Towards Decentralized IoT Access Control Scheme with Gateway-Level Cache and Blockchain-Based Trust Infrastructure | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Article Towards Decentralized IoT Access Control Scheme with Gateway-Level Cache and Blockchain-Based Trust Infrastructure Zia Ullah, Ibrar Ali Shah, Fahim Ullah Khan, Faisal Nadeem, Mohsin Ali Khan, and 1 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-9017970/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 8 You are reading this latest preprint version Abstract The deployment of Internet of Things (IoT) systems in multiple administrative domains brings high demands on access control mechanisms that are scalable, auditable and interoperable. Existing centralized solutions cannot support cross-domain flexibility, while blockchain-based access control schemes that run authorization logic on-chain are plagued with high transaction latency, low throughput, and high operational cost, ruling them out of the high frequency IoT access scenario. This paper presents DGAC-IoT, a decentralized and gateway-assisted access control framework, which unambiguously separates the trust management, policy evaluation and enforcement functionality among the edge and blockchain layers. Access decisions are made fine-grained off-chain at domain gateways incorporating attribute-based access control (ABAC) policies while a permissioned blockchain network using Hyperledger Fabric is used as a distributed trust anchor. Smart contracts (chain-code) are only used to register cryptographically signed authorization commitments, policy updates and revocation events. Gateways have a local authorization cache that is indexed on subject-object-policy tuples and is bounded by explicit validity intervals so that repeated access requests can be resolved without having to interact with the blockchain. The communication is secure and cannot be denied (rejected) using public key infrastructure (PKI), digital signatures, and cryptographic hash functions. The framework is carried out with the use of containerized gateway services orchestrated via Docker and Fabric peers that are deployed across multiple domains. Performance is tested under conditions of rising access request rates, different cache hit ratios and dynamic revocation situations. Results reveal that DGAC-IoT has significant gains for end-to-end access latency, maintains close to linear throughput with scaling of the request load, and limits the scale up of blockchain transactions to a small set of access events. Sensitivity analysis is further used to quantify the effect of the policy expiration time and revocation frequency, as the effect of adaptive cached management and policy management directly affects the system responsiveness and blockchain overhead. These results show that by ensuring that blockchain is only used for immutable authorization commitment and revocation while policy evaluation and enforcement are done off-chain at gateways, a scalable and deployable access control solution for cross-domain IoT environments with heterogeneous trust and performance requirements can be achieved. Physical sciences/Engineering Physical sciences/Mathematics and computing Internet of Things Decentralized access control Gateway-assisted enforcement Blockchain-based trust anchoring Hyperledger Fabric Attribute-based access control Authorization caching Cross-domain IoT Off-chain policy evaluation Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Reviewers agreed at journal 12 May, 2026 Reviews received at journal 26 Mar, 2026 Reviewers agreed at journal 16 Mar, 2026 Reviewers invited by journal 16 Mar, 2026 Editor assigned by journal 16 Mar, 2026 Editor invited by journal 09 Mar, 2026 Submission checks completed at journal 05 Mar, 2026 First submitted to journal 05 Mar, 2026 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-9017970","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Article","associatedPublications":[],"authors":[{"id":608299942,"identity":"bbe74ee6-31a5-4b13-bc5f-0b2caefea32a","order_by":0,"name":"Zia Ullah","email":"","orcid":"","institution":"University of Engineering and Technology Mardan","correspondingAuthor":false,"prefix":"","firstName":"Zia","middleName":"","lastName":"Ullah","suffix":""},{"id":608299948,"identity":"d8bc6ce4-8e24-44e7-9389-f099bc89f361","order_by":1,"name":"Ibrar Ali Shah","email":"","orcid":"","institution":"University of Engineering and Technology Mardan","correspondingAuthor":false,"prefix":"","firstName":"Ibrar","middleName":"Ali","lastName":"Shah","suffix":""},{"id":608299949,"identity":"27aaed28-4922-4fcf-ab86-45f787341c98","order_by":2,"name":"Fahim Ullah Khan","email":"","orcid":"","institution":"University of Engineering and Technology Mardan","correspondingAuthor":false,"prefix":"","firstName":"Fahim","middleName":"Ullah","lastName":"Khan","suffix":""},{"id":608299951,"identity":"a893e554-8a68-4624-8a7e-4ff230cd9281","order_by":3,"name":"Faisal Nadeem","email":"","orcid":"","institution":"Informatic Complex Islamabad","correspondingAuthor":false,"prefix":"","firstName":"Faisal","middleName":"","lastName":"Nadeem","suffix":""},{"id":608299955,"identity":"299680c0-9a75-4d5e-b5ef-386712796a3f","order_by":4,"name":"Mohsin Ali Khan","email":"","orcid":"","institution":"University of Engineering and Technology Mardan","correspondingAuthor":false,"prefix":"","firstName":"Mohsin","middleName":"Ali","lastName":"Khan","suffix":""},{"id":608299956,"identity":"a26b9e3f-7b11-42b8-8739-3daf6d4a9909","order_by":5,"name":"Muhammad Ismail Mohmand","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABHElEQVRIie3RsUrEMBjA8e84qMt5o1RC9QmESqCL4rM0BOqSOAsKl1u6adfrWxQOMqcE2qXgWtGlHjjd4g0iWMRe9RbteTc65A8JSeBHSwJgMv3LBu3cEwBWu4iaodoztS2JRR9WZHm6BUnUBnI04eninp05Yk9nT+X1ozPN75R6q+FgWPo7s8vfxCsvKOKSYoGCc8yyZywLCulNCHi/9HvjooswtyF9IhDzELM0kYqC2hVAkiXp+LOG4HcuR9/kQ5NpNIO0rmH0B/Gar+gvwkNNEpuCHljgu+tIMfdOuMxxiIIA8VuNJ+XM1U5oH8dFNY67SM7wA5dXToRohtirdqKIVNW8Pj0c5lS9dN3yKuvH3gZY95Imk8lk2tgnfZR2mzdfMWAAAAAASUVORK5CYII=","orcid":"","institution":"Department of Computer Engineering at the Faculty of Engineering and Natural Sciences, Istanbul Atlas University , 34408","correspondingAuthor":true,"prefix":"","firstName":"Muhammad","middleName":"Ismail","lastName":"Mohmand","suffix":""}],"badges":[],"createdAt":"2026-03-03 08:38:40","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-9017970/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-9017970/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":105035684,"identity":"2ca37887-0a15-4f6d-97c2-fe1b8a4e0b0b","added_by":"auto","created_at":"2026-03-20 07:26:27","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":822551,"visible":true,"origin":"","legend":"","description":"","filename":"FinalManuscriptTowardPrivacybased.pdf","url":"https://assets-eu.researchsquare.com/files/rs-9017970/v1_covered_627db532-5cb9-4626-b18d-6f2d67f05193.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Towards Decentralized IoT Access Control Scheme with Gateway-Level Cache and Blockchain-Based Trust Infrastructure","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"scientific-reports","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"scirep","sideBox":"Learn more about [Scientific Reports](http://www.nature.com/srep/)","snPcode":"","submissionUrl":"","title":"Scientific Reports","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Scientific Reports","inReviewEnabled":true,"inReviewRevisionsEnabled":true},"keywords":"Internet of Things, Decentralized access control, Gateway-assisted enforcement, Blockchain-based trust anchoring, Hyperledger Fabric, Attribute-based access control, Authorization caching Cross-domain, IoT Off-chain policy evaluation","lastPublishedDoi":"10.21203/rs.3.rs-9017970/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-9017970/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"The deployment of Internet of Things (IoT) systems in multiple administrative domains brings high demands on access control mechanisms that are scalable, auditable and interoperable. Existing centralized solutions cannot support cross-domain flexibility, while blockchain-based access control schemes that run authorization logic on-chain are plagued with high transaction latency, low throughput, and high operational cost, ruling them out of the high frequency IoT access scenario. This paper presents DGAC-IoT, a decentralized and gateway-assisted access control framework, which unambiguously separates the trust management, policy evaluation and enforcement functionality among the edge and blockchain layers. Access decisions are made fine-grained off-chain at domain gateways incorporating attribute-based access control (ABAC) policies while a permissioned blockchain network using Hyperledger Fabric is used as a distributed trust anchor. Smart contracts (chain-code) are only used to register cryptographically signed authorization commitments, policy updates and revocation events. Gateways have a local authorization cache that is indexed on subject-object-policy tuples and is bounded by explicit validity intervals so that repeated access requests can be resolved without having to interact with the blockchain. The communication is secure and cannot be denied (rejected) using public key infrastructure (PKI), digital signatures, and cryptographic hash functions. The framework is carried out with the use of containerized gateway services orchestrated via Docker and Fabric peers that are deployed across multiple domains. Performance is tested under conditions of rising access request rates, different cache hit ratios and dynamic revocation situations. Results reveal that DGAC-IoT has significant gains for end-to-end access latency, maintains close to linear throughput with scaling of the request load, and limits the scale up of blockchain transactions to a small set of access events. Sensitivity analysis is further used to quantify the effect of the policy expiration time and revocation frequency, as the effect of adaptive cached management and policy management directly affects the system responsiveness and blockchain overhead. These results show that by ensuring that blockchain is only used for immutable authorization commitment and revocation while policy evaluation and enforcement are done off-chain at gateways, a scalable and deployable access control solution for cross-domain IoT environments with heterogeneous trust and performance requirements can be achieved.","manuscriptTitle":"Towards Decentralized IoT Access Control Scheme with Gateway-Level Cache and Blockchain-Based Trust Infrastructure","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-03-19 15:58:00","doi":"10.21203/rs.3.rs-9017970/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"reviewerAgreed","content":"160780712969044059262838204033508871533","date":"2026-05-12T13:17:31+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2026-03-27T02:16:40+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"70459135289265267062091189820399443090","date":"2026-03-16T12:18:16+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2026-03-16T11:21:34+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2026-03-16T11:20:21+00:00","index":"","fulltext":""},{"type":"editorInvited","content":"","date":"2026-03-09T11:18:37+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2026-03-05T09:22:58+00:00","index":"","fulltext":""},{"type":"submitted","content":"Scientific Reports","date":"2026-03-05T06:40:03+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"scientific-reports","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"scirep","sideBox":"Learn more about [Scientific Reports](http://www.nature.com/srep/)","snPcode":"","submissionUrl":"","title":"Scientific Reports","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Scientific Reports","inReviewEnabled":true,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"bc02e283-aa0c-47dd-b5b2-63909ba3ad04","owner":[],"postedDate":"March 19th, 2026","published":true,"recentEditorialEvents":[{"type":"reviewerAgreed","content":"160780712969044059262838204033508871533","date":"2026-05-12T13:17:31+00:00","index":139,"fulltext":""}],"rejectedJournal":[],"revision":"","amendment":"","status":"under-review","subjectAreas":[{"id":64729302,"name":"Physical sciences/Engineering"},{"id":64729303,"name":"Physical sciences/Mathematics and computing"}],"tags":[],"updatedAt":"2026-03-19T15:58:00+00:00","versionOfRecord":[],"versionCreatedAt":"2026-03-19 15:58:00","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-9017970","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-9017970","identity":"rs-9017970","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.