An official website of the United States government
Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC RC and HyBAC AC , respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges.
more »
« less
We Need a “Building Inspector for IoT” When Smart Homes Are Sold
Internet of Things (IoT) devices left behind when a home is sold create security and privacy concerns for both prior and new residents. We envision a specialized “building inspector for IoT” to help securely facilitate transfer of the home.
more »
« less
- Award ID(s):
- 2042700
- PAR ID:
- 10507899
- Publisher / Repository:
- IEEE
- Date Published:
- Journal Name:
- IEEE Security & Privacy
- ISSN:
- 1540-7993
- Page Range / eLocation ID:
- 2 to 11
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC RC and HyBAC AC , respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges.more » « less
-
With an increasing number of Internet of Things (IoT) devices present in homes, there is a rise in the number of potential infor- mation leakage channels and their associated security threats and privacy risks. Despite a long history of attacks on IoT devices in unprotected home networks, the problem of accurate, rapid detection and prevention of such attacks remains open. Many existing IoT protection solutions are cloud-based, sometimes ineffective, and might share consumer data with unknown third parties. This paper investigates the potential for effective IoT threat detection locally, on a home router, using AI tools combined with classic rule-based traffic-filtering algorithms. Our results show that with a slight rise of router hardware resources caused by machine learn- ing and traffic filtering logic, a typical home router instrumented with our solution is able to effectively detect risks and protect a typical home IoT network, equaling or outperforming existing popular solutions, with- out any effects on benign IoT functionality, and without relying on cloud services and third parties.more » « less
-
The HandyTech's Coming Between 1 and 4: Privacy Opportunities and Challenges for the IoT HandypersonSmart homes are gaining popularity due to their convenience and efficiency, both of which come at the expense of increased complexity of Internet of Things (IoT) devices. Due to the number and heterogeneity of IoT devices, technologically inexperienced or time-burdened residents are unlikely to manage the setup and maintenance of IoT apps and devices. We highlight the need for a "HandyTech": a technically skilled contractor who can set up, repair, debug, monitor, and troubleshoot home IoT systems. In this paper, we consider the potential privacy challenges posed by the HandyTech, who has the ability to access IoT devices and private data. We do so in the context of single and multi-user smart homes, including rental units, condominiums, and temporary guests or workers. We examine the privacy harms that can arise when a HandyTech has legitimate access to information, but uses it in unintended ways. By providing insights for the development of privacy control policies and measures in-home IoT environments in the presence of the HandyTech, we capture the privacy concerns raised by other visitors to the home, including temporary residents, part-time workers, etc. This helps lay a foundation for the broad set of privacy concerns raised by home IoT systems.more » « less
-
Smart home IoT devices are becoming increasingly popular. Modern programmable smart home hubs such as SmartThings enable homeowners to manage devices in sophisticated ways to save energy, improve security, and provide conveniences. Unfortunately, many smart home systems contain vulnerabilities, potentially impacting home security and privacy. This paper presents Vigilia, a system that shrinks the attack surface of smart home IoT systems by restricting the network access of devices. As existing smart home systems are closed, we have created an open implementation of a similar programming and configuration model in Vigilia and extended the execution environment to maximally restrict communications by instantiating device-based network permissions. We have implemented and compared Vigilia with forefront IoT-defense systems; our results demonstrate that Vigilia outperforms these systems and incurs negligible overhead.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/https://doi.ieeecomputersociety.org/10.1109/MSEC.2024.3386467
