata and Smart Contracts

Managing the privileges of occupants and visitors of large commercial buildings to access different building areas, control systems and equipment therein is a challenging task. The best practice today involves giving long-term building occupants, for example employees working in the building, access privileges to their organization areas and requiring visitors to be escorted by them. This approach is conservative and inflexible. Ideally, an automated solution is needed to manage access delegations; however, traditional role-based access control models are unwieldy in that they require the specification of all roles and their relative authority, which is a challenge in large buildings home of multiple organizations and numerous visitors. In this paper, we present a methodology based on blockchain smart contracts to describe, grant, and revoke fine-grained permissions for building users in a decentralized fashion. This method supports access control using resource description framework (RDF) graphs and implements two APIs for client applications. Leveraging the metadata of a real building, we have applied the proposed method to manage privileges in some realistic use-cases and shown that it can greatly reduce the administration overhead while providing fine-grained access control.