Practical and Secure NFT Access Control for Low-Cost IoT Devices via a Delegated Reputation Gateway
Resumo
The proliferation of Internet of Things (IoT) devices necessitates secure, scalable, and cost-effective access control mechanisms. While blockchain and Non-Fungible Tokens (NFTs) offer a decentralized paradigm for managing permissions, they remain vulnerable to off-chain resource exhaustion attacks and present practical implementation challenges for low-cost devices. This paper proposes a novel hybrid architecture that enhances NFT-based access control with an off-chain gateway acting as both a Smart Reputation System (SRS) and a delegated signer. This hybrid model combines fast, off-chain pre-validation with authoritative on-chain verification. The SRS serves as a security firewall, mitigating high-frequency invalid requests by dynamically managing the reputation of each device and imposing temporary bans on malicious actors. By delegating cryptographic signing to the gateway, low-cost IoT devices are absolved of managing private keys, significantly reducing their complexity and cost. An experimental evaluation of the implemented system was conducted to assess its resilience against Denial-of-Service attacks. The findings indicate that the system successfully neutralizes threats in under 3 seconds. During this process, a stable end-to-end latency of approximately 626 ms is maintained for legitimate users, with the gateway’s reputation logic introducing a negligible performance overhead of less than 1%. This hybrid approach proves to be a practical and effective solution for deploying secure and resilient access control in real-world IoT environments.
Palavras-chave:
Access Control, Blockchain, IoT, NFT, Reputation System
Referências
I. P. Okokpujie and L. K. Tartibu, “Study of the economic viability of internet of things (iots) in additive and advanced manufacturing: A comprehensive review,” Progress in Additive Manufacturing, vol. 10, no. 5, pp. 3175–3194, 2025.
M. A. Guimarães and R. J. D. A. Macˆedo, “Energy-efficient ehealth monitoring with lpwan,” in 2024 XIV Brazilian Symposium on Computing Systems Engineering (SBESC). IEEE, 2024, pp. 1–6.
N. Farhadighalati, L. A. Estrada-Jimenez, S. Nikghadam-Hojjati, and J. Barata, “A systematic review of access control models: Background, existing research, and challenges,” IEEE Access, 2025.
S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” May 2009. [Online]. Available: [link]
L. Ante and I. Fiedler, “The new digital economy: How decentralized finance (defi) and non-fungible tokens (nfts) are transforming value creation, ownership models, and economic systems,” p. 100094, 2025.
S. Casale-Brunet, P. Ribeca, P. Doyle, and M. Mattavelli, “Networks of ethereum non-fungible tokens: A graph-based analysis of the erc-721 ecosystem,” in 2021 IEEE International Conference on Blockchain (Blockchain). IEEE, 2021, pp. 188–195.
O. Standard, “Mqtt version 3.1. 1,” URL [link], vol. 1, p. 29, 2014.
M. S. Ahsan and A.-S. K. Pathan, “A comprehensive survey on the requirements, applications, and future challenges for access control models in iot: The state of the art,” IoT, vol. 6, no. 1, 2025. [Online]. Available: [link]
P. Nemala, B. Chen, and H. Cui, “A privacy preserving attribute-based access control model for the tokenization of mineral resources via blockchain,” Applied Sciences, vol. 15, no. 15, p. 8290, 2025.
S. A. Gebreab, H. R. Hasan, K. Salah, and R. Jayaraman, “Nft-based traceability and ownership management of medical devices,” IEEE Access, vol. 10, pp. 126 394–126 411, 2022.
W. Wang, H. Huang, Z. Yin, T. R. Gadekallu, M. Alazab, and C. Su, “Smart contract token-based privacy-preserving access control system for industrial internet of things,” Digital Communications and Networks, vol. 9, no. 2, pp. 337–346, 2023.
A. Musamih, K. Salah, R. Jayaraman, S. Ellahham, M. Omar, and I. Yaqoob, “Blockchain and nft-based solution for genomic data management, sharing, and monetization,” IEEE Access, 2025.
P. F. F. Abreu, M. R. F. M. Ferreira, G. A. Sarmento Neto, T. A. R. da Silva, G. D. Gonçalves, R. A. L. Rabelo, and J. V. dos Reis Junior, “Decentralized IoT permission management using NFTs: Implementation and evaluation on low-cost blockchains,” in Proceedings of the 12th International Conference on Future Internet of Things and Cloud (FiCloud), 2025, in press.
M. R. Hasan, A. Alazab, S. B. Joy, M. N. Uddin, M. A. Uddin, A. Khraisat, I. Gondal, W. F. Urmi, and M. A. Talukder, “Smart contract-based access control framework for internet of things devices,” Computers, vol. 12, no. 11, p. 240, 2023.
M. A. Guimarães and R. J. D. A. Macˆedo, “Energy-efficient ehealth monitoring with lpwan,” in 2024 XIV Brazilian Symposium on Computing Systems Engineering (SBESC). IEEE, 2024, pp. 1–6.
N. Farhadighalati, L. A. Estrada-Jimenez, S. Nikghadam-Hojjati, and J. Barata, “A systematic review of access control models: Background, existing research, and challenges,” IEEE Access, 2025.
S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” May 2009. [Online]. Available: [link]
L. Ante and I. Fiedler, “The new digital economy: How decentralized finance (defi) and non-fungible tokens (nfts) are transforming value creation, ownership models, and economic systems,” p. 100094, 2025.
S. Casale-Brunet, P. Ribeca, P. Doyle, and M. Mattavelli, “Networks of ethereum non-fungible tokens: A graph-based analysis of the erc-721 ecosystem,” in 2021 IEEE International Conference on Blockchain (Blockchain). IEEE, 2021, pp. 188–195.
O. Standard, “Mqtt version 3.1. 1,” URL [link], vol. 1, p. 29, 2014.
M. S. Ahsan and A.-S. K. Pathan, “A comprehensive survey on the requirements, applications, and future challenges for access control models in iot: The state of the art,” IoT, vol. 6, no. 1, 2025. [Online]. Available: [link]
P. Nemala, B. Chen, and H. Cui, “A privacy preserving attribute-based access control model for the tokenization of mineral resources via blockchain,” Applied Sciences, vol. 15, no. 15, p. 8290, 2025.
S. A. Gebreab, H. R. Hasan, K. Salah, and R. Jayaraman, “Nft-based traceability and ownership management of medical devices,” IEEE Access, vol. 10, pp. 126 394–126 411, 2022.
W. Wang, H. Huang, Z. Yin, T. R. Gadekallu, M. Alazab, and C. Su, “Smart contract token-based privacy-preserving access control system for industrial internet of things,” Digital Communications and Networks, vol. 9, no. 2, pp. 337–346, 2023.
A. Musamih, K. Salah, R. Jayaraman, S. Ellahham, M. Omar, and I. Yaqoob, “Blockchain and nft-based solution for genomic data management, sharing, and monetization,” IEEE Access, 2025.
P. F. F. Abreu, M. R. F. M. Ferreira, G. A. Sarmento Neto, T. A. R. da Silva, G. D. Gonçalves, R. A. L. Rabelo, and J. V. dos Reis Junior, “Decentralized IoT permission management using NFTs: Implementation and evaluation on low-cost blockchains,” in Proceedings of the 12th International Conference on Future Internet of Things and Cloud (FiCloud), 2025, in press.
M. R. Hasan, A. Alazab, S. B. Joy, M. N. Uddin, M. A. Uddin, A. Khraisat, I. Gondal, W. F. Urmi, and M. A. Talukder, “Smart contract-based access control framework for internet of things devices,” Computers, vol. 12, no. 11, p. 240, 2023.
Publicado
24/11/2025
Como Citar
ABREU, Pedro F. F.; FERREIRA, Maria R. F. M.; MENDES, Luis H. O.; SARMENTO NETO, Geraldo A.; SILVA, Thiago A. R. da; SANCHES, Anderson L.; RABELO, Ricardo A. L.; REIS JUNIOR, José V. dos.
Practical and Secure NFT Access Control for Low-Cost IoT Devices via a Delegated Reputation Gateway. In: TRABALHOS EM ANDAMENTO - SIMPÓSIO BRASILEIRO DE ENGENHARIA DE SISTEMAS COMPUTACIONAIS (SBESC), 15. , 2025, Campinas/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 49-52.
ISSN 2763-9002.
DOI: https://doi.org/10.5753/sbesc_estendido.2025.15645.
