All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
I am writing to inform you that your manuscript - IoT-CCAC: a blockchain-based consortium capability access control approach for IoT - has been Accepted for publication.
The current findings are based on some preliminary results. More experiments should be done to better support the conclusion. Codes should be provided for verification of results.
[# PeerJ Staff Note: Please ensure that all review comments are addressed in a rebuttal letter and any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate. It is a common mistake to address reviewer questions in the rebuttal letter but not in the revised manuscript. If a reviewer raised a question then your readers will probably have the same question so you should ensure that the manuscript can stand alone without the rebuttal letter. Directions on how to prepare a rebuttal letter can be found at: https://peerj.com/benefits/academic-rebuttal-letters/ #]
In this paper authors proposed IoT-CCAC based blockchain framework and results showed that IoT-CCAC approach gives promising results and a good fit for city and business network applications.
The paper is well written and easy to follow, however the novelty of the paper is limited.
Authors presented detailed description of IoT-CCAC module but blockchain details are missing. Not sure which platform of blockchain is used by authors and why they chose only that. They have mentioned two blockchains (Ethereum private blockchain, Hyperledger Fabric).
The python code of the experiment is not attached and therefore hard to verify results. I would suggest either to publicly upload the code and instructions on github or attach here as supplementary file.
Overall the paper looks fine and well written. But it is important to verify the results presented by authors and it is only worth to accept the paper if experiments can be verified. Therefore I would suggest a major revision with above comments.
The paper discusses the utilization of the blockchain technology for IoT access control.
The general presentation of the paper is good which makes it very to read since the main contributions are clearly highlighted.
I suggest adding some references to Table 1 and 3.
no comment
no comment
The authors presented in Table 3 a list of the classical DB's disadvantages. For instance the mutability, the point of failure,. ... etc. However what would be the general thoughts in the case of the use of a nosql DB (or any other big-data implementation) where the database management system ensures a high degree of redundancy. and recovery.
While the article includes tables and graphs representing experiment results, authors do not provide raw data.
Experiment methodology should be described in greater detail, as further explained in the second part of this review.
Authors use clear and technically correct English, provide relevant references and article is structured in an acceptable format.
It is not clear if the measurement results presented were obtained from only one measurement or if they are an average of multiple runs. The label of Table 4 states numbers presented are an average of 100 transactions and lines 372-274 that four groups of 10, 50, 100 and 200 concurrent transactions were used. However, it is unclear if measurements for these four groups were repeated or run only once. The initial state of both local VM and online node used for experiment can have an impact on the accuracy of the results.
Security analysis is superficial, and although preconditions presented improve IOT-CACC model security, attack prevention mechanisms are not exhaustive. The statement on lines 359-360 does not specify what checks are made or even references the IOT-CACC authorization process provided in system architecture.
Findings presented are based on preliminary results and make it difficult to call them robust. Due to deficiencies mentioned in the second part of this review, it is hard to compare results with related work conclusively. As such, the statement on lines 389-391 requires more experiments for direct comparison.
IOT-CACC model presented is promising, but further investigation to support presented conclusions is required.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.