Journal Home > Volume 26 , Issue 6
Tsinghua Science and Technology 2021, 26(6): 906-917 https://doi.org/10.26599/TST.2021.9010001
Open Access | Issue | Published: 09 June 2021

Access Control and Authorization in Smart Homes: A Survey

Show Author's Information Ziarmal Nazar Mohammad Fadi Farha Adnan O.M Abuassba Shunkun Yang Fang Zhou( )
School of Computer and Communication Engineering, University of Science and Technology Beijing, Beijing 100083, China
School of Reliability and Systems Engineering, Beihang University, Beijing 100191, China
School of Computer Studies, Arab Open University, Ramallah 4375, Palestine
Keywords:
access control, smart home, authorization frameworks
Cite this article:
Mohammad ZN, Farha F, Abuassba AO, et al. Access Control and Authorization in Smart Homes: A Survey. Tsinghua Science and Technology, 2021, 26(6): 906-917. https://doi.org/10.26599/TST.2021.9010001
Download citation
EndNote(RIS)
BibTeX

1097

Views

37

Downloads

Citations

27

Crossref

21

WoS

28

Scopus

4

CSCD

Abstract Full text About this article

With the rapid development of cyberspace and smart home technology, human life is changing to a new virtual dimension with several promises for improving its quality. Moreover, the heterogeneous, dynamic, and internet-connected nature of smart homes brings many privacy and security difficulties. Unauthorized access to the smart home system is one of the most harmful actions and can cause several trust problems and relationship conflicts between family members and invoke home privacy issues. Access control is one of the best solutions for handling this threat, and it has been used to protect smart homes and other Internet of Things domains for many years. This survey reviews existing access control schemes for smart homes, which concern the essential authorization requirements and challenges that need to be considered while designing an authorization framework for smart homes. Furthermore, we note the most critical challenges that other access control solutions neglect for smart homes.


menu
Abstract
Full text
Outline
About this article

Access Control and Authorization in Smart Homes: A Survey

Show Author's information Ziarmal Nazar MohammadFadi FarhaAdnan O.M AbuassbaShunkun YangFang Zhou( )
School of Computer and Communication Engineering, University of Science and Technology Beijing, Beijing 100083, China
School of Reliability and Systems Engineering, Beihang University, Beijing 100191, China
School of Computer Studies, Arab Open University, Ramallah 4375, Palestine

Abstract

With the rapid development of cyberspace and smart home technology, human life is changing to a new virtual dimension with several promises for improving its quality. Moreover, the heterogeneous, dynamic, and internet-connected nature of smart homes brings many privacy and security difficulties. Unauthorized access to the smart home system is one of the most harmful actions and can cause several trust problems and relationship conflicts between family members and invoke home privacy issues. Access control is one of the best solutions for handling this threat, and it has been used to protect smart homes and other Internet of Things domains for many years. This survey reviews existing access control schemes for smart homes, which concern the essential authorization requirements and challenges that need to be considered while designing an authorization framework for smart homes. Furthermore, we note the most critical challenges that other access control solutions neglect for smart homes.

Keywords: access control, smart home, authorization frameworks

References(73)

[1]
K. Ashton, That “Internet of Things” thing, RFID Journal, vol. 22, no. 7, pp. 97-114, 2009.
Google Scholar
[2]
H. Liu, H. S. Ning, Q. T. Mu, Y. M. Zheng, J. Zeng, L. T. Yang, R. H. Huang, and J. H. Ma, A review of the smart world, Future Generation Computer Systems, vol. 96, pp. 678-691, 2019.
DOI Google Scholar
[3]
A. K. Sikder, A. Acar, H. Aksu, A. S. Uluagac, K. Akkaya, and M. Conti, IoT-enabled smart lighting systems for smart cities, in Proc. IEEE 8th Annu. Computing and Communication Workshop and Conf. (CCWC), Las Vegas, NV, USA, 2018, pp. 639-645.
DOI
[4]
Y. D. Huang, Y. T. Chai, Y. Liu, and J. P. Shen, Architecture of next-generation e-commerce platform, Tsinghua Science and Technology, vol. 24, no. 1, pp. 18-29, 2019.
DOI Google Scholar
[5]
H. S. Ning, H. Liu, J. H. Ma, L. T. Yang, Y. L. Wan, X. Z. Ye, and R. H. Huang, From internet to smart world, IEEE Access, vol. 3, pp. 1994-1999, 2015.
DOI Google Scholar
[6]
J. H. Liu, Y. Yu, J. W. Jia, S. J. Wang, P. R. Fan, H. Z. Wang, and H. G. Zhang, Lattice-based double-authentication-preventing ring signature for security and privacy in vehicular Ad-Hoc networks, Tsinghua Science and Technology, vol. 24, no. 5, pp. 575-584, 2019.
DOI Google Scholar
[7]
A. K. Sikder, L. Babun, H. Aksu, and A. S. Uluagac, Aegis: A context-aware security framework for smart home systems, in Proc. 35th Annu. Computer Security Applications Conf., San Juan, PR, USA, 2019, pp. 28-41.
DOI
[8]
B. Zhao, P. Y. Zhao, and P. R. Fan, ePUF: A lightweight double identity verification in IoT, Tsinghua Science and Technology, vol. 25, no. 5, pp. 625-635, 2020.
DOI Google Scholar
[9]
F. Farha, H. S. Ning, S. K. Yang, J. B. Xu, W. S. Zhang, and K. K. R. Choo, Timestamp scheme to mitigate replay attacks in secure ZigBee networks, IEEE Transactions on Mobile Computing, .
DOI Google Scholar
[10]
M. C. Sánchez, J. M. C. de Gea, J. L. Fernández-Alemán, J. Garceran, and A. Toval, Software vulnerabilities overview: A descriptive study, Tsinghua Science and Technology, vol. 25, no. 2, pp. 270-280, 2020.
DOI Google Scholar
[11]
R. Godha, S. Prateek, and N. Kataria, Home automation: Access control for IoT devices, International Journal of Scientific and Research Publications, vol. 4, no. 10, pp. 1-4, 2014.
Google Scholar
[12]
A. K. Sikder, L. Babun, Z. B. Celik, A. Acar, H. Aksu, P. McDaniel, E. Kirda, and A. S. Uluagac, KRATOS: Multi-user multi-device-aware access control system for the smart home, arXiv preprint arXiv:1911.10186, 2020.
Google Scholar
[13]
L. Babun, A. K. Sikder, A. Acar, and A. S. Uluagac, IoTDots: A digital forensics framework for smart environments, arXiv preprint arXiv:1809.00745, 2018.
Google Scholar
[14]
X. Tan, J. L. Zhang, Y. J. Zhang, Z. Qin, Y. Ding, and X. W. Wang, A PUF-based and cloud-assisted lightweight authentication for multi-hop body area network, Tsinghua Science and Technology, vol. 26, no. 1, pp. 36-47, 2021.
DOI Google Scholar
[15]
E. Fernandes, J. Jung, and A. Prakash, Security analysis of emerging smart home applications, in Proc. 2016 IEEE Symp. Security and Privacy (SP), San Jose, CA, USA, 2016, pp. 636-654.
DOI
[16]
M. Stanislav and T. Beardsley, Hacking IoT: A case study on baby monitor exposures and vulnerabilities, https://www.rapid7.com/globalassets/external/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf, 2015.
[17]
W. J. He, M. Golla, R. Padhi, J. Ofek, M. Dürmuth, E. Fernandes, and B. Ur, Rethinking access control and authentication for the home Internet of Things (IoT), in Proc. 27th USENIX Conf. Security Symp., Berkeley, CA, USA, 2018, pp. 255-272.
[18]
R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, Internet of Things (IoT) security: Current status, challenges and prospective measures, in Proc. 10th Int. Conf. Internet Technology and Secured Transactions (ICITST), London, UK, 2015, pp. 336-341.
DOI
[19]
A. R. Sadeghi, C. Wachsmann, and M. Waidner, Security and privacy challenges in industrial Internet of Things, in Proc. 52nd ACM/EDAC/IEEE Design Automation Conf. (DAC), San Francisco, CA, USA, 2015, pp. 1-6.
DOI
[20]
E. Vasilomanolakis, J. Daubert, M. Luthra, V. Gazis, A. Wiesmaier, and P. Kikiras, On the security and privacy of Internet of Things architectures and systems, in Proc. 2015 Int. Workshop on Secure Internet of Things (SIoT), Vienna, Austria, 2015, pp. 49-57.
DOI
[21]
R. H. Weber, Internet of Things-New security and privacy challenges, Computer Law & Security Review, vol. 26, no. 1, pp. 23-30, 2010.
DOI Google Scholar
[22]
A. Ouaddah, H. Mousannif, A. A. Elkalam, and A. A. Ouahman, Access control in the Internet of Things: Big challenges and new opportunities, Computer Networks, vol. 112, pp. 237-262, 2017.
DOI Google Scholar
[23]
R. Roman, J. Y. Zhou, and J. Lopez, On the features and challenges of security and privacy in distributed Internet of Things, Computer Networks, vol. 57, no. 10, pp. 2266-2279, 2013.
DOI Google Scholar
[24]
S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, Security, privacy and trust in Internet of Things: The road ahead, Computer Networks, vol. 76, pp. 146-164, 2015.
DOI Google Scholar
[25]
Y. P. Zhang and X. Q. Wu, Access control in Internet of Things: A survey, arXiv preprint arXiv:1610.01065, 2016.
Google Scholar
[26]
S. Ravidas, A. Lekidis, F. Paci, and N. Zannone, Access control in Internet-of-Things: A survey, Journal of Network and Computer Applications, vol. 144, pp. 79-101, 2019.
DOI Google Scholar
[27]
E. Zeng, S. Mare, and F. Roesner, End user security and privacy concerns with smart homes, in Proc. 13th USENIX Conf. Usable Privacy and Security, Berkeley, CA, USA, 2017, pp. 65-80.
[28]
M. Aazam, I. Khan, A. A. Alsaffar, and E. N. Huh, Cloud of things: Integrating Internet of Things and cloud computing and the issues involved, in Proc. 2014 11th Int. Bhurban Conf. Applied Sciences & Technology (IBCAST), Islamabad, Pakistan, 2014, pp. 414-419.
DOI
[29]
M. R. Abdmeziem, D. Tandjaoui, and I. Romdhani, Architecting the Internet of Things: State of the art, in Robots and Sensor Clouds, Studies in Systems, Decision and Control. Cham, Germany: Springer, 2016, pp. 55-75.
DOI
[30]
A. Alshehri and R. Sandhu, Access control models for cloud-enabled Internet of Things: A proposed architecture and research agenda, in Proc. IEEE 2nd Int. Conf. Collaboration and Internet Computing (CIC), Pittsburgh, PA, USA, 2016, pp. 530-538.
DOI
[31]
A. Alshehri and R. Sandhu, Access control models for virtual object communication in cloud-enabled IoT, in Proc. IEEE Int. Conf. Information Reuse and Integration (IRI), San Diego, CA, USA, 2017, pp. 16-25.
DOI
[32]
J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, Internet of Things (IoT): A vision, architectural elements, and future directions, Future Generation Computer Systems, vol. 29, no. 7, pp. 1645-1660, 2013.
DOI Google Scholar
[33]
R. Khan, S. U. Khan, R. Zaheer, and S. Khan, Future internet: The Internet of Things architecture, possible applications and key challenges, in Proc. 10th Int. Conf. Frontiers of Information Technology, Islamabad, India, 2012, pp. 257-260.
DOI
[34]
M. Wu, T. J. Lu, F. Y. Ling, J. Sun, and H. Y. Du, Research on the architecture of Internet of Things, in Proc. 3rd Int. Conf. Advanced Computer Theory and Engineering (ICACTE), Chengdu, China, 2010, pp. 484-487.
[35]
I. Bouij-Pasquier, A. A. Ouahman, A. A. El Kalam, and M. O. de Montfort, SmartOrBAC security and privacy in the internet of things, in Proc. IEEE/ACS 12th Int. Conf. Computer Systems and Applications (AICCSA), Marrakech, Morocco, 2015, pp. 1-8.
DOI
[36]
C. T. Hu, D. F. Ferraiolo, and D. R. Kuhn, Assessment of access control systems, https://www.nist.gov/publications/assessment-access-control-systems, 2006.
DOI
[37]
Y. Cao, Z. Q. Huang, S. L. Kan, D. J. Fan, and Y. Yang, Specification and verification of a topology-aware access control model for cyber-physical space, Tsinghua Science and Technology, vol. 24, no. 5, pp. 497-519, 2019.
DOI Google Scholar
[38]
P. N. Mahalle, B. Anggorojati, N. R. Prasad, and R. Prasad, Identity authentication and capability based access control (IACAC) for the Internet of Things, Journal of Cyber Security and Mobility, vol. 1, pp. 309-348, 2013.
DOI Google Scholar
[39]
H. F. Atlam, A. Alenezi, R. J. Walters, and G. B. Wills, An overview of risk estimation techniques in risk-based access control for the internet of things, in Proc. 2nd Int. Conf. Internet of Things, Big Data and Security, Porto, Portugal, 2017, pp. 254-260.
DOI
[40]
S. Bugiel, S. Heuser, and A. R. Sadeghi, Flexible and fine-grained mandatory access control on android for diverse security and privacy policies, in Proc. 22nd USENIX Conf. Security, Berkeley, CA, USA, 2013, pp. 131-146.
[41]
K. Z. Bijon, R. Krishnan, and R. Sandhu, A framework for risk-aware role based access control, in Proc. IEEE Conf. Communications and Network Security (CNS), National Harbor, MD, USA, 2013, pp. 462-469.
DOI
[42]
A. Dorri, M. Steger, S. S. Kanhere, and R. Jurdak, BlockChain: A distributed solution to automotive security and privacy, IEEE Communications Magazine, vol. 55, no. 12, pp. 119-125, 2017.
DOI Google Scholar
[43]
D. Servos and S. L. Osborn, Current research and open problems in attribute-based access control, ACM Computing Surveys, vol. 49, no. 4, p. 65, 2017.
DOI Google Scholar
[44]
A. Home, How august smart locks work, https://august.com/pages/how-it-works, 2020.
[45]
RemoteLock, Smart locks by RemoteLock, https://www.remotelock.com/smart-locks, 2020.
[46]
E. Zeng and F. Roesner, Understanding and improving security and privacy in multi-user smart homes: A design exploration and in-home user study, in Proc. 28th USENIX Security Symp., Santa Clara, CA, USA, 2019, pp. 159-176.
[47]
S. Werner, F. Pallas, and D. Bermbach, Designing suitable access control for web-connected smart home platforms, in International Conference on Service-Oriented Computing. Cham, Germany: Springer, 2017, pp. 240-251.
[48]
T. H. J. Kim, L. Bauer, J. Newsome, A. Perrig, and J. Walker, Access right assignment mechanisms for secure home networks, Journal of Communications and Networks, vol. 13, no. 2, pp. 175-186, 2011.
DOI Google Scholar
[49]
Y. Tian, N. Zhang, Y. H. Lin, X. F. Wang, B. Ur, X. Z. Guo, and P. Tague, SmartAuth: User-centered authorization for the internet of things, in Proc. 26th USENIX Security Symp., Vancouver, Canada, 2017, pp. 361-378.
[50]
G. P. Zhang and J. Z. Tian, An extended role based access control model for the internet of things, in Proc. Int. Conf. Information, Networking and Automation (ICINA), Kunming, China, 2010, pp. 319-323.
[51]
N. Ghosh, S. Chandra, V. Sachidananda, and Y. Elovici, SoftAuthZ: A context-aware, behavior-based authorization framework for home IoT, IEEE Internet of Things Journal, vol. 6, no. 6, pp. 10773-10785, 2019.
DOI Google Scholar
[52]
A. Dorri, S. S. Kanhere, and R. Jurdak, Blockchain in internet of things: Challenges and solutions, arXiv preprint arXiv:1608.05187, 2016.
Google Scholar
[53]
G. P. Zhang and W. T. Gong, The research of access control based on UCON in the internet of things, Journal of Software, vol. 6, no. 4, pp. 724-731, 2011.
DOI Google Scholar
[54]
J. D. Jia, X. F. Qiu, and C. Cheng, Access control method for web of things based on role and SNS, in Proc. IEEE 12th Int. Conf. Computer and Information Technology, Chengdu, China, 2012, pp. 316-321.
[55]
J. E. Kim, G. Boulos, J. Yackovich, T. Barth, C. Beckel, and D. Mosse, Seamless integration of heterogeneous devices and access control in smart homes, in Proc. 8th Int. Conf. Intelligent Environments, Guanajuato, Mexico, 2012, pp. 206-213.
DOI
[56]
P. N. Mahalle, P. A. Thakre, N. R. Prasad, and R. Prasad, A fuzzy approach to trust based access control in internet of things, presented at Wireless VITAE 2013, Atlantic City, NJ, USA, 2013, pp. 1-5.
DOI
[57]
A. Ouaddah, A. A. Elkalam, and A. A. Ouahman, Towards a novel privacy-preserving access control model based on blockchain technology in IoT, in Europe and MENA Cooperation Advances in Information and Communication Technologies, Advances in Intelligent Systems and Computing. Cham, Germany: Springer, 2017, pp. 523-533.
DOI
[58]
OASIS Standard, eXtensible access control markup language (XACML) version 3.0, http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html, 2013.
[59]
S. Gusmeroli, S. Piccione, and D. Rotondi, A capability-based security approach to manage access control in the internet of things, Mathematical and Computer Modelling, vol. 58, nos. 5&6, pp. 1189-1205, 2013.
DOI Google Scholar
[60]
J. L. Hernández-Ramos, A. J. Jara, L. Marín, and A. F. Skarmeta, Distributed capability-based access control for the internet of things, Journal of Internet Services and Information Security (JISIS), vol. 3, nos. 3&4, pp. 1-16, 2013.
Google Scholar
[61]
D. Hussein, E. Bertin, and V. Frey, A community-driven access control approach in distributed IoT environments, IEEE Communications Magazine, vol. 55, no. 3, pp. 146-153, 2017.
DOI Google Scholar
[62]
D. Hardt, The OAuth 2.0 authorization framework, https://www.hjp.at/doc/rfc/rfc6749.html, 2012.
DOI
[63]
R. Z. Du, A. L. Tan, and J. F. Tian, An attribute-based encryption scheme based on unrecognizable trapdoors, Tsinghua Science and Technology, vol. 25, no. 5, pp. 579-588, 2020.
DOI Google Scholar
[64]
S. Sciancalepore, G. Piro, P. Tedeschi, G. Boggia, and G. Bianchi, Multi-domain access rights composition in federated IoT platforms, in Proc. 2018 Int. Conf. Embedded Wireless Systems and Networks, Singapore, 2018, pp. 290-295.
[65]
K. Fysarakis, C. Konstantourakis, K. Rantos, C. Manifavas, and I. Papaefstathiou, WSACd-A usable access control framework for smart home devices, presented at IFIP International Conference on Information Security Theory and Practice, Lecture Notes in Computer Science, Cham, Germany: Springer, 2015, pp. 120-133.
DOI
[66]
R. Schuster, V. Shmatikov, and E. Tromer, Situational access control in the internet of things, in Proc. 2018 ACM SIGSAC Conf. Computer and Communications Security, Toronto, Canada, 2018, pp. 1056-1073.
DOI
[67]
S. Bandara, T. Yashiro, N. Koshizuka, and K. Sakamura, Access control framework for API-enabled devices in smart buildings, in Proc. 22nd Asia-Pacific Conf. Communications (APCC), Yogyakarta, Indonesia, 2016, pp. 210-217.
DOI
[68]
S. Dutta, S. S. L. Chukkapalli, M. Sulgekar, S. Krithivasan, P. K. Das, and A. Joshi, Context sensitive access control in smart home environments, in Proc. IEEE 6th Int. Conf. Big Data Security on Cloud (BigDataSecurity), IEEE Int. Conf. High Performance and Smart Computing (HPSC) and IEEE Int. Conf. Intelligent Data and Security (IDS), Baltimore, MD, USA, 2020, pp. 35-41.
DOI
[69]
D. Rivera, L. Cruz-Piris, G. Lopez-Civera, E. de la Hoz, and I. Marsa-Maestre, Applying an unified access control for IoT-based intelligent agent systems, in Proc. IEEE 8th Int. Conf. Service-Oriented Computing and Applications (SOCA), Rome, Italy, 2015, pp. 247-251.
DOI
[70]
R. Neisse, G. Steri, and G. Baldini, Enforcement of security policy rules for the internet of things, in Proc. IEEE 10th Int. Conf. Wireless and Mobile Computing, Networking and Communications (WiMob), Larnaca, Cyprus, 2014, pp. 165-172.
DOI
[71]
J. Bugeja, A. Jacobsson, and P. Davidsson, On privacy and security challenges in smart connected homes, in Proc. European Intelligence and Security Informatics Conf. (EISIC), Uppsala, Sweden, 2016, pp. 172-175.
DOI
[72]
J. Collins, The robot and the smart home, https://www.abiresearch.com/blogs/2019/08/28/robot-and-the-smart-home/, 2020.
[73]
B. Fang, X. Wei, F. C. Sun, H. M. Huang, Y. L. Yu, and H. P. Liu, Skill learning for human-robot interaction using wearable device, Tsinghua Science and Technology, vol. 24, no. 6, pp. 654-662, 2019.
DOI Google Scholar
Publication history
Copyright
Rights and permissions

Publication history

Received: 02 January 2021
Accepted: 20 January 2021
Published: 09 June 2021
Issue date: December 2021

Copyright

© The author(s) 2021.

Rights and permissions

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return