[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3395351.3399358acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article

Kratos: multi-user multi-device-aware access control system for the smart home

Published: 21 July 2020 Publication History

Abstract

In a smart home system, multiple users have access to multiple devices, typically through a dedicated app installed on a mobile device. Traditional access control mechanisms consider one unique trusted user that controls the access to the devices. However, multi-user multi-device smart home settings pose fundamentally different challenges to traditional single-user systems. For instance, in a multi-user environment, users have conflicting, complex, and dynamically changing demands on multiple devices, which cannot be handled by traditional access control techniques. To address these challenges, in this paper, we introduce Kratos, a novel multi-user and multi-device-aware access control mechanism that allows smart home users to flexibly specify their access control demands. Kratos has three main components: user interaction module, back-end server, and policy manager. Users can specify their desired access control settings using the interaction module which are translated into access control policies in the backend server. The policy manager analyzes these policies and initiates negotiation between users to resolve conflicting demands and generates final policies. We implemented Kratos and evaluated its performance on real smart home deployments featuring multi-user scenarios with a rich set of configurations (309 different policies including 213 demand conflicts and 24 restriction policies). These configurations included five different threats associated with access control mechanisms. Our extensive evaluations show that Kratos is very effective in resolving conflicting access control demands with minimal overhead, and robust against different attacks.

References

[1]
Ioannis Agadakos, Per Hallgren, Dimitrios Damopoulos, Andrei Sabelfeld, and Georgios Portokalidis. 2016. Location-enhanced Authentication Using the IoT: Because You Cannot Be in Two Places at Once. In Proceedings of the 32Nd Annual Conference on Computer Security Applications. ACM.
[2]
Leonardo Babun, Amit Kumar Sikder, Abbas Acar, and A Selcuk Uluagac. 2018. IoTDots: A Digital Forensics Framework for Smart Environments. arXiv preprint arXiv:1809.00745 (2018).
[3]
Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A. Selcuk Uluagac. 2018. Sensitive Information Tracking in Commodity IoT. In 27th USENIX Security Symposium. Baltimore, MD.
[4]
Z. Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. Soteria: Automated IoT Safety and Security Analysis. In USENIX Annual Technical Conference (USENIX ATC).
[5]
Z. B. Celik, P. McDaniel, G. Tan, L. Babun, and A. S. Uluagac. 2019. Verifying Internet of Things Safety and Security in Physical Spaces. IEEE Security Privacy 17, 5 (Sep. 2019), 30--37.
[6]
S. Cirani, M. Picone, P. Gonizzi, L. Veltri, and G. Ferrari. 2015. IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios. IEEE Sensors Journal 15, 2 (Feb 2015), 1224--1234.
[7]
Soteris Demetriou, Nan Zhang, Yeonjoon Lee, XiaoFeng Wang, Carl A Gunter, Xiaoyong Zhou, and Michael Grace. 2017. HanGuard: SDN-driven protection of smart home WiFi devices from malicious mobile apps. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks.
[8]
Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. Flowfence: Practical data protection for emerging iot application frameworks. In 25th {USENIX} Security Symposium.
[9]
Christine Geeng and Franziska Roesner. 2019. Who's In Control? Interactions In Multi-User Smart Homes. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 1--13.
[10]
Chaowen Guan, Aziz Mohaisen, Zhi Sun, Lu Su, Kui Ren, and Yaling Yang. 2017. When smart tv meets crn: Privacy-preserving fine-grained spectrum access. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, 1105--1115.
[11]
Rachel Gunter. 2017. Making Sense of Samsung's SmartThings Initiative. (2017). https://marketrealist.com/2017/12/making-sense-samsungs-smartthings-initiative
[12]
Sergio Gusmeroli, Salvatore Piccione, and Domenico Rotondi. 2013. A capability-based security approach to manage access control in the Internet of Things. Mathematical and Computer Modelling 58, 5 (2013), 1189 -- 1205.
[13]
Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking Access Control and Authentication for the Home Internet of Things (IoT). In 27th USENIX Security Symposium. Baltimore, MD.
[14]
Maia Jacobs, Henriette Cramer, and Louise Barkhuus. 2016. Caring About Sharing: Couples' Practices in Single User Device Access. In Proceedings of the 19th International Conference on Supporting Group Work. ACM.
[15]
William Jang, Adil Chhabra, and Aarathi Prasad. 2017. Enabling Multi-user Controls in Smart Home Devices. In Proceedings of the Workshop on Internet of Things Security and Privacy. ACM.
[16]
Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Z Morley Mao, Atul Prakash, and Shanghai JiaoTong Unviersity. 2017. ContexIoT: Towards providing contextual integrity to appified IoT platforms. In Proceedings of The Network and Distributed System Security Symposium.
[17]
Yunxin Liu, Ahmad Rahmati, Yuanhe Huang, Hyukjae Jang, Lin Zhong, Yongguang Zhang, and Shensheng Zhang. 2009. xShare: supporting impromptu sharing of mobile phones. In Proceedings of the 7th international conference on Mobile systems, applications, and services. ACM.
[18]
August Smart Lock. 2018. How August Smart Lock Works? (2018). https://august.com/pages/how-it-works
[19]
Tara Matthews, Kerwell Liao, Anna Turner, Marianne Berkovich, Robert Reeder, and Sunny Consolvo. 2016. "She'll Just Grab Any Device That's Closer": A Study of Everyday Device & Account Sharing in Households. In Proceedings of the CHI Conference on Human Factors in Computing Systems. ACM.
[20]
AKM Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A Selcuk Uluagac. 2019. Healthguard: A machine learning-based security framework for smart healthcare systems. In 2019 Sixth International Conference on Social Networks Analysis, Management and Security (SNAMS). IEEE, 389--396.
[21]
Xudong Ni, Zhimin Yang, Xiaole Bai, Adam C Champion, and Dong Xuan. 2009. DiffUser: Differentiated user access control on smartphones. In 6th International Conference on Mobile Adhoc and Sensor Systems. IEEE.
[22]
Sarah Rajtmajer, Anna Squicciarini, Jose M Such, Justin Semonsen, and Andrew Belmonte. 2017. An Ultimatum Game Model for the Evolution of Privacy in Jointly Managed Content. In International Conference on Decision and Game Theory for Security. Springer, 112--130.
[23]
RemoteLock. 2018. Smart Locks by RemoteLock. (2018). https://www.remotelock.com/smart-locks
[24]
H. Ren, Y. Song, S. Yang, and F. Situ. 2016. Secure smart home: A voiceprint and internet based authentication system for remote accessing. In 2016 11th International Conference on Computer Science Education (ICCSE). 247--251.
[25]
Samsung. 2018. How do I share my Location and manage users in SmartThings Classic? (2018). https://tinyurl.com/y86unolb
[26]
Roei Schuster, Vitaly Shmatikov, and Eran Tromer. Situational Access Control in the Internet of Things. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1056--1073.
[27]
Nicholas Shields. 2017. THE US SMART HOME MARKET REPORT: Systems, apps, and devices leading to home automation. http://www.businessinsider.com/the-us-smart-home-market-report-systems-apps-and-devices-leading-to-home-automation-2017-4. (2017). [Online; accessed 9-November-2017].
[28]
Amit Kumar Sikder, Abbas Acar, Hidayet Aksu, A Selcuk Uluagac, Kemal Akkaya, and Mauro Conti. 2018. IoT-enabled smart lighting systems for smart cities. In 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 639--645.
[29]
Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices. In 26th USENIX Security Symposium. Vancouver, BC.
[30]
Amit Kumar Sikder, Hidayet Aksu, and A Selcuk Uluagac. 2019. A Context-aware Framework for Detecting Sensor-based Threats on Smart Devices. IEEE Transactions on Mobile Computing (2019).
[31]
Amit Kumar Sikder, Hidayet Aksu, and A Selcuk Uluagac. 2019. Context-aware intrusion detection method for smart devices with sensors. (Sept. 17 2019). US Patent 10,417,413.
[32]
Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A Selcuk Uluagac. 2019. Aegis: a context-aware security framework for smart home systems. In Proceedings of the 35th Annual Computer Security Applications Conference. 28--41.
[33]
Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger, and A Selcuk Uluagac. 2018. A survey on sensor-based threats to internet-of-things (iot) devices and applications. arXiv preprint arXiv:1802.02041 (2018).
[34]
Statista. 2017. Ownership of smart home technology products in the United States in 2017 (in million households/units in use), by category. (2017). https://www.statista.com/statistics/757684/smart-home-technology-product-ownership-in-the-us-by-category/
[35]
Trefis Team. 2017. Why Smart Home Devices Are A Strong Growth Opportunity For Best Buy. (2017). https://www.forbes.com/sites/greatspeculations/2017/07/05/why-smart-home-devices-are-a-strong-growth-opportunity-for-best-buy/2bbe77114984
[36]
Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. 2017. SmartAuth: User-Centered Authorization for the Internet of Things. In 26th USENIX Security Symposium. Vancouver, BC.
[37]
Alpana Tyagi, Anna Squicciarini, Sarah Rajtmajer, and Christopher Griffin. 2016. An in-depth study of peer influence on collective decision making for multi-party access control. In 17th International Conference on Information Reuse and Integration (IRI). IEEE, 305--314.
[38]
Moosa Yahyazadeh, Proyash Podder, Endadul Hoque, and Omar Chowdhury. 2019. Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms. In Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. 61--72.
[39]
Eric Zeng, Shrirang Mare, and Franziska Roesner. 2017. End User Security and Privacy Concerns with Smart Homes. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). Santa Clara, CA.
[40]
Eric Zeng, Shrirang Mare, and Franziska Roesner. 2017. End User Security and Privacy Concerns with Smart Homes. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). Santa Clara, CA.
[41]
Eric Zeng and Franziska Roesner. 2019. Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study. In 28th {USENIX} Security Symposium.

Cited By

View all
  • (2024)Knowledge-based Cyber Physical Security at Smart Home: A ReviewACM Computing Surveys10.1145/369876857:3(1-36)Online publication date: 11-Nov-2024
  • (2024)Practical Integrity Validation in the Smart Home with HomeEndorserProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656116(207-218)Online publication date: 27-May-2024
  • (2024)Beyond Individual Concerns: Multi-user Privacy in Large Language ModelsProceedings of the 6th ACM Conference on Conversational User Interfaces10.1145/3640794.3665883(1-6)Online publication date: 8-Jul-2024
  • Show More Cited By

Index Terms

  1. Kratos: multi-user multi-device-aware access control system for the smart home

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks
    July 2020
    366 pages
    ISBN:9781450380065
    DOI:10.1145/3395351
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 21 July 2020

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. access control
    2. internet of things
    3. smart home security

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    WiSec '20
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 98 of 338 submissions, 29%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)196
    • Downloads (Last 6 weeks)5
    Reflects downloads up to 06 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Knowledge-based Cyber Physical Security at Smart Home: A ReviewACM Computing Surveys10.1145/369876857:3(1-36)Online publication date: 11-Nov-2024
    • (2024)Practical Integrity Validation in the Smart Home with HomeEndorserProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656116(207-218)Online publication date: 27-May-2024
    • (2024)Beyond Individual Concerns: Multi-user Privacy in Large Language ModelsProceedings of the 6th ACM Conference on Conversational User Interfaces10.1145/3640794.3665883(1-6)Online publication date: 8-Jul-2024
    • (2024)Bring Privacy To The Table: Interactive Negotiation for Privacy Settings of Shared Sensing DevicesProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642897(1-22)Online publication date: 11-May-2024
    • (2024)FLUID-IoT : Flexible and Fine-Grained Access Control in Shared IoT Environments via Multi-user UI DistributionProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3641991(1-16)Online publication date: 11-May-2024
    • (2024)ACCORD: Constraint-driven Mediation of Multi-user Conflicts in Cloud ServicesCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651244(1039-1042)Online publication date: 13-May-2024
    • (2024)TBAC: A Tokoin-based Accountable Access Control Scheme for the Internet of ThingsIEEE Transactions on Mobile Computing10.1109/TMC.2023.3316622(1-16)Online publication date: 2024
    • (2024)Toward Zero-Trust IoT Networks via Per-Packet AuthorizationIEEE Communications Magazine10.1109/MCOM.001.230039062:12(90-96)Online publication date: Dec-2024
    • (2024)Uncovering Access Token Security Flaws in Multiuser Scenario of Smart Home PlatformsIEEE Internet of Things Journal10.1109/JIOT.2024.342941711:22(36841-36857)Online publication date: 15-Nov-2024
    • (2024)SAAC: Secure Access Control Management Framework for Multi-User Smart Home SystemsIEEE Access10.1109/ACCESS.2024.344618012(133339-133355)Online publication date: 2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media