A Decentralized Blockchain-based Architecture for a Secure Cloud-Enabled IoT


  • Mbarek Marwan LTI Laboratory, ENSA, Chouaïb Doukkali University, Morocco https://orcid.org/0000-0002-5997-4120
  • Abdelkarim Ait Temghart TIAD Laboratory, FST, Sultan Moulay Slimane University, Beni Mellal, Morocco
  • Fatima Sifou LRIT Laboratory, Faculty of Science, Rabat, Morocco
  • Feda AlShahwan College of Technological Studies, Shuwaikh, Kuwait




Cloud-enabled IoT, OM-AM model, XACML, ABAC, blockchain, access control


The integration of cloud computing and Internet of Things (IoT) offers a promising, rich platform for data collection and analysis in smart healthcare. In such a model, IoT devices collect data about patient health status through multiple intelligent sensors, whereas cloud offers scalable resources to quickly meet workload demands. Despite these remarkable improvements, the current architectures do not sufficiently address the security needs for patient medical records. In this perspective, and bearing in mind the specific characteristics of each technology, we propose a distributed security mechanism in a way that fits with IoT and cloud constraints. Our contribution to secure cloud-enabled IoT is twofold. First, we rely on OM-AM (Objective, Model, Architecture and Mechanism) for modeling and analysing the security and privacy requirements of smart healthcare. Second, we use blockchain architecture along with Attribute-Based Access Control (ABAC) model as a decentralized flexible system to support access control decisions. In particular, we rely on XACML (eXtensible Access Control Markup Language) to easily build and implement robust policies required for maintaining a secure IoT-based environment. The novelty of the proposed framework lies at smartly leveraging the recent technologies to keep health information confidential. In fact, putting blockchain and IoT together would undoubtedly create a totally new solution for remote patient monitoring. The simulation results show that the proposal is an efficient way of implementing ubiquitous and cognitive tools for smart healthcare systems.


Download data is not yet available.

Author Biographies

Mbarek Marwan, LTI Laboratory, ENSA, Chouaïb Doukkali University, Morocco

Mbarek Marwan received an Engineer degree from ENIM, Morocco. He obtained his Ph.D. in Mathematics and Computer Science from ENSA, Chouaïb Doukkali University, Morocco. His area of research covers the latest advances in Cloud Computing, Big Data and IoT.

Abdelkarim Ait Temghart, TIAD Laboratory, FST, Sultan Moulay Slimane University, Beni Mellal, Morocco

Abdelkarim Ait Temghart had obtained his Master degree in Business Intelligence from FST-Beni Mellal. He is currently pursuing his doctoral studies in Game Theory, Cloud Computing and IoT at University of Sultan Moulay Slimane, Morocco.

Fatima Sifou, LRIT Laboratory, Faculty of Science, Rabat, Morocco

Fatima Sifou earned a Master degree in Software Development from the Faculty of Sciences. He obtained his Ph.D. in Computer Science from University of Mohammed V, Rabat, Morocco. Her research focused mainly on the security and privacy in IoT and Cloud Computing.

Feda AlShahwan, College of Technological Studies, Shuwaikh, Kuwait

Feda AlShahwan received Ph.D. from University of Surrey, UK. She is currently an Assistant Professor at Public Authority for Applied Education and Training, Kuwait. Her current research interests lie in the use of the emerging technologies like Mobile Web Services, IoT, Cloud Computing, etc.


M. Díaz, C. Martín and B. Rubio, ‘State-of-the-art, challenges, and open issues in the integration of Internet of Things and cloud computing’, Journal of Network and Computer Applications, vol. 67, pp. 99–117, 2016.

Marwan, A. Kartit and H. Ouahmane, ‘A cloud based solution for collaborative and secure sharing of medical data’, International Journal of Enterprise Information Systems, vol. 14, no. 3, pp. 128–145, 2018.

H. Martin, L. Hermerschmidt, D. Kerpen, R. Häußling, B. Rumpe and K. Wehrle, ‘A comprehensive approach to privacy in the cloud-based Internet of Things’, Future Generation Computer Systems, vol. 56, pp. 701–718, 2016.

J. Singh, T. Pasquier, J. Bacon, H. Ko and D. Eyers, ‘Twenty security considerations for cloud-supported Internet of Things’, IEEE Internet of Things Journal, vol. 3, no. 3, pp. 269–284, 2016.

M. Marwan, A. Kartit and H. Ouahmane, ‘A Cloud-based framework to secure medical image processing’, Journal of Mobile Multimedia, vol. 14, no. 3, pp. 319–344, 2018.

S. Sicari, A. Rizzardi, L. Grieco and A. Coen-Porisini, ‘Security, privacy and trust in Internet of Things: the road ahead’, Computer Networks, 2014, vol. 76, pp. 146–164.

J. McLean, ‘Security models’, Encyclopedia of Software Engineering, Wiley & Sons, 1994.

A. Azaria, A. Ekblaw, T. Vieira and A. Lippman, ‘MedRec: using blockchain for medical data access and permission management’, In Proceedings of 2nd International Conference on Open and Big Data, pp. 25–30, 2016.

Q. Xia, E. B. Sifah, K. O. Asamoah, J. B. Gao, X. J. Du and M. Guizani, ‘MeDShare: trust-less medical data sharing among cloud service providers via blockchain’, IEEE Access, vol. 5, pp. 14757–14767, 2017.

A. Zhang and X. Lin, ‘Towards secure and privacy-preserving data sharing in e-health systems via consortium blockchain’, J. Med. Syst. vol. 42, no. 8, 2018.

M. Ed-Daibouni, A. Lebbat, S. Tallal and H. Medromi, ‘Toward a new extension of the access control model ABAC for cloud computing’, Lecture Notes in Electrical Engineering, Springer, vol. 366, 2016, pp. 79–89.

F. Sifou, A. Kartit and A. Hammouch, ‘Different access control mechanisms for data security in cloud computing’, In Proceedings of the International Conference on Cloud and Big Data Computing (ICCBDC), 2017.

R. Sandhu, ‘Engineering authority and trust in cyberspace: the OM-AM and RBAC way’, In Proceedings of the fifth ACM workshop on Role-based access control, Berlin, Germany, 2000, pp. 111–119. Doi:https://dl.acm.org/citation.cfm?id=344309.

A. Ouaddah, A. Abou Elkalam, A. Ait Ouahman, ‘Fair access: a new blockchain-based access control framework for the Internet of Things’, Security and Communication Networks, vol. 9, no. 18, pp. 5943–5964, 2017.

P. Samarati and S. Capitani de Vimercati, ‘Access control: policies, models, and mechanisms’, In Proceeding of the International School on Foundations of Security Analysis and Design, pp. 137–196, 2000.

B. J. Garback and A. C. Weaver, ‘XACML for RBAC and CaDABRA: constrained delegation and attributebased role assignment’, Computer Science Department, University of Virginia, 2005. Available: https://www.cs.virginia.edu.

A. Bertolino, F. Lonetti and E. Marchetti, ‘Systematic XACML request generation for testing purposes’, In Proceedings of the IEEE International Conference on Software Engineering and Advanced Applications (SEAA), pp. 3–11, 2010.

N. Rifi, N. Agoulmine, N. Chendeb Taher and E. Rachkidi, ‘Blockchain technology: is it a good candidate for securing IoT sensitive medical data?’, Wireless Communications and Mobile Computing, vol. 2018, 2018.

E. Yuan and J. Tong, ‘Attributed based access control (ABAC) for web services’, In Proceedings of the IEEE International Conference on Web Service, 2005. doi:10.1109/ICWS.2005.25.

W. W. Smari, P. Clemente and J. F. Lalande, ‘An extended attribute based access control model with trust and privacy: application to a collaborative crisis management system’, Future Generation Computer Systems, vol. 31, pp. 147–168, 2014.

I. Sukhodolskiy and S. Zapechnikov, ‘A blockchain-based access control system for cloud storage’, In Proceedings of IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering, pp. 1575–1578, 2018. Doi:10.1109/EIConRus.2018.8317400.

H. Dukkipati, Y. Zhang and L. C. Cheng, ‘Decentralized, blockchain based access control framework for the heterogeneous Internet of Things’, In Proceedings of the third ACM Workshop on Attribute-Based Access Control (ABAC’18), pp. 61–69, 2018.

H. ES-Samaali, A. Outchakoucht and J. P. Leroy, ‘A block-chain based access control for Big-data’, International Journal of Computer Networks and Communications Security, vol. 5, no. 7, pp. 137–147, 2017.

G. Zyskind, O. Nathan and A. Pentland, ‘Decentralizing privacy: using blockchain to protect personal data’, In Proceedings of IEEE Symposium on Security and Privacy Workshops, San Jose, USA, pp. 180–184, 2015.

K. Yang and X. Jia, ‘ABAC: Attribute-based access control’, Security for Cloud Storage Systems. SpringerBriefs in Computer Science. Springer, pp. 39–58, 2013.

N. W. Lo, T. C. Yang and M. H. Guo, ‘An attribute-role based access control mechanism for multi-tenancy cloud environment’, Wireless Personal Communications, vol. 84, no. 3, pp. 2119–2134, 2015.

A. Reyna, C. Martín, J. Chen, E. Soler and M. Díaz, ‘On blockchain and its integration with IoT: challenges and opportunities’, Future Generation Computer Systems, vol. 88, pp. 173–190, 2018.

A. Outchakoucht, H. ES-Samaali and J. P. Leory, ‘Dynamic access control policy based on blockchain and machine learning for the Internet of Things’, International Journal of Advanced Computer Science and Applications, vol. 8, no. 7, pp. 417–424, 2017.

H. Kaur, A. Alam, R. Jameel, A. K. Mourya and V. Chang, ‘A proposed solution and future direction for blockchain-based heterogeneous medicare data in cloud environment’, Journal of Medical Systems, vol. 42, no. 8, article 156, 2018.

Bitcoinj Java Library (accessed July 2020) https://bitcoinj.github.io/.

F. Tschorsch and B. Scheuermann, ‘Bitcoin and beyond: a technical survey on decentralized digital currencies’, IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2084–2123, 2016.

J. A. Garay, A. Kiayias and N. Leonardos, ‘The Bitcoin backbone protocol: analysis and applications’, In Proceedings of EUROCRYPT, LNCS, Springer, vol. 9057, pp. 281–310, 2015.

M. Crosby, P. Pattanayak, S. Verma and V. Kalyanaraman, ‘Blockchain technology: beyond bitcoin’, Applied Innovation, vol. 2, pp. 6–10, 2016.

K. Christidis and M. Devetsikiotis, ‘Blockchains and smart contracts for the Internet of Things’, IEEE Access, vol. 4, pp. 2292–2303, 2016.


S. Godik and T. Moses, ‘Oasis extensible access control markup language (XACML)’, ASIS Committee Secication cs-xacml-specication 1.0, 2002.

E. Bertino, S. Castano and E. Ferrari, ‘On specifying security policies for web documents with an XML-based language’, In Proceedings of the Sixth ACM Symposium on Access control models and technologies, pp. 57–65, 2001.

Security Policy Tool, available: https://securitypolicytool.com/

M. Drozdowicz, M. Ganzha and M. Paprzycki, ‘Semantically enriched data access policies in eHealth’, Journal of Medical Systems, vol. 40, no. 11, 2016. Doi:10.1007/s10916-016-0581-7.







Most read articles by the same author(s)