AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (6.3 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Access Control and Authorization in Smart Homes: A Survey

School of Computer and Communication Engineering, University of Science and Technology Beijing, Beijing 100083, China
School of Reliability and Systems Engineering, Beihang University, Beijing 100191, China
School of Computer Studies, Arab Open University, Ramallah 4375, Palestine
Show Author Information

Abstract

With the rapid development of cyberspace and smart home technology, human life is changing to a new virtual dimension with several promises for improving its quality. Moreover, the heterogeneous, dynamic, and internet-connected nature of smart homes brings many privacy and security difficulties. Unauthorized access to the smart home system is one of the most harmful actions and can cause several trust problems and relationship conflicts between family members and invoke home privacy issues. Access control is one of the best solutions for handling this threat, and it has been used to protect smart homes and other Internet of Things domains for many years. This survey reviews existing access control schemes for smart homes, which concern the essential authorization requirements and challenges that need to be considered while designing an authorization framework for smart homes. Furthermore, we note the most critical challenges that other access control solutions neglect for smart homes.

References

[1]
K. Ashton, That “Internet of Things” thing, RFID Journal, vol. 22, no. 7, pp. 97-114, 2009.
[2]
H. Liu, H. S. Ning, Q. T. Mu, Y. M. Zheng, J. Zeng, L. T. Yang, R. H. Huang, and J. H. Ma, A review of the smart world, Future Generation Computer Systems, vol. 96, pp. 678-691, 2019.
[3]
A. K. Sikder, A. Acar, H. Aksu, A. S. Uluagac, K. Akkaya, and M. Conti, IoT-enabled smart lighting systems for smart cities, in Proc. IEEE 8th Annu. Computing and Communication Workshop and Conf. (CCWC), Las Vegas, NV, USA, 2018, pp. 639-645.
[4]
Y. D. Huang, Y. T. Chai, Y. Liu, and J. P. Shen, Architecture of next-generation e-commerce platform, Tsinghua Science and Technology, vol. 24, no. 1, pp. 18-29, 2019.
[5]
H. S. Ning, H. Liu, J. H. Ma, L. T. Yang, Y. L. Wan, X. Z. Ye, and R. H. Huang, From internet to smart world, IEEE Access, vol. 3, pp. 1994-1999, 2015.
[6]
J. H. Liu, Y. Yu, J. W. Jia, S. J. Wang, P. R. Fan, H. Z. Wang, and H. G. Zhang, Lattice-based double-authentication-preventing ring signature for security and privacy in vehicular Ad-Hoc networks, Tsinghua Science and Technology, vol. 24, no. 5, pp. 575-584, 2019.
[7]
A. K. Sikder, L. Babun, H. Aksu, and A. S. Uluagac, Aegis: A context-aware security framework for smart home systems, in Proc. 35th Annu. Computer Security Applications Conf., San Juan, PR, USA, 2019, pp. 28-41.
[8]
B. Zhao, P. Y. Zhao, and P. R. Fan, ePUF: A lightweight double identity verification in IoT, Tsinghua Science and Technology, vol. 25, no. 5, pp. 625-635, 2020.
[9]
F. Farha, H. S. Ning, S. K. Yang, J. B. Xu, W. S. Zhang, and K. K. R. Choo, Timestamp scheme to mitigate replay attacks in secure ZigBee networks, IEEE Transactions on Mobile Computing, .
[10]
M. C. Sánchez, J. M. C. de Gea, J. L. Fernández-Alemán, J. Garceran, and A. Toval, Software vulnerabilities overview: A descriptive study, Tsinghua Science and Technology, vol. 25, no. 2, pp. 270-280, 2020.
[11]
R. Godha, S. Prateek, and N. Kataria, Home automation: Access control for IoT devices, International Journal of Scientific and Research Publications, vol. 4, no. 10, pp. 1-4, 2014.
[12]
A. K. Sikder, L. Babun, Z. B. Celik, A. Acar, H. Aksu, P. McDaniel, E. Kirda, and A. S. Uluagac, KRATOS: Multi-user multi-device-aware access control system for the smart home, arXiv preprint arXiv:1911.10186, 2020.
[13]
L. Babun, A. K. Sikder, A. Acar, and A. S. Uluagac, IoTDots: A digital forensics framework for smart environments, arXiv preprint arXiv:1809.00745, 2018.
[14]
X. Tan, J. L. Zhang, Y. J. Zhang, Z. Qin, Y. Ding, and X. W. Wang, A PUF-based and cloud-assisted lightweight authentication for multi-hop body area network, Tsinghua Science and Technology, vol. 26, no. 1, pp. 36-47, 2021.
[15]
E. Fernandes, J. Jung, and A. Prakash, Security analysis of emerging smart home applications, in Proc. 2016 IEEE Symp. Security and Privacy (SP), San Jose, CA, USA, 2016, pp. 636-654.
[16]
M. Stanislav and T. Beardsley, Hacking IoT: A case study on baby monitor exposures and vulnerabilities, https://www.rapid7.com/globalassets/external/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf, 2015.
[17]
W. J. He, M. Golla, R. Padhi, J. Ofek, M. Dürmuth, E. Fernandes, and B. Ur, Rethinking access control and authentication for the home Internet of Things (IoT), in Proc. 27th USENIX Conf. Security Symp., Berkeley, CA, USA, 2018, pp. 255-272.
[18]
R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, Internet of Things (IoT) security: Current status, challenges and prospective measures, in Proc. 10th Int. Conf. Internet Technology and Secured Transactions (ICITST), London, UK, 2015, pp. 336-341.
[19]
A. R. Sadeghi, C. Wachsmann, and M. Waidner, Security and privacy challenges in industrial Internet of Things, in Proc. 52nd ACM/EDAC/IEEE Design Automation Conf. (DAC), San Francisco, CA, USA, 2015, pp. 1-6.
[20]
E. Vasilomanolakis, J. Daubert, M. Luthra, V. Gazis, A. Wiesmaier, and P. Kikiras, On the security and privacy of Internet of Things architectures and systems, in Proc. 2015 Int. Workshop on Secure Internet of Things (SIoT), Vienna, Austria, 2015, pp. 49-57.
[21]
R. H. Weber, Internet of Things-New security and privacy challenges, Computer Law & Security Review, vol. 26, no. 1, pp. 23-30, 2010.
[22]
A. Ouaddah, H. Mousannif, A. A. Elkalam, and A. A. Ouahman, Access control in the Internet of Things: Big challenges and new opportunities, Computer Networks, vol. 112, pp. 237-262, 2017.
[23]
R. Roman, J. Y. Zhou, and J. Lopez, On the features and challenges of security and privacy in distributed Internet of Things, Computer Networks, vol. 57, no. 10, pp. 2266-2279, 2013.
[24]
S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, Security, privacy and trust in Internet of Things: The road ahead, Computer Networks, vol. 76, pp. 146-164, 2015.
[25]
Y. P. Zhang and X. Q. Wu, Access control in Internet of Things: A survey, arXiv preprint arXiv:1610.01065, 2016.
[26]
S. Ravidas, A. Lekidis, F. Paci, and N. Zannone, Access control in Internet-of-Things: A survey, Journal of Network and Computer Applications, vol. 144, pp. 79-101, 2019.
[27]
E. Zeng, S. Mare, and F. Roesner, End user security and privacy concerns with smart homes, in Proc. 13th USENIX Conf. Usable Privacy and Security, Berkeley, CA, USA, 2017, pp. 65-80.
[28]
M. Aazam, I. Khan, A. A. Alsaffar, and E. N. Huh, Cloud of things: Integrating Internet of Things and cloud computing and the issues involved, in Proc. 2014 11th Int. Bhurban Conf. Applied Sciences & Technology (IBCAST), Islamabad, Pakistan, 2014, pp. 414-419.
[29]
M. R. Abdmeziem, D. Tandjaoui, and I. Romdhani, Architecting the Internet of Things: State of the art, in Robots and Sensor Clouds, Studies in Systems, Decision and Control. Cham, Germany: Springer, 2016, pp. 55-75.
[30]
A. Alshehri and R. Sandhu, Access control models for cloud-enabled Internet of Things: A proposed architecture and research agenda, in Proc. IEEE 2nd Int. Conf. Collaboration and Internet Computing (CIC), Pittsburgh, PA, USA, 2016, pp. 530-538.
[31]
A. Alshehri and R. Sandhu, Access control models for virtual object communication in cloud-enabled IoT, in Proc. IEEE Int. Conf. Information Reuse and Integration (IRI), San Diego, CA, USA, 2017, pp. 16-25.
[32]
J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, Internet of Things (IoT): A vision, architectural elements, and future directions, Future Generation Computer Systems, vol. 29, no. 7, pp. 1645-1660, 2013.
[33]
R. Khan, S. U. Khan, R. Zaheer, and S. Khan, Future internet: The Internet of Things architecture, possible applications and key challenges, in Proc. 10th Int. Conf. Frontiers of Information Technology, Islamabad, India, 2012, pp. 257-260.
[34]
M. Wu, T. J. Lu, F. Y. Ling, J. Sun, and H. Y. Du, Research on the architecture of Internet of Things, in Proc. 3rd Int. Conf. Advanced Computer Theory and Engineering (ICACTE), Chengdu, China, 2010, pp. 484-487.
[35]
I. Bouij-Pasquier, A. A. Ouahman, A. A. El Kalam, and M. O. de Montfort, SmartOrBAC security and privacy in the internet of things, in Proc. IEEE/ACS 12th Int. Conf. Computer Systems and Applications (AICCSA), Marrakech, Morocco, 2015, pp. 1-8.
[36]
C. T. Hu, D. F. Ferraiolo, and D. R. Kuhn, Assessment of access control systems, https://www.nist.gov/publications/assessment-access-control-systems, 2006.
[37]
Y. Cao, Z. Q. Huang, S. L. Kan, D. J. Fan, and Y. Yang, Specification and verification of a topology-aware access control model for cyber-physical space, Tsinghua Science and Technology, vol. 24, no. 5, pp. 497-519, 2019.
[38]
P. N. Mahalle, B. Anggorojati, N. R. Prasad, and R. Prasad, Identity authentication and capability based access control (IACAC) for the Internet of Things, Journal of Cyber Security and Mobility, vol. 1, pp. 309-348, 2013.
[39]
H. F. Atlam, A. Alenezi, R. J. Walters, and G. B. Wills, An overview of risk estimation techniques in risk-based access control for the internet of things, in Proc. 2nd Int. Conf. Internet of Things, Big Data and Security, Porto, Portugal, 2017, pp. 254-260.
[40]
S. Bugiel, S. Heuser, and A. R. Sadeghi, Flexible and fine-grained mandatory access control on android for diverse security and privacy policies, in Proc. 22nd USENIX Conf. Security, Berkeley, CA, USA, 2013, pp. 131-146.
[41]
K. Z. Bijon, R. Krishnan, and R. Sandhu, A framework for risk-aware role based access control, in Proc. IEEE Conf. Communications and Network Security (CNS), National Harbor, MD, USA, 2013, pp. 462-469.
[42]
A. Dorri, M. Steger, S. S. Kanhere, and R. Jurdak, BlockChain: A distributed solution to automotive security and privacy, IEEE Communications Magazine, vol. 55, no. 12, pp. 119-125, 2017.
[43]
D. Servos and S. L. Osborn, Current research and open problems in attribute-based access control, ACM Computing Surveys, vol. 49, no. 4, p. 65, 2017.
[44]
A. Home, How august smart locks work, https://august.com/pages/how-it-works, 2020.
[45]
RemoteLock, Smart locks by RemoteLock, https://www.remotelock.com/smart-locks, 2020.
[46]
E. Zeng and F. Roesner, Understanding and improving security and privacy in multi-user smart homes: A design exploration and in-home user study, in Proc. 28th USENIX Security Symp., Santa Clara, CA, USA, 2019, pp. 159-176.
[47]
S. Werner, F. Pallas, and D. Bermbach, Designing suitable access control for web-connected smart home platforms, in International Conference on Service-Oriented Computing. Cham, Germany: Springer, 2017, pp. 240-251.
[48]
T. H. J. Kim, L. Bauer, J. Newsome, A. Perrig, and J. Walker, Access right assignment mechanisms for secure home networks, Journal of Communications and Networks, vol. 13, no. 2, pp. 175-186, 2011.
[49]
Y. Tian, N. Zhang, Y. H. Lin, X. F. Wang, B. Ur, X. Z. Guo, and P. Tague, SmartAuth: User-centered authorization for the internet of things, in Proc. 26th USENIX Security Symp., Vancouver, Canada, 2017, pp. 361-378.
[50]
G. P. Zhang and J. Z. Tian, An extended role based access control model for the internet of things, in Proc. Int. Conf. Information, Networking and Automation (ICINA), Kunming, China, 2010, pp. 319-323.
[51]
N. Ghosh, S. Chandra, V. Sachidananda, and Y. Elovici, SoftAuthZ: A context-aware, behavior-based authorization framework for home IoT, IEEE Internet of Things Journal, vol. 6, no. 6, pp. 10773-10785, 2019.
[52]
A. Dorri, S. S. Kanhere, and R. Jurdak, Blockchain in internet of things: Challenges and solutions, arXiv preprint arXiv:1608.05187, 2016.
[53]
G. P. Zhang and W. T. Gong, The research of access control based on UCON in the internet of things, Journal of Software, vol. 6, no. 4, pp. 724-731, 2011.
[54]
J. D. Jia, X. F. Qiu, and C. Cheng, Access control method for web of things based on role and SNS, in Proc. IEEE 12th Int. Conf. Computer and Information Technology, Chengdu, China, 2012, pp. 316-321.
[55]
J. E. Kim, G. Boulos, J. Yackovich, T. Barth, C. Beckel, and D. Mosse, Seamless integration of heterogeneous devices and access control in smart homes, in Proc. 8th Int. Conf. Intelligent Environments, Guanajuato, Mexico, 2012, pp. 206-213.
[56]
P. N. Mahalle, P. A. Thakre, N. R. Prasad, and R. Prasad, A fuzzy approach to trust based access control in internet of things, presented at Wireless VITAE 2013, Atlantic City, NJ, USA, 2013, pp. 1-5.
[57]
A. Ouaddah, A. A. Elkalam, and A. A. Ouahman, Towards a novel privacy-preserving access control model based on blockchain technology in IoT, in Europe and MENA Cooperation Advances in Information and Communication Technologies, Advances in Intelligent Systems and Computing. Cham, Germany: Springer, 2017, pp. 523-533.
[58]
OASIS Standard, eXtensible access control markup language (XACML) version 3.0, http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html, 2013.
[59]
S. Gusmeroli, S. Piccione, and D. Rotondi, A capability-based security approach to manage access control in the internet of things, Mathematical and Computer Modelling, vol. 58, nos. 5&6, pp. 1189-1205, 2013.
[60]
J. L. Hernández-Ramos, A. J. Jara, L. Marín, and A. F. Skarmeta, Distributed capability-based access control for the internet of things, Journal of Internet Services and Information Security (JISIS), vol. 3, nos. 3&4, pp. 1-16, 2013.
[61]
D. Hussein, E. Bertin, and V. Frey, A community-driven access control approach in distributed IoT environments, IEEE Communications Magazine, vol. 55, no. 3, pp. 146-153, 2017.
[62]
D. Hardt, The OAuth 2.0 authorization framework, https://www.hjp.at/doc/rfc/rfc6749.html, 2012.
[63]
R. Z. Du, A. L. Tan, and J. F. Tian, An attribute-based encryption scheme based on unrecognizable trapdoors, Tsinghua Science and Technology, vol. 25, no. 5, pp. 579-588, 2020.
[64]
S. Sciancalepore, G. Piro, P. Tedeschi, G. Boggia, and G. Bianchi, Multi-domain access rights composition in federated IoT platforms, in Proc. 2018 Int. Conf. Embedded Wireless Systems and Networks, Singapore, 2018, pp. 290-295.
[65]
K. Fysarakis, C. Konstantourakis, K. Rantos, C. Manifavas, and I. Papaefstathiou, WSACd-A usable access control framework for smart home devices, presented at IFIP International Conference on Information Security Theory and Practice, Lecture Notes in Computer Science, Cham, Germany: Springer, 2015, pp. 120-133.
[66]
R. Schuster, V. Shmatikov, and E. Tromer, Situational access control in the internet of things, in Proc. 2018 ACM SIGSAC Conf. Computer and Communications Security, Toronto, Canada, 2018, pp. 1056-1073.
[67]
S. Bandara, T. Yashiro, N. Koshizuka, and K. Sakamura, Access control framework for API-enabled devices in smart buildings, in Proc. 22nd Asia-Pacific Conf. Communications (APCC), Yogyakarta, Indonesia, 2016, pp. 210-217.
[68]
S. Dutta, S. S. L. Chukkapalli, M. Sulgekar, S. Krithivasan, P. K. Das, and A. Joshi, Context sensitive access control in smart home environments, in Proc. IEEE 6th Int. Conf. Big Data Security on Cloud (BigDataSecurity), IEEE Int. Conf. High Performance and Smart Computing (HPSC) and IEEE Int. Conf. Intelligent Data and Security (IDS), Baltimore, MD, USA, 2020, pp. 35-41.
[69]
D. Rivera, L. Cruz-Piris, G. Lopez-Civera, E. de la Hoz, and I. Marsa-Maestre, Applying an unified access control for IoT-based intelligent agent systems, in Proc. IEEE 8th Int. Conf. Service-Oriented Computing and Applications (SOCA), Rome, Italy, 2015, pp. 247-251.
[70]
R. Neisse, G. Steri, and G. Baldini, Enforcement of security policy rules for the internet of things, in Proc. IEEE 10th Int. Conf. Wireless and Mobile Computing, Networking and Communications (WiMob), Larnaca, Cyprus, 2014, pp. 165-172.
[71]
J. Bugeja, A. Jacobsson, and P. Davidsson, On privacy and security challenges in smart connected homes, in Proc. European Intelligence and Security Informatics Conf. (EISIC), Uppsala, Sweden, 2016, pp. 172-175.
[72]
J. Collins, The robot and the smart home, https://www.abiresearch.com/blogs/2019/08/28/robot-and-the-smart-home/, 2020.
[73]
B. Fang, X. Wei, F. C. Sun, H. M. Huang, Y. L. Yu, and H. P. Liu, Skill learning for human-robot interaction using wearable device, Tsinghua Science and Technology, vol. 24, no. 6, pp. 654-662, 2019.
Tsinghua Science and Technology
Pages 906-917
Cite this article:
Mohammad ZN, Farha F, Abuassba AO, et al. Access Control and Authorization in Smart Homes: A Survey. Tsinghua Science and Technology, 2021, 26(6): 906-917. https://doi.org/10.26599/TST.2021.9010001

1509

Views

66

Downloads

37

Crossref

29

Web of Science

41

Scopus

4

CSCD

Altmetrics

Received: 02 January 2021
Accepted: 20 January 2021
Published: 09 June 2021
© The author(s) 2021.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return