This article has been accepted for inclusion in a future issue of this journal.

Content is final as presented, with the exception of pagination.

IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS 1

BloomACS: Bloom Filter-Based Access Control

Scheme in Blockchain-Enabled V2G Networks
Arzoo Miglani and Neeraj Kumar , Senior Member, IEEE

Abstract— Recent advancements in Vehicle-to-Grid (V2G) lead network resources for securing data privacy in V2G environ-
to efficient service provisions, such as eco-friendly environment, ment. In general, the access control mechanism improves the
demand response management, charging, and discharging to the information security of the resources provided by the various
end-users. However, security and privacy preservation for the
aforementioned services are key challenges keeping in view of entities in the V2G environment.
the dependency on the existing centralized security architectures Nevertheless, V2G networks involve various stakeholders
which are not resilient to fault tolerance due to a single point with potentially different access control policies (ACPs) and
of failure. Hence, there is a need to design new efficient security permissions. Different entities in V2G scenarios may use
solutions for the current V2G network, so as to provide seamless diverse communication protocols and standards. Achieving
services to the end-users. Motivated by these, in this work,
we proposed a bloom filter-enabled smart contract-based scheme interoperability while maintaining effective access control
for access control in V2G environment. In comparison to complex requires careful design and coordination [2]. Implementing
signature-based cryptographic techniques, we propose bloom authentication and access control in the V2G environment is
filter-based authentication for the registered nodes for efficient particularly challenging due to distributed entities and network
storage and searching of stored data on the blockchain network. resources. Additionally, the V2G network contains sensitive
We also designed the Proof-of-Authority (PoA) consensus mecha-
nism, which selects authority nodes dynamically to verify various information regarding user behavior, location, and charging
transactions on the blockchain network. To validate the proposal, patterns. Ensuring access control is difficult while balancing
we implemented it on the Ethereum network on benchmark the need for information exchange with the necessity of
datasets using various evaluation parameters such as- latency, protecting sensitive data. Therefore, it is crucial to design
throughput, false positive probability, and gas cost. proper access control rules that protect privacy while allowing
Index Terms— Blockchain, smart contracts, ABAC, authenti- the required data dissemination for system management.
cation, access control, Ethereum, proof-of-authority.

I. I NTRODUCTION A. Motivation
In order to fully explore the huge data produced by network
I N RECENT times due to the wide popularity of smart
grid infrastructure and electric vehicles (EVs), vehicle-to-
grid (V2G) has emerged as a powerful technology to support
nodes, it is important to realize safe data management and
sharing among all parties, so that nodes have proper control
energy exchanges between EVs and smart grid [1]. However, over their data. In a V2G system, access rights are granted
V2G communication systems are different from other existing either by a smart meter, a CS, an EV, or a utility center,
systems in many ways, such as- vehicle mobility, dynamic rather than by a single centralized entity, so it necessitates the
topology, driving pattern, and limited communication range. deployment of a decentralized access control system. Also, the
Apart from confidentiality, integrity, and availability (CIA), scale and heterogeneity of the V2G network make it difficult
authentication and access control are also key challenges in to define comprehensive ACPs for both subject and object in
V2G environment. The shared data between Charging Station advance. Hence, the access control process for a V2G system
(CS) and aggregators can be attacked if accessed by malicious should be dynamic, fine-grained, accurate, context-specific,
actors leading to overpayment by consumers. For a fraudulent and have a low maintenance cost. Also, an efficient access
user, who claims to be an EV owner, the access request to control mechanism for the V2G system needs to have an
the EV for CS needs to be blocked. Moreover, the smart effective authentication along with an authorization mecha-
meter can be compromised and can be controlled remotely. nism. The existing security-related literature in V2G mainly
Therefore, it is essential to prevent unauthorized access to discusses authentication and privacy protection but ignores the
issue of access control. Nevertheless, authentication of secret
Manuscript received 6 July 2022; revised 8 December 2023 and 25 April shareholders using signature verification technique has high
2024; accepted 26 June 2024. The Associate Editor for this article was
B. De Schutter. (Corresponding author: Neeraj Kumar.) storage and computation overhead, causing delays in network
Arzoo Miglani is with the Department of Computer Science and Engineer- nodes [3]. Also, existing literature supports some access
ing, Chitkara University Institute of Engineering and Technology, Chitkara control solutions involving cloud storage, trusted execution
University, Patiala, Punjab 140401, India (e-mail: [email protected]).
Neeraj Kumar is with the Department of Computer Science and Engi- environments (TEE), or a centralized key distribution center.
neering, Thapar Institute of Engineering and Technology, Patiala 147004, Unfortunately, these approaches introduce a single point of
India, and also with the Department of Computer Science, University failure and vulnerability to confidentiality, Distributed Denial
of Economics and Human Sciences, 01-043 Warszawa, Poland (e-mail:
[email protected]). of Service (DDoS) attacks and disclosure of private informa-
Digital Object Identifier 10.1109/TITS.2024.3421562 tion. Additionally, they fall short in addressing the auditability
1558-0016 © 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

2 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

and verifiability of ACPs. Another method to safeguard access

records from forgery is having them signed by the service
provider. Nevertheless, this approach lacks timeliness, as a
signature generated once can be reproduced at a later time.
Furthermore, these solutions are susceptible to DDoS and
replay attacks when access requests are overly frequent or
when the access grant token is reused.
In view of the aforementioned problems, blockchain tech-
nology with its features of decentralization, immutability,
and transparency, can be an effective solution. It provides
distributed storage and sharing of ACP’s; hence, an attacker Fig. 1. Bloom filter illustration.
has to compromise the majority of nodes to manipulate ACPs
stored on the blockchain [4]. Literature supports various
blockchain-based authentication and access control solutions of the System model is presented in Section III. Section IV
for smart grid [5], [6], [7]; however, their applicability in presents the details of the smart contract design in the
V2G is yet to be explored to their full potential. Moreover, proposed system. The detailed consensus algorithms are illus-
a blockchain data repository having multiple entries may not trated in Section V. The experimental results are analyzed in
be efficient in providing real-time responses for authentication. Section VI. Finally, Section VII concludes the paper.
Also, some existing proposals have assumed that authentica-
tion is executed in-built with access control [8], [9]. II. P RELIMINARIES AND R ELATED W ORK
There are many access control models, but due to the A. Attribute-Based Access Control Model
open nature of the V2G network, attribute based access
ABAC is the most popular access control scheme because
control (ABAC) seems to be most suitable, as neither
of its fine-grained capabilities for describing ACPs. It is more
identities nor roles can satisfy all conditions that subjects
suitable for networks where nodes frequently rotate [10].
should satisfy to access data. In this proposal, we propose
Attributes are the core of the ABAC model, and it is defined
a blockchain-based decentralized, dynamic, fine-grained, and
as name and value pair, such as {Role: Assistant professor}
context-specific access control scheme to prevent unautho-
and {Name: David} etc. Mapping attributes to permissions
rized access in V2G environment. The motivation to choose
allows for flexible creation of as many ACPs as needed. For
Ethereum is the trusted mechanism for the verification of
the system’s scalability, the policies can be manipulated by
attributes. The proposed system first authenticates the subject
adding or deleting the attributes. An attribute-based ACP is a
using bloom filter and then verifies access rights.
set defined as, P={SA, OA, PA, EA}. The meaning of each
field is as follows.
B. Contributions of This Article 1) SA represents the subject attribute, indicating character-
The main contributions of this paper are as follows. istics of the entity initiating the access request, such as
• We propose a bloom filter-based anonymous authentica- vehicle ID, location, manufacturer name, etc., of an EV.
tion for V2G environment. It reduces storage overhead 2) OA represents the object attributes, indicating the
and computation time in validating the authentication resource’s attribute on which access request is made,
process. such as resource type, waiting time, charging time, etc.,
• We design a blockchain-based dynamic ABAC for of a CS.
secure data access in a V2G environment. It supports 3) PA represents the permission attributes, signifying the
fine-grained and context-specific access control. Also, allowed operation of the subject on the object, such as-
to defend against DDoS attacks, we use a dynamic read, write, and execute.
attribute of the subject, i.e., the time of the most frequent 4) EA represents the environmental attributes that refer to
request, limiting the subject from sending too frequent the environmental information when the access request
requests. is made, such as- time.
• Along with various smart contracts, a PoA consensus
mechanism for access control transaction validation is B. Bloom Filter
also presented. This mechanism selects authority nodes
A bloom filter is used for checking element membership
based on the computing capabilities of nodes on the V2G
in a probabilistic set representation [11]. It is a bit array of
blockchain network.
predefined size with all its bits initialized to zero. Due to
• By implementing the proposed system on the Ethereum
the limited size of the filter, the output of a hash function
blockchain network, we evaluated its performance using
on a non-existing member can result in bit positions that are
various evaluation metrics on benchmark datasets.
already set, leading to false positives. If we set a sufficiently
large array size, the probability of hash collision decreases.
C. Organization of the Paper However, the query results of a bloom filter can result in
The rest of the paper is organized as follows. Section II false positives but not false negatives. The error probability
introduces the preliminaries and related work. An overview depends on the number of nodes (n), the number of hash

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIGLANI AND KUMAR: BloomACS: BLOOM FILTER-BASED ACCESS CONTROL SCHEME 3

functions (k), and the size of the bloom filter (m). Setting attribute-based encryption to mitigate the key escrow issue
the array size sufficiently large will decrease the chances of associated with a singular authority is proposed by Ruj
hash collision, leading to negligible error probability. For k and Nayak [27]. Also, to fulfill the requirements of a dis-
hash functions, the false positive probability is described by tributed environment, Liu et al. [28] proposed a multi-authority
the equation 1. attribute-based encryption, referred to as decentralized MABE.
This approach eliminates the need for a central authority and
 −kn k
 eliminates the necessity for cooperation during the setup phase.
P = 1−e m (1) However, this scheme has sufficient overhead in encryption
Fig. 1 illustrates a bloom filter with k=3. In this example, and decryption phase.
bloom filter is filled with the pseudo I D (PID) of each entity. To introduce decentralization using blockchain, authors
While registering a new member, each new P I D is hashed as in [29] propose an access control method named “Fairaccess”
per the chosen algorithm and the number of hash functions. for an IoT environment that uses blockchain to store access
Next, each bit array position corresponding to the hash tokens. If the subject meets ACPs, the resource owner releases
functions is set to one. The mapping value will not increase an access token. Similarly, authors in [13] proposed an access
if more than one hash value refers to the same position. control list (ACL) based access control scheme for a smart
To verify the authenticity of nodes, P I D is passed through home. However, the authors didn’t discuss the mining process,
k hash functions to get k index values. If any of the bits which results in untrustworthy access control decisions.
corresponding to these positions are zero, then definitely the A smart contract-enabled framework for decentralized
node’s P I D is not registered, and it is illegal; otherwise, if all access control is presented in [14]. The proposal consists
the mapping values do not contain zero, the P I D is proved of one judge contract to implement a misbehavior judging
to be legal. However, there are chances of false positives if a method, one register contract to manage access control and
hash collision happens during the hashing operation. misbehavior judging methods, and multiple access control
contracts (ACC), each providing one access method for a
subject-object pair. This approach may lead to numerous
C. ERC-20 ACCs if there are many requesters in the system, reduc-
ing scalability and flexibility. Moreover, the proposal uses
ERC-20 stands for Ethereum Request for Comments and Proof-of-Work (PoW)-based mining, which demands heavy
20 is the unique proposal identifier to differentiate it from computing resources, posing scalability challenges. Similar
other standards [12]. ERC-20 is a robust standard designed work is done in [15] which includes four smart contracts,
to implement an application programming interface (API) i.e., one policy management contract (PMC), one object man-
for tokens in smart contracts. The set of functions defined agement contract (OMC), one subject management contract
in ERC-20 includes totalsupply(), balanceof(), allowance(), (SMC), and one ACC. The implementation results are obtained
approve(), transfer() and transferfrom(). on the Ethereum platform with Proof-of-Work (PoW) consen-
sus algorithm. Some proposals have computed trust values and
D. Related Work reputation scores of the nodes to develop a trustworthy access
There are few works present in literature that discuss control system [18], [30]. However, computation of the trust
access control along with authentication and privacy for values in the system increases the complexity of the system.
V2G network. However, the prevailing schemes rely on a Differently, in [8], Liu et al. proposed an ABAC-based
centralized Key Distribution Center (KDC). For example, framework named “Fabric-iot” which is based on Hyperledger
Tao et al. [22] proposed a scheme named “AccessAuth” Fabric. The proposal includes three types of contracts, namely
which is a capability-based security access authentication device contract (DC), policy contract (PC), and access contract
scheme. To provide authentication, trust values among nodes (AC). The first contract is used to store the resource data
are considered while maintaining the privacy of admitted produced by devices, the second contract provides the function
sessions, ensuring a secure communication environment. Also, to manage ABAC policies, and the last contract is used to
to provide anonymity EVs create temporary identities, and the implement the access control method. Similarly, Han et al. [16]
real identity of nodes is hidden from other nodes. Also, the propose an auditable access control model with four smart
architecture presented in [23] examines the privacy of V2G contracts deployed on the network. The first contract manages
integrated with SG infrastructure. It utilizes an access control ACP, the second manages access requests, the third manages
profile to manage the flow of data between gateway and service the private data in IoT, and the last manages access records.
provider, with all information being pseudonymized by the Also, authors in [21] designed a blockchain-based method for
gateway. Also, authors in [24] proposed an attribute-based authentication and capability-based access control for IoT net-
security scheme for smart V2G supporting access control, works. Authentication is performed using certificate signature
anonymity, and authentication. However, all the discussed verification which involves computations for encryption and
schemes involve a centralized entity to take access deci- decryption. Later, Feng et al. [17] designed another ABAC
sions. While some researchers have introduced attribute-based model with three types of chaincodes, i.e., policy management
decentralized access control schemes in [25] and [26], they chaincode (PMC), access management chaincode (AMC), and
lack sufficient justification for their resilience against secu- credit evaluation chaincode (CEC). The CEC is used to
rity attacks. Similarly, smart grid incorporated decentralized calculate the domain’s credit value based on five indicators.

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

4 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

TABLE I
R ELATIVE C OMPARISON OF R ELATED A RTICLES

Fig. 2. Proposed system model.

While proposals such as [8], [13], and [14] have addressed Table I shows the comparison of the proposal with the existing
the issue of a centralized access control system, but these schemes.
are unable to capture the dynamics of the network auto- Many proposals including [5], [7], and [31] integrated
matically. Also, from the above discussion, it is clear that blockchain for access control in smart grids. In particular,
current proposals do not address authentication and access blockchain is leveraged to store access policies on the dis-
control together. The proposal in [8] has assumed that the tributed ledger and to make access decisions using the smart
authentication is already executed. Thus, a solution enabling contract facility of blockchain. However, there lacks any
authentication and access control is required to improve V2G blockchain-based access control system for V2G.
security. However, authentication using complex cryptographic
techniques brings low transaction verification efficiency. Also,
III. B LOOM ACS: B LOCKCHAIN E NABLED ACCESS
the disadvantages of adapting dynamic changes due to the
C ONTROL M ECHANISM FOR V2G
mobility of vehicles in V2G are still to be solved. Moreover,
most of the above-mentioned proposals don’t discuss the trans- Fig. 2 shows the proposed BloomACS (Bloom filter-based
action verification process. Also, most ABAC-based access access control system) architecture with five main participants,
control methods rely on static attributes, meaning that once i.e., EVs, CSs, Trusted authority (TA), EV_manufacturers
the defined value of the attribute is set, it cannot be changed. (E V MAN ), and EVCS_leader (C S LEAD ). For bidirectional
Besides, the feature of delegation of access rights from one communication, we have used Message Queuing Telemetry
subject to another is not supported by the previous work. Transport (MQTT). MQTT is most suitable for scenarios

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIGLANI AND KUMAR: BloomACS: BLOOM FILTER-BASED ACCESS CONTROL SCHEME 5

where low latency is required for real-time communica- TABLE II

tion [32]. Also, auction theory is used as incentive model for S YMBOLS AND N OTATIONS U SED
energy trading in V2G [33]. In the beginning, the blockchain
network nodes register a request to a TA to get an account
address and a pair of public and private keys. Each entity
on the network has a unique I D (account address) and
various attributes associated with its I D. The proposed system
comprises two main functions, i.e., authentication and access
control. Notably, the size of the database repository for making
decisions in V2G depends on various factors, including the
number of vehicles, CS, granularity of data, regulatory compli-
ance, security and privacy measures (including encryption and
decryption keys; authentication-related data; ACP), historical
data (including past charging patterns; grid performance; rep-
utation of vehicles and communication logs). Hence, the size
of the database for the V2G network is quite large because
of an increasing number of nodes and content generated from
them. To realize fast authentication, we use a bloom filter that • Trusted authority: TA plays an essential role in our
judges the validity of an I D and checks the existence of a fake scheme. The TA is responsible for bootstrapping the
I D. The bloom filter is crucial for efficient searching in this whole system in the beginning. It registers each entity
large dataset, offering benefits like reduced network traffic, on the network and provides them with a unique identity
quick decision-making, privacy preservation, and scalability. (I D). Also, TA deploys the smart contract in our system,
We consider the case when EV acts as a subject and requests and it is the only owner of the smart contract during the
information from a smart meter of a service provider (CS). The lifetime of the access control system. Once the network
notations used for the discussion of the scheme are mentioned participants verify the smart contract, the TA receives
in Table II. an address where the smart contract resides inside the
Network Entities definition The role of each entity in the blockchain. To interact with the smart contract, nodes in
proposed architecture shown in Fig. 2 is discussed below: the network should know the smart contract address and
• Charging station: It is the energy access point for EVs Remote Procedure Call (RPC) interface.
to connect to the smart grid for charging or discharging. Moreover, TA is also responsible for generating a bloom
Each CS has multiple charging slots to charge various filter with the I Ds of the registered entity. TA sets an
EVs in parallel. array that has m bits. It uses k hash functions to get the
• Electric vehicle: An EV can act as a charging EV or index values of I Ds, and the corresponding value is set to
discharging EV according to its energy status and energy one as depicted in Fig. 1. Next, TA sends the bloom filter
requirements. EVs can be energy producers by discharg- to all the users in the network. Notably, the TA only has
ing extra energy to the grid to balance the energy demand. the privileges to start a blockchain network and initialize
Also, EVs can be energy consumers by charging their smart contracts but can’t change the network information.
batteries with required energy from service providers. It is assumed that TA is fully trusted, and an attacker can’t
• Blockchain network: All the sensitive data generated compromise TA. In the worst-case scenario, if a TA gets
by nodes is stored on the blockchain network. The compromised, it can’t manipulate access control policies
blockchain ledger is made up of multiple blocks, and each (unless the majority of the network nodes agree on that,
block has two parts, i.e., header, and data. Each block and it’s hard to compromise the majority.)
in the blockchain has transactions and smart contracts • EV_manufacturers (E V MAN ): These are the manufactur-
with the hash of its previous block and a Merkle hash ers of EVs, responsible for adding and updating attributes
to preserve integrity. However, the data owner in the net- of EVs. EV manufacturers are considered lightweight
work should protect the sensitive data and control access nodes in our system. They do not store the complete
rights by formulating an ACP. Also, users can’t access blockchain data rather just store blockchain headers.
private data directly unless the policy authenticates them. These lightweight nodes do not need to constantly con-
EVs and CSs perform authentication and access control nect to the blockchain network, which helps decrease the
requests through smart contracts on the public blockchain use of hardware resources.
network. Smart contracts are utilized to ensure the correct • CS_leaders (C S LEAD ): These are leaders of CSs, respon-
execution of ACP. The blockchain provides a trusted sible for adding and updating attributes of CS. C S LEAD
environment for smart contract execution, facilitating the is also considered lightweight in the system.
implementation of distributed and trustworthy access con-
trol. However, each node must have an Ethereum account
to have a unique identity during the access control. Also, A. Attack Model
all nodes are assumed to be synchronized on the same Due to the usage of wireless connectivity and public
block. networks in blockchain-based V2G networks, there is a

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

6 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

possibility of various attacks, including eavesdropping, Man-

in-the-Middle, impersonation, replay, and Sybil attack etc.
We assume attackers have five goals in compromising the
proposed access control scheme:
• Impersonation: impersonating as a legitimate entity to
acquire the unauthorized privilege to data.
• DDoS attack: sending unnecessary access requests to
objects to disrupt the legitimate requests processing.
• Token reuse: reusing the already generated access token
Fig. 3. Subject and object attribute example.
to misdirect the object.
• Sybil attack: creating fake identities of nodes to gain
illegal access. where, S I D is unique subject ID and S I D SMC represents
• Collusion attack: two or more nodes with attribute sets all the SIDs stored in contract SMC. Each SMC is
that don’t match the ACP collude illegally to gain access composed of the following methods:
to data. – AddManufacturer(): This application binary interface
(ABI) takes the ID of the manufacturer of the subject
and adds the ID to the list of legitimate manufactur-
IV. B LOOM ACS: S MART C ONTRACTS D ESIGN ers. TA can only execute this ABI. To ensure that
the user interacting with the ABI is the contract cre-
In this proposal, smart contracts are the core of the access ator, the msg.sender variable and require() function
control mechanism. Smart contracts are the executable code are used. The sender signs every transaction in the
residing at the specific address on the blockchain network [34]. blockchain network, so msg.sender variable records
The script of the smart contract is executed automatically the originator of the current transaction.
once the predefined criteria are met. The smart contract – AddSubject(): This ABI is responsible for adding
must authenticate and authorize the requester to the relevant a new subject. A legitimate manufacturer can only
attribute before retrieving the blockchain network data. The execute this ABI. Similarly, msg.sender variable
proposed framework consists of five Ethereum smart con- and require() function are used to ensure that only
tracts, i.e., a subject management contract (S MC), an object legitimate manufacturers can register their devices
management contract (O MC), a policy management contract as subjects. This ABI accepts the SID and list of
(P MC), an access request contract (A RC), and a token attributes.
contract (T C). All the mentioned contracts are deployed by – UpdateSubject(): This interface gets the SID and list
TA while bootstrapping the system. The main idea of the of updated attributes and updates the attribute list
proposed framework is to store the attributes, policies, and with the new one onto the blockchain. A legitimate
logic of access control in a smart contract. After receiving manufacturer can only execute this ABI.
the requests from the subject, A RC retrieves the attributes – DeleteSubject(): This list is used to remove the
from S MC, O MC, then obtains access policies from P MC, subject from SMC. This ABI accepts the ID of the
and finally makes an authorization decision. When a subject’s subject to be removed. This ABI is executed by a
access request is granted, a token is generated by T C to avoid legitimate manufacturer.
a replay attack. Each contract description is as follows:
• Object management contract (O MC): O MC is respon-
• Subject management contract (S MC): This contract sible for the management of objects and their attributes
is mainly responsible for the management of subject by the object owner.
attributes. To differentiate between different subjects, the
Atto
Ethereum address is used as a unique subject ID (S I D). O I D OMC ←−− O I D
Each subject has multiple attributes linked with its ID. Att o ← (C type , locCS , P mod , C o , C p , C fast )
Fig. 3 shows the example of the subject attribute. In this
contract, attributes of subjects are mapped with their IDs where, C type is the cable plug type of CS, locCS is the
to a tuple of ⟨ E V MAN , locEV , V type , own, lic_no., S cap , location of CS, P mod is the pricing model used at CS, C o
T oM F R ⟩ parameters where, locEV specifies the current is the number of charging outlets, C p is the maximum
location of EV, V type is the vehicle type, own is the owner charging power, C fast is for specifying fast charging,
of the vehicle, lic_no. is the licence plate number on EV, O I D is unique object ID and O I D OMC represents all
S cap is the energy storage capacity, and T oM F R is the the OIDs stored in contract O MC. O MC provides the
time of most frequent request. Among them, locEV and following primary interfaces to manage the objects:
T oM F R are the dynamic attributes. – AddObject(): This ABI accepts the object ID and list
of attributes and adds them to O MC. Only the object
Atts owner can add an object (C S LEAD is our case).
S I D SMC ←−− S I D
– Updateobject(): This ABI accepts the object ID and
Att s list of the updated attributes to update the object
← (E V MAN ,locEV , V type , own, lic_no., S cap , T oM F R) attribute.

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIGLANI AND KUMAR: BloomACS: BLOOM FILTER-BASED ACCESS CONTROL SCHEME 7

Once authenticated, the subject can be checked for

access rights on the resources. If the authorization
validation results are true, A RC calls T C to generate
an ERC-20 token.
• Token contract (T C): This contract is used to generate
ERC-20 token for subjects once called by A RC. The
Fig. 4. Example of a policy.
token has token generation time (T s ) and token expiration
time (T e ). The following main ABIs are defined under
this contract.
– DeleteObject(): Similar to DeleteSubject, this ABI is – get_total_supply(): This ABI returns the total supply
used to delete an object from O MC. of tokens in the network.
• Policy Management Contract (P MC): P MC realizes the – get_balance(address token_owner): This function is
management function for ACPs. The policy determines used to check the total token balance for a specific
whether the subject can access the objects in a spe- address.
cific environment. Only the object owner has permission – transfer(address receiver, uint num_token): This ABI
to execute the P MC. A policy consists of a set of is used to transfer num_token amounts of tokens
subject attributes (SA), a set of object attributes (OA), from TA account to the receiver account. This ABI is
a set of environment attributes (EA), and actions. This called by ARC contract to transfer tokens to subjects’
combination specifies that subject with SA can perform accounts.
actions on the object with OA under EA. We have – transfer_from(address sender, address receiver, uint
considered three parameters for EA, i.e., start_time (P s ), num_token): This ABI is used to delegate access
end_time (P e ), and mininterval (min_int). P s indicates rights from one subject account to another.
the policy creation time, whereas the P e indicates the
policy expiration time. The policy will be considered A. Access Control Framework
invalid if the current time is later than the P e and min_int 1) By sending the S I D, O I D, and actions, the subject
represents the minimum allowable time between two calls the ARC_req() function of the ARC contract. After
successive requests by a subject. Fig. 4 shows the example successful authentication and authorization, a token is
of ABAC policy with SA={E V MAN , locEV , V type , own, sent to the subject. Fig. 5 depicts the whole access
lic_no., S cap , T oM F R}, OA={C type , locCS , P mod , C o , control process.
C p , C fast }, EA={min_int, P s , P e } and Action={Read}. 2) As the first requirement, subject authentication should
In our scheme, policies are not associated with certain be done using bloom filter to guarantee subject is
subjects and objects. A policy can deal with access registered with the blockchain network (Algorithm no. 2,
control between multiple subjects and multiple objects. Lines:2-3).
This contract provides the following main interfaces. 3) Using S I D and O I D, A RC fetches the subject
– AddPolicy(): This interface adds a new attribute, object attribute, and policy associated with the
attribute-based ACP into the blockchain. It takes given SID and OID (Lines:5-7). Att P s , Att P o , Att P e
four strings, i.e., SA, OA, EA, and actions. are the attributes of subject, object, and environment
– UpdatePolicy(): This interface is used to update the retrieved from matched policy, and P action are the action
policy with a new one into the blockchain, and it allowed.
takes data of a new access control policy. 4) One environment attribute to validate the subject access
– DeletePolicy(): This ABI takes the subject and object request is the time at which the request is made. This
attributes and deletes the corresponding policy. attribute guarantees that the request is only allowed
– FindPolicy(): This interface can find the target policy if it is made during the period between P s and P e .
with an index and return the matched policy. This (Lines:9-10). Another environment attribute to retrieve
ABI takes subject and object attributes as input. from the policy is min_int to control frequent requests.
If the time between two successive requests from a
• Access request contract (A RC): It handles the authenti-
subject is less than the min_int time in policy, the access
cation and access control requests from the subject. If the
request is denied, and the T oM F R is set to the current
requester meets all the conditions specified in the ACP,
time (Lines:12-15).
the blockchain network releases an authorization token. 
The access control contract provides the following main 

 time.now() < Att P e. .P e &
ABI to handle the access request. time.now()−T oM F R >

 1, if


– ARC_req(): The subject calls this ABI to authorize Res Attr e = Att P e .min_int
its current access request. It receives three strings, 


i.e., S I D, O I D, action. It first checks the authen-



 0, otherwise
ticity of the subject using bloom filter. To control
the rate of false positives, the size of the array is 5) All the subject, object, and environment attributes must
kept large compared to the total number of elements. be valid for request approval. Suppose that Res Attr s,o

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

8 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

Fig. 5. Access control process.

is the matched results for subject and object attributes, Algorithm 2 Access Control Process
and Res Attr e is the matched results for environmental Input: S I D, O I D, action
attributes. Lines 17- 18 of the Algorithm ensure that Output: Boolean
the current subject, object, and environment attributes 1: procedure ARC _ REQ (S I D, O I D, action)
match the policy’s attributes. The final matched results 2: if (acc.authentication_check(S I D)==False) then
as per the predefined policy are Resfinal as depicted in 3: return "Subject not recognized"
the following equations: 4: end if
 5: Att s ←− S MC.get S A(S I D)
 1, if Att s stais f ies Att P s and
 6: Att o ←− O MC.get O A(O I D)
Res Attr s,o = Att o stais f ies Att P o 7: Policy ←− P MC.Find Policy(S I D, O I D)


0, otherwise 8: ⟨ Att P s , Att P o , Att P e , P action ⟩ ←− Policy
9: if time.now() ≥ Att P e .P e then
Res Attr e = 1 ,

return "Access time out"


 1, if Res Attr = 1 , and
 10:
s,o 11: end if
Res final =

 P action = T r ue 12: T oM F R←−0
if (time.now()-Att s .T oM F R)≤Att P e .min_int then


0, otherwise 13:
14: return "Frequent request"
6) If the action field in policy allows for access requests, 15: Att s .T oM F R←− time.now()
A RC calls T C to generate a one-time token for the 16: end if
subject (L:24-25). 17: if Att s , Att o , Att e !satis f iesAttPs , AttPo , AttPe then
18: return "No policy match"
Algorithm 1 Authentication Check 19: if P action =="Deny" then
Input: P I D: Pseudo Identity of node. 20: return "No permission to access"
Output: Boolean 21: else
1: procedure AUTHENTICATION _ CHECK (P I D) 22: Res f inal =T r ue
2: R ←− 1 23: end if
3: j ←− 1 24: if Res f inal =T r ue then
4: while (R==1 and j≤k) do 25: T C.trans f er (S I D, num_token)
5: i= h j (P I D) 26: end if
6: if B i ==0 then 27: end if
7: R←−0 28: end procedure
8: end if
9: j←− j++
10: end while
The complexity of Algorithm 2 depends on authentication
11: return R
check, attribute retrieval, policy retrieval time, time com-
12: end procedure
parison, and token transfer. The authentication check has

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIGLANI AND KUMAR: BloomACS: BLOOM FILTER-BASED ACCESS CONTROL SCHEME 9

constant time because of using bloom filter (Algorithm 1). consensus time interval. All valid transactions are packed
Attribute retrieval involves a simple lookup operation, so it has into a Merkle tree structure for computing Merkle hash.
constant time complexity. The policy retrieval process involves The current ANs (AN cur ) aim to form a block, each with
searching through policies, which is possible in linear time, a cryptographic hash of the previous block. AN cur verifies
i.e., complexity is O( p), where p is the number of policies. the block based on smart contracts and bloom filter stored in
Time comparison and token transfer also have a constant their ledgers. These are transparent and open in the network,
function. Also, if number of attributes is constant, matching of ensuring tamper resistance. Hence, the validation of the
attributes (subject, object, and environment) also has constant newly created block is reliable. A block compromise of a
time. So, the overall complexity of Algorithm 2 is O( p), and transaction set, a timestamp, previous block hash, and Merkle
Algorithm 1 has constant time. root hash. If the majority of ANs in AN agree on the block,
the transactions in this new block are added to the blockchain
V. B LOOM ACS: POA C ONSENSUS A LGORITHM in chronological order. Refer to Fig. 6 for the illustration of
We use the Proof-of-Authority (PoA) consensus algorithm the consensus algorithm.
to validate network transactions. In PoA, block validators don’t
stake coins; instead, they risk their reputation. PoA selects A. Complexity Analysis
pre-qualified authority nodes (ANs) according to some rules.
The time complexity of PoW is dependent on finding a
In this process, ANs are chosen based on their computing
valid hash value that meets the difficulty criteria fixed by
capabilities, including computation power and memory. ANs
the network. Miner nodes have to perform various hashing
are responsible for collecting the transactions, creating and
attempts in order to meet the specified criteria. The higher
adding the block onto the blockchain. PoA enables a fair
the computational power of the network, the more difficult it
distribution of authorities for block creation among selected
becomes to find a valid hash value. However, PoW doesn’t
ANs. It relies on round-robin process where a primary author-
have any significant space requirements; miners only require
ity proposes a block in each round. The other selected ANs
space to keep the current block data and the result of their
verify the proposed block and add that block to the blockchain
hashing attempts. In comparison, PoS doesn’t demand high
network. If the primary authority proposes an invalid block,
computational power. Its time complexity mostly dependent
other validators call for voting. If the majority of the votes
on the selection process of validators based on their stakes.
go against the authority, the validator is declared malicious.
This selection process is generally faster than PoW mining
Unlike PoW, PoA is lightweight and has higher throughput.
process. PoS protocol might need space for storing information
Also, as there is no mining competition, PoA supports better
related to validators, their stake, and blockchain data. However,
CPU utilization. The Keccak256 hashing algorithm is utilized
this space is comparatively less than PoW, as it doesn’t
for computing hash, as it takes fewer costs than other hashing
involve massive hashing operations. In contrast, PoA has low
algorithms.
computational requirements as it relies on a predefined set
In the proposal, ANs are chosen from EVs and CSs by
of authorities that are responsible for transaction confirmation
analyzing their data related to processing power. Assuming
and block creation. The selection process of authority is typi-
there is a total of N nodes, a total of N − N2 + 1 are selected
cally deterministic and efficient. However, similar to PoS, PoA
as ANs. Clearly, each validator has to wait for N2 + 1 steps to requires space for storing data related to authorized validators
propose the next block. The details of PoA based consensus and blockchain data. Nevertheless, the space requirement is
algorithm are presented in the algorithm 3 and discussed as usually low compared to PoW and PoS as it does not involve
follows. resource-intensive mining. Now, the formal analysis of the
Initially, the number of EVs and CSs are given as input algorithm is presented.
to the algorithm, which outputs a set of ANs selected by 1) Time Complexity Analysis:
the algorithm. For CS, their available energy (in percentage), • Validator selection process
processing power (in GHz), and available memory (Kb) are – Iteration: The algorithm iterates through the list of
taken into account. The parameters of a CS, i.e., memory N nodes to evaluate their eligibility. This iteration
available (M AVL ), and processing power (P P AVL ) are com- process contributes O(N ) to the time complexity.
pared with required processing power (P P REQ ), and memory – Comparison operations: Within each iteration, com-
(M REQ ). Next, the shortlisted nodes are added to the list L. parisons are made between the computing capabili-
Similarly, for EVs, their computing capabilities are matched ties of each node. These comparisons involve basic
against the required capability to act as AN. Notably, the arithmetic operations and comparisons, which can be
value of (P P REQ ), (M REQ ), (P P REQ_EV ), and (M REQ_EV ) are considered constant time operations. Thus, the time
changed after fixed period intervals of time to include other complexity for comparison operations is O(1) per
nodes in the selection process. Also, the final ANs are chosen node.
randomly to increase the difficulty for an attacker to model – Overall time complexity: Combining the iteration
the randomness in the selection procedure. and comparison operations, the overall time com-
Any node in the network can initiate transactions; however, plexity of the validator selection process is O(N ).
the block is created by AN and validated by the majority • Block creation process
of ANs in the blockchain network. The primary AN – Collect transactions: Assuming t transactions need to
independently collects and verifies transactions during the be collected, the time complexity is O(t).

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

10 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

Fig. 6. Distributed consensus algorithm.

– Validate transactions: Validating each transaction Algorithm 3 Consensus Algorithm

involves constant time complexity per transaction, Input: E, C: EV’s and CS’s respectively, T x ′ s
so it’s O(1) ∗ t = O(t). Output: Valid block
– Form Block: Forming a block with the validated 1: procedure AUTHORITY NODE _S ELECTION ( E, C)
transactions has a constant time complexity, O(1). 2: /* For the nodes in C */
– Verify block: Verifying the block by the ANs 3: Set threshold value: P P REQ , M REQ ,
involves: 4: for (i=1, i≤size(C), i++) do
∗ Proposing the block by the primary AN (constant 5: Enquire P P i AVL , M i AVL
time, O(1)). 6: if P P i AVL ≥ P P REQ && M i AVL ≥ M REQ then
∗ Verifying by other ANs (constant time for each of 7: Put i in list L
2 AN s, O( 2 )).
N N
8: end if
∗ Voting and validation result (constant time, O(1)). 9: end for
∗ The overall time complexity for block verification 10: /* For the nodes in E */
is O(1) + O( N2 ) + O(1) = O( N2 ). 11: Set threshold value: P P REQ_EV , M REQ_EV
– Add block to blockchain: Adding the verified block 12: for (e=1, e≤size(E), e++) do
to the blockchain is a constant time operation, O(1) 13: Enquire P P e AVL , M e AVL
– Overall time complexity: O(t + N ) = O(t). 14: if P P e AVL ≥ P P REQ_EV && M e AVL ≥ M REQ_EV
2) Space Complexity Analysis: then
• Storage for node information: Let’s denote the storage 15: Put e in list L
required to store information about each node as Snode . 16: end if
Each node’s information needs to be stored, resulting in 17: end for
a space complexity of O(Snode ∗ N ). 18: /*Compute number of validator nodes*/
• Total space complexity: Combining the space required 19: AN = (N − N2 + 1)
for storing information about each node, the total space 20: Randomly select AN from list L
complexity is O(Snode ∗ N ). 21: end procedure
22: AN first in round robin from AN collects T x ′ s
23: for all T x ′ s in block do
VI. P ERFORMANCE E VALUATION 24: Calculate MRH
A. Numerical Settings 25: end for
26: if all T x ′ s ← valid then
For performance evaluation, we consider a road segment
with a four-lane bi-directional traffic flow, having a cell served 27: block ← valid
by a LAG within a radius of 500 m. The performance of 28: Local Chain ← block
29: else
the proposed scheme has been accessed on a real dataset
available at [35]. It contains power and energy-related details 30: block ← invalid
31: end if
for residential properties, historical charging sessions, EVs,
32: AN first signs and broadcast the block and broadcast to
weather data, and more, which serve as a means for testing,
enhancing, and validating the model. We used the mobility other AN for verification
records of 100 EVs, collected through GPS coordinates, over
a period of 30 days. The attacks including DoS, replay,
analysis, impersonation, Sybil, and collusion were performed decentralized architecture and smart contract capabilities [36].
on the dataset. Compared to other datasets, this dataset con- For testing and experimentation, we utilized the Goerli testnet,
siders the essence of traffic used in the environment such a public Ethereum test network designed to closely replicate
as continuous flow of data, small bursts of information, and the Ethereum mainnet environment. This allowed us to validate
protocol-centric commands. We implemented our solution on our application in a setting that replicates real-world Ethereum
an Ethereum-based blockchain network, leveraging its robust network behavior, without the use of actual Ether. To integrate

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIGLANI AND KUMAR: BloomACS: BLOOM FILTER-BASED ACCESS CONTROL SCHEME 11

the PoA consensus algorithm with the Ethereum network on TABLE III
the Goerli testnet, the following steps are followed: S YSTEM PARAMETER
• Node setup: Firstly, the nodes on the Goerli testnet with
Ethereum client Geth are deployed. These nodes were
configured to use the PoA consensus algorithm.
• Genesis configuration: A custom genesis block config-
uration that follows the PoA consensus mechanism is
created. This configuration included details such as the
list of ANs (validators) and the initial parameters for the
PoA consensus.
• Bootnode setup: A bootnode was set up to facilitate the
initial discovery of nodes in the network.
• Consensus algorithm activation: Once the nodes were
up and running with the custom genesis block, they
automatically started using the PoA consensus algorithm.
The nodes reached consensus by validating transactions latency of different interface functions of the smart contract.
and blocks based on the authority of the pre-defined We send different numbers of requests to the smart contract.
validators. The total requests are set to 50, 100, 150, 200, 250, 300,
• Smart contract deployment: We deployed smart contracts 350, and 400, respectively, for calculating average latency.
on the Goerli testnet to interact with our application. The results of average latency are shown in Fig. 7. It has
These contracts were designed to leverage the PoA been observed from Fig. 7 (d), that the proposed system based
consensus mechanism for transaction validation and on PoA can process 400 access decisions with an average
execution. latency of 470 ms. If we increase the number of nodes to
We have set the bloom filter array size to 256 bits, and 100, the average latency of the system also increases to 2.9 s
five hash functions are considered to implement the bloom for 1000 access requests. As the number of access requests
filter. For anonymous authentication, the bloom filter employs increases, the time to complete the query also increases. The
the Keccak-256 hashing algorithm to generate and verify ARC needs to refer to other contracts as well, which introduces
unique IDs. Keccak-256 is a cryptographic hash function latency in executing access control requests. In contrast, the
that offers strong security properties, including collision scheme in [19] is based on the Ethereum platform with PoW
resistance and pre-image resistance. It ensures that the IDs consensus mechanism, which takes an average of 765 ms to
stored in the bloom filter remain confidential and cannot be process the same number of requests (block size=15 KB) as
reverse-engineered to reveal the original information, thereby depicted in Fig. 7 (d). Also, the average latency for executing
meeting the security requirements for anonymous authentica- 2000 transactions in [18] is 25000 ms (block size=20 KB),
tion. Furthermore, within the Ethereum blockchain network, however for the proposed schemed, it is 11000 ms for the
Elliptic Curve Cryptography (ECC) with Keccak-256 as cryp- same number of requests.
tographic primitives. Specifically, the Elliptic Curve Digital As shown in Fig. 7 (b) and (c), the average delay in
Signature Algorithm (ECDSA) is utilized for creating digital interface functions of OMC, SMC is almost similar. Clearly,
signatures, ensuring the authentication and integrity of the sys- the delay in writing interface functions is more than that in
tem. The experiments are performed on 32 GB RAM, ubuntu querying interface functions. Hence, the FindPolicy() interface
18.04.5, 16 cores Intel Core i7. The smart contract algorithms is taking less time compared to AddPolicy() or UpdatePolicy()
are designed using Solidity language. For simulation, we have or DeletePolicy() in Fig. 7 (c).
designated 5 Ethereum addresses as EVs, 2 addresses as Notably, the size of the block impacts the overall latency
E V MAN , 1 address as T A, 5 addresses as CSs, and 1 address of the system. As the block size increases, the system latency
as C S LEAD . The attributes of EV and CS are taken as also increases due to the additional time required to include
shown in Fig. 4. The solidity codes for designed smart con- a larger number of transactions in the block. For simulation
tracts can be found at: https://github.com/Arzoo03/SC-ABAC. results used in Fig. 7, the block size is taken as 15 KB.
We artificially generated around 250 ACPs using AddPolicy() 2) False Positive Probability: We have computed the false
function, and values for each subject, object are added using positive probability using equation 1, by varying the number
AddSubject() and AddObject() functions. The maximum time of hash functions (k) and the number of users (n) and by
for each consensus round is 10 sec, and the average block considering filter size, m = 256. It is worth noticing that
size is 15 KB. The performance of the scheme is evaluated when n = 15 and n = 20, the false probability rate is always
using latency, throughput, gas cost, false positive probability, low. By increasing the number of users in the network, the
and effectiveness of prevented malicious access. A summary false positive rate also increases. Notably, for a large value of
of the parameters used for simulation is shown in Table III. n, m = 256 is not advisable. If the number of nodes in the
network keeps increasing, an updated bloom filter with a larger
B. Results and Discussions array size must be taken; otherwise, the system will face false
1) Impact on Latency: We considered a total of 14 nodes positives. An increasing number of hash functions in bloom
to form a consortium blockchain network and evaluate the filter have two effects. First, by increasing the hash functions,

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

12 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

Fig. 7. Average latency of SMC, OMC, PMC, ARC.

Fig. 9. Throughput performance of SMC, OMC, PMC, ARC.

access requests, throughput depicts that it is steady for all

cases. Throughput shows a steady trend because total number
of connections in the network has reached the upper limit. The
query operation only involves read operations, whereas the
update and add operations involves write operations. Hence,
the throughput of the query operation is more than that of the
update and add operation. As depicted in Fig. 9 (c), the
throughput of FindPolicy() is better than that of AddPol-
icy(), UpdatePolicy() and DeletePolicy() and the throughput
of AddPolicy(), UpdatePolicy() and DeletePolicy() are sim-
Fig. 8. Evolution of false positive probability according to hash function
and number of elements.
ilar. Also, the throughput of AddSubject(), UpdateSubject(),
DeleteSubject(), AddObject(), UpdateObject() and DeleteOb-
ject() are similar. However, the throughput of the proposed
more bits are set, which leads to high risks of false positives. scheme for access requests is five times better as compared
Also, having more hash functions makes it less likely that one to the scheme in [19]. This is because token generation and
of them triggers a false positive. The graph in Fig. 8 depicts validation in [19] involve complex hash computations, and
that increasing k up to a point reduces the false positive rate, also verification of tokens takes a long time. Moreover, the
but after a point, increasing k increases the error rate. In the machine used for experiments in our proposal is powerful as
proposed scheme, an optimal choice of k is between 4-6; we compared to the simulation environment of [19]. We have also
have used k = 5, n = 14, and m = 256, which results in compared the throughput of our scheme with an access control
probability of false positive as 0.000783736. Apparently, the scheme without smart contracts in [37], authors have used
false positive probability is very small and can be ignored. key pair of an authority on blockchain to sign and encrypt
Also, if a malicious entity is successfully authenticated as a permission of data on blockchain. Also, to increase privacy,
false positive, it will be rejected for accessing any object by the data on the blockchain is encrypted using a symmetric
the access control process. encryption algorithm, which involves high computation, hence
3) Impact on Throughput: To evaluate throughput perfor- reducing the throughput of the system.
mance, the number of concurrent requests is set to 0, 50, 4) Impact on Block Number: We analyzed the number of
100, 150, 200, 250, 300, 350, 400, 450, and 500. In the transactions per block to show the effect of limited computa-
proposed scheme, as ARC has to communicate with SMC, tional power on network size and block time. The transactions
OMC, PMC, and TC, so throughput of the system reaches are sent at the rate of 250 tx/sec with 15, 20, and 30 nodes in
around 90 transactions per second (tps) for 500 requests. Fig. 10. From Fig. 10, it can be depicted that most blocks
Initially, the throughput of the system increases with increasing are generated with uniform size with the same number of
access request number. However, when throughput reaches a transactions, which is equal to maximum throughput in a block
certain value, it tends to be stable. Further, with increasing time of 10 sec. However, with an increase in the number of

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIGLANI AND KUMAR: BloomACS: BLOOM FILTER-BASED ACCESS CONTROL SCHEME 13

Fig. 10. Number of transactions within each block having sending rate Fig. 11. Effectiveness of access control.
250 transactions/sec.

search by default. Access control process and token generation

nodes, block size becomes more irregular due to an increase are more complex in [19] as compared to the proposed scheme,
in network load. so the gas consumed for the access control process is less
5) Gas Cost Evaluation: The node needs to pay some in our scheme. Moreover, when comparing the gas cost for
money to deploy smart contracts and execute ABI’s on the performing other functions, such as- search policy, add policy,
blockchain network. A unit called gas is used to measure the add subject attributes, and add object attributes, our proposal
cost necessary to perform a task in the network. Transactions consumes less gas for the same functions. Table IV shows the
are typically mined more quickly when the gas price is higher. comparison of gas cost used with the different schemes.
For a more complex task, more gas is consumed. Notably, the Nevertheless, as consumed is used as a parameter to analyze
gas price in Ethereum varies with time. The transaction fee is the cost price in performing tasks. However, the deployment
the product of gas consumed and the price of gas, i.e., and execution duration of smart contracts depends on several
factors, such as the computing power (or hash rate) of the
T x f ee = gas ∗ gas_ price ∗ 10-9 (2)
system and the networking architecture. Consequently, in the
The term 10-9 is used for unit conversion. Broadly, the gas real-world public Ethereum system, the cost price may vary
expenditure stems from three facets: code cost (codeCost), significantly compared to the scenario presented in this case
storage cost (storageCost), and initial cost (initCost). Code study. The primary aim of this case study is to showcase
cost is linked to the details of the code executed during the the potential of our framework in achieving distributed access
transaction, with greater code complexity resulting in higher control for the V2G network.
costs. Storage cost is related to the gas consumption associated 6) Effectiveness of Prevented Malicious Access: An effec-
with modifying the smart contract’s storage, including actions tive access control method prevents any kind of malicious
like addition, deletion, and modification of data. Increased access in the network. We have checked the effectiveness
storage modification incurs higher costs. Lastly, the initial cost of the access control scheme based on prevention against
represents the gas consumed when certain ABIs are executed DoS attacks, replay attacks, and unauthenticated access. For
for the first time. preventing DoS attack, we assume that the minimum allowable
In our proposal, the gas amount required for deploying time between two successive requests is 1000 sec. Moreover,
contracts is 4965700, which is comparatively more than the to prevent unauthenticated access, bloom filter is utilized
existing schemes in [14], [15], [18], [19], and [38]. This with parameters k=5, and m=256. Similarly, to prevent
increased value is because our proposal deployed a total of replay attacks, creation timestamp and expiration timestamp
five contracts. In [14], only one ACC is deployed per subject- on the token are taken into account. We randomly gener-
object pair. The gas cost increases linearly with the number ated access requests and computed the number of prevented
of subject-object pairs. Moreover, for each subject-object pair, malicious access in different cases. Fig. 11 demonstrates that,
a new policy is defined. Compared to [14], in our scheme, only when 5000 access requests are randomly generated, including
one access control contract is deployed for as many subject- 1200 malicious requests, the proposed scheme successfully
object pairs. This results in less gas consumed while handling prevents 1192 malicious accesses. In comparison, the scheme
multiple requests. For an access control request, the scheme presented in [18] prevents 610 malicious accesses under the
in [15] resulted in 618576 gas costs for six subject attributes same conditions. In [18], authors have used the trust value
and six object attributes with a maximum of 10 characters of the node to prevent frequent attacks, and there may be
in an attribute. Moreover, compared to [15], the gas cost chances that some attacks may not be prevented. However,
of our scheme is less for the same number of subject and in our scheme, all the cases of DDoS attacks and replay attacks
object attributes because our scheme has used binary search are successfully tackled. Also, the number of network nodes
for FindPolicy() ABI, and the authors in [15] have used linear compared to the size of the bloom filter is low, so the chances

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

14 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

TABLE IV
C OMPARISON OF G AS C OST U SED FOR D IFFERENT S CHEMES W ITH B LOOM ACS

of false positives are almost negligible. By increasing the for authentication mitigate the risks associated with
number of requests, the effectiveness of preventing malicious token reuse and man-in-the-middle attacks.
attacks remains steady. • Privacy protection: The power consumption data
7) Privacy and Security Analysis: In this subsection, the collected by smart meters may disclose users’ privacy.
privacy and security analysis of the proposed scheme is The collected data is further used by an adversary to
discussed. infer the user’s behavior. In this paper, pseudonyms
are used to protect users’ identities. Each entity on the
• Impersonation: A bloom filter is used in this research network is known by its pseudo ID, and even the bloom
to securely authenticate subjects while maintaining filter is constructed by using the IDs of users.
their anonymity. By filtering out illegal I Ds using the • Accountability and non repudiation: Traceability of each
bloom filter, we ensure that only legitimate subjects access request increases the accountability of the system.
are granted access. This approach prevents unauthorized Moreover, the signatures of nodes on the contracts and
access attempts without requiring additional information transactions remove the chances of non-repudiation.
beyond the I D of the subject, enhancing both security • High Availability and Resilience: The decentralized
and privacy. architecture of BloomACS ensures high availability and
• Sybil attack: In Sybil attack, fake vehicle identities are resilience by leveraging data redundancy, replication
generated in the P2P network. To counter Sybil attacks, across multiple nodes, and consensus validation
this approach incorporates a authentication verification mechanisms, eliminating single points of failure and
process before granting access. This verification process ensuring continuous operation. Also, each block in the
effectively detects and blocks fake vehicle identities, blockchain contains the hash of the previous block,
thereby mitigating the risk of Sybil attacks. and this block’s hash is stored in the next block along
• Collusion attack: Two or more nodes with an attribute with Merkle root hash. Hence, modifying a block
set that does not match the ACP may collude illegally is challenging for an adversary unless they possess
to gain access. This solution utilizes blockchain technol- significant computational power.
ogy to securely store and manage node attributes and
access permissions. Each node’s attributes and access VII. C ONCLUSION
credentials are cryptographically hashed and stored on the In addressing the challenges of traditional access control
blockchain, ensuring tamper-proof storage. This decen- in the V2G environment, this paper integrates blockchain
tralized and immutable storage mechanism prevents unau- technology with the ABAC model. In particular, a dynamic
thorized nodes from colluding to gain access, maintaining and decentralized access control system is proposed that not
the integrity and security of the access control process. only ensures secure and fine-grained access control but also
• DDoS: DDoS is an attack in which a subject floods an effectively manages the unique challenges posed by vehicle
object with unnecessary requests to disrupt legitimate mobility, dynamic topology, and limited communication range
requests. The min_int field used in Algorithm 2 in V2G networks. We have developed five different types
ensures that no subject can send another access request of smart contracts and implemented them on the Ethereum
before the time specified in min_int. In the proposed blockchain network. These smart contracts facilitate efficient
system, a subject sending too frequent requests will and reliable enforcement of access control policies, ensuring
not be allowed to access the resource. Also, transaction the integrity and confidentiality of data exchanges between
validation is performed on various blockchain nodes various stakeholders in the V2G ecosystem. The experimental
based on rules in smart contracts. Hence, the failure outcomes demonstrate that the proposed scheme effectively
of a single node doesn’t affect the whole system’s manages Distributed Denial of Service (DDoS) attacks, sybil
functionality. attack, collusion attack, replay attack, and unauthenticated
• Token reuse and man-in-the-middle attack: A replay access, offering fine-grained access control. As a limitation of
attack involves an adversary eavesdropping on an access the proposed work, we bring the following list of directions
token and fraudulently reusing it to misdirect the object. for future research.
In this paper, the access token includes a creation times- • Authority node selection criteria for moving node is
tamp and an expiration timestamp, effectively preventing ignored. In such cases, it is important to consider the
replay attacks in the network. The time-sensitive nature agreement time of EVs.
of access tokens generated by the T C contract and the • In the proposed scheme, all data generated by nodes
use of cryptographic signatures and Ethereum addresses is held with each blockchain user (except lightweight

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

MIGLANI AND KUMAR: BloomACS: BLOOM FILTER-BASED ACCESS CONTROL SCHEME 15

client). To reduce the storage overhead, rather than storing [14] Y. Zhang, S. Kasahara, Y. Shen, X. Jiang, and J. Wan, “Smart contract-
all data with each user, one possible way is to store the based access control for the Internet of Things,” IEEE Internet Things
J., vol. 6, no. 2, pp. 1594–1605, Jun. 2018.
hash of the data and access control policies on blockchain. [15] Y. Zhang, M. Yutaka, M. Sasabe, and S. Kasahara, “Attribute-based
The actual data can be referenced in secure off-chain access control for smart cities: A smart-contract-driven framework,”
storage. IEEE Internet Things J., vol. 8, no. 8, pp. 6372–6384, Apr. 2021.
[16] D. Han, Y. Zhu, D. Li, W. Liang, A. Souri, and K.-C. Li, “A
• Clearly, blockchain has become a prime technology for blockchain-based auditable access control system for private data in
transaction management with built-in security features. service-centric IoT environments,” IEEE Trans. Ind. Informat., vol. 18,
However, the drawback of blockchain is that it is global, no. 5, pp. 3530–3540, May 2022.
includes mining fees, and is not scalable. In future work, [17] Y. Feng, W. Zhang, X. Luo, and B. Zhang, “A consortium blockchain-
based access control framework with dynamic orderer node selection for
we will use IOTA Tangle as distributed ledger technology 5G-enabled industrial IoT,” IEEE Trans. Ind. Informat., vol. 18, no. 4,
instead of blockchain. Rather than using a linear linked pp. 2840–2848, Apr. 2022.
list(where transactions are being grouped into blocks), [18] P. Wang, N. Xu, H. Zhang, W. Sun, and A. Benslimane, “Dynamic
access control and trust management for blockchain-empowered IoT,”
Tangle uses a Directed Acyclic Graph for maintaining IEEE Internet Things J., vol. 9, no. 15, pp. 12997–13009, Aug. 2022.
ledgers. Therefore, transactions on Tangle can be issued [19] F. Ghaffari, E. Bertin, N. Crespi, S. Behrad, and J. Hatin, “A novel
simultaneously, synchronously, and continuously. Also, access control method via smart contracts for internet-based service
provisioning,” IEEE Access, vol. 9, pp. 81253–81273, 2021.
there are no mining concepts and transaction fees in
[20] J. Chang, J. Ni, J. Xiao, X. Dai, and H. Jin, “SynergyChain:
Tangle that will reduce computation times and make it A multichain-based data-sharing framework with hierarchical access
faster. control,” IEEE Internet Things J., vol. 9, no. 16, pp. 14767–14778,
• This current research does not include measures to pre- Aug. 2022.
[21] N. Sivaselvan, V. Bhat, and M. Rajarajan, “Blockchain-based scheme
vent data leakage by authorized users. However, strategy for authentication and capability-based access control in IoT environ-
such as implementing data loss prevention policies, log- ment,” in Proc. 11th IEEE Annu. Ubiquitous Comput., Electron. Mobile
ging, auditing, monitoring mechanism, user training and Commun. Conf. (UEMCON), Oct. 2020, pp. 0323–0330.
[22] M. Tao, K. Ota, M. Dong, and Z. Qian, “AccessAuth: Capacity-aware
awareness could be considered to mitigate this risk in security access authentication in federated-IoT-enabled V2G networks,”
future. J. Parallel Distrib. Comput., vol. 118, pp. 107–117, Aug. 2018.
[23] M. Stegelmann and D. Kesdogan, “V2GPriv: Vehicle-to-grid privacy in
the smart grid,” in Cyberspace Safety and Security: 4th International
R EFERENCES Symposium, CSS 2012, Melbourne, Australia, December 12–13, 2012.
[1] A. Kumar, S. Sharma, N. Goyal, A. Singh, X. Cheng, and P. Singh, Proceedings 4. Springer, Dec. 2012, pp. 93–107.
“Secure and energy-efficient smart building architecture with emerging [24] N. Saxena, S. Grijalva, V. Chukwuka, and A. V. Vasilakos, “Network
technology IoT,” Comput. Commun., vol. 176, pp. 207–217, Aug. 2021. security and privacy challenges in smart vehicle-to-grid,” IEEE Wireless
[2] A. Miglani and N. Kumar, “A blockchain based matching game for con- Commun., vol. 24, no. 4, pp. 88–98, Aug. 2017.
tent sharing in content-centric vehicle-to-grid network scenarios,” IEEE [25] Y. Ye, L. Zhang, W. You, and Y. Mu, “Secure decentralized access
Trans. Intell. Transp. Syst., vol. 25, no. 5, pp. 4032–4048, May 2024. control policy for data sharing in smart grid,” in Proc. IEEE Conf.
[3] P. Zhang, Y. Wang, G. S. Aujla, A. Jindal, and Y. D. Al-Otaibi, Comput. Commun. Workshops, Oct. 2021, pp. 1–6.
“A blockchain-based authentication scheme and secure architecture [26] S.-S. Yeo, S.-J. Kim, and D.-E. Cho, “Dynamic access control model
for IoT-enabled maritime transportation systems,” IEEE Trans. Intell. for security client services in smart grid,” Int. J. Distrib. Sensor Netw.,
Transp. Syst., vol. 24, no. 2, pp. 2322–2331, Feb. 2023. vol. 10, no. 6, Jun. 2014, Art. no. 181760.
[4] A. Miglani and N. Kumar, “Blockchain-based co-operative caching for [27] S. Ruj and A. Nayak, “A decentralized security framework for data
secure content delivery in CCN-enabled V2G networks,” IEEE Trans. aggregation and access control in smart grids,” IEEE Trans. Smart Grid,
Veh. Technol., vol. 72, no. 4, pp. 5274–5289, Apr. 2023. vol. 4, no. 1, pp. 196–205, Mar. 2013.
[5] Y. Zhong et al., “Distributed blockchain-based authentication and autho- [28] K. Liu, C. Wang, and X. Zhou, “Decentralizing access control system
rization protocol for smart grid,” Wireless Commun. Mobile Comput., for data sharing in smart grid,” High-Confidence Comput., vol. 3, no. 2,
vol. 2021, pp. 1–15, Apr. 2021. Jun. 2023, Art. no. 100113.
[6] B. Sharma and D. Koundal, “Cattle health monitoring system using [29] A. Ouaddah, A. A. Elkalam, and A. A. Ouahman, “FairAccess: A new
wireless sensor network: A survey from innovation perspective,” IET blockchain-based access control framework for the Internet of Things,”
Wireless Sensor Syst., vol. 8, no. 4, pp. 143–151, Aug. 2018. Security Commun. Netw., vol. 9, no. 18, pp. 5943–5964, 2016.
[7] W. Yang, Z. Guan, L. Wu, X. Du, and M. Guizani, “Secure data [30] G. D. Putra, V. Dedeoglu, S. S. Kanhere, and R. Jurdak, “Trust
access control with fair accountability in smart grid data sharing: An management in decentralized IoT access control system,” in Proc. IEEE
edge blockchain approach,” IEEE Internet Things J., vol. 8, no. 10, Int. Conf. Blockchain Cryptocurrency (ICBC), May 2020, pp. 1–9.
pp. 8632–8643, May 2021. [31] J. Gao et al., “GridMonitoring: Secured sovereign blockchain based
[8] H. Liu, D. Han, and D. Li, “Fabric-IoT: A blockchain-based access monitoring on smart grid,” IEEE Access, vol. 6, pp. 9917–9925, 2018.
control system in IoT,” IEEE Access, vol. 8, pp. 18207–18218, 2020. [32] C. Akasiadis, G. Iatrakis, N. Spanoudakis, and G. Chalkiadakis, “An
[9] A. Jindal, G. S. Aujla, and N. Kumar, “SURVIVOR: A blockchain based open MAS/IoT-based architecture for large-scale V2G/G2V,” in Proc.
edge-as-a-service framework for secure energy trading in SDN-enabled 20th Int. Conf. Practical Appl. Agents Multi-Agent Syst. (PAAMS).
vehicle-to-grid environment,” Comput. Netw., vol. 153, pp. 36–48, L’Aquila, Italy: Springer, Jul. 2022, pp. 3–14.
Apr. 2019. [33] M. Zeng, S. Leng, S. Maharjan, S. Gjessing, and J. He, “An incentivized
[10] V. C. Hu et al., “Guide to attribute based access control (ABAC) auction-based group-selling approach for demand response manage-
definition and considerations (DRAFT),” NIST Special Publication, ment in V2G systems,” IEEE Trans. Ind. Informat., vol. 11, no. 6,
vol. 800, no. 162, pp. 1–54, 2013. pp. 1554–1563, Dec. 2015.
[11] L. Luo, D. Guo, R. T. Ma, O. Rottenstreich, and X. Luo, “Optimizing [34] S. Rouhani and R. Deters, “Security, performance, and applica-
Bloom filter: Challenges, solutions, and comparisons,” IEEE Commun. tions of smart contracts: A systematic survey,” IEEE Access, vol. 7,
Surveys Tuts., vol. 21, no. 2, pp. 1912–1949, 2nd Quart., 2018. pp. 50759–50779, 2019.
[12] ERC-20 TOKEN STANDARD. Accessed: Dec. 2021. [Online]. Available: [35] IEEE Power and Energy Society, Database With a 24-Period Scenario
https://ethereum.org/en/developers/docs/standards/tokens/erc-20/ of 1800 Realistic EVS. Accessed: Apr. 2022. [Online]. Available:
[13] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for https://site.ieee.org/pes-iss/data-sets/
IoT security and privacy: The case study of a smart home,” in Proc. [36] Z. Wang, H. Jin, W. Dai, K.-K. R. Choo, and D. Zou, “Ethereum smart
IEEE Int. Conf. Pervasive Comput. Commun. Workshops, Mar. 2017, contract security research: Survey and future research opportunities,”
pp. 618–623. Front. Comput. Sci., vol. 15, no. 2, pp. 1–18, 2021.

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.
 This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

16 IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS

[37] N. Shi et al., “BACS: A Blockchain-based access control scheme in Neeraj Kumar (Senior Member, IEEE), received
distributed Internet of Things,” Peer Peer Netw. Appl., vol. 14, no. 5, the Ph.D. degree in computer science and engineer-
pp. 2585–2599, 2021. ing from Shri Mata Vaishno Devi University in 2009.
[38] M. Yutaka, Y. Zhang, M. Sasabe, and S. Kasahara, “Using ethereum He is currently a Full Professor and the Dean of
blockchain for distributed attribute-based access control in the Internet DCT with the Thapar Institute of Engineering and
of Things,” in Proc. IEEE Global Commun. Conf. (GLOBECOM), Technology, Patiala, India. He is also a Visiting
Dec. 2019, pp. 1–6. Research Fellow with various universities. He has
supervised many research scholars leading to Ph.D.
and M.E./M.Tech. degrees. His research is supported
by funding from UGC, DST, CSIR, and TCS. He has
authored or co-authored four books from CRC,
Springer, IET U.K., and BPB publications. He has more than 42 900 citations
to his credit with a current H-index of 114. He has over 600 technical research
Arzoo Miglani received the B.Tech. degree from papers to his credit. He has published extensively in top-cited journals, such
GJU, Hisar, in 2009, and the M.E. and Ph.D. degrees as IEEE T RANSACTIONS ON K NOWLEDGE AND DATA E NGINEERING, IEEE
in information security from the Thapar Institute T RANSACTIONS ON C ONSUMER E LECTRONICS, IEEE T RANSACTIONS ON
of Engineering and Technology (TIET), Patiala, in I NDUSTRIAL I NFORMATICS, IEEE T RANSACTIONS ON V EHICULAR T ECH -
2015 and 2024, respectively. She was an Assistant NOLOGY , IEEE T RANSACTIONS ON S MART G RID , IEEE Network, and IEEE
Professor with DIT University, Dehradun, for two Communications Magazine. Moreover, he has won numerous awards. He has
years, and with TIET for one year. She is cur- been the TPC chair and a member of various international conferences.
rently with the Department of Computer Science He serves as an Associate Technical Editor for ACM Computing Sur-
and Engineering, Chitkara University Institute of veys, IEEE T RANSACTIONS ON I NTELLIGENT T RANSPORTATION S YSTEMS,
Engineering and Technology, Chitkara University, IEEE T RANSACTIONS ON N ETWORK AND S ERVICE M ANAGEMENT, and
Punjab, India. She is GATE-qualified. Her research IEEE T RANSACTIONS ON S USTAINABLE C OMPUTING. He has been the
interests include wireless sensor networks, network security, blockchain, and guest editor of various international journals and has edited more than ten
content-centric networking. journals’ special issues.

Authorized licensed use limited to: NUST School of Electrical Engineering and Computer Science (SEECS). Downloaded on August 21,2024 at 14:47:18 UTC from IEEE Xplore. Restrictions apply.