ABSTRACT
The Internet of Things (IoT) devices have expanded into many aspects of everyday life. As these smart home devices grow more popular, security concerns increase. Researchers have modeled the privacy and security threats for smart home devices, but have yet to fully address the problem of unintended user access within the home. Often, smart home devices are purchased by one of the family members and associated with the same family member's account, yet are shared by the entire home. Currently most devices implement a course-grained access control model where someone in the home either has complete access or no access. We provide scenarios that highlight the need for exible authorization control and seamless authentication in IoT devices, especially in multi-user environments. We present design recommendations for IoT device manufacturers to provide fine-grained access control and authentication and describe the challenges to meeting the expectations of all users within a home.
- ABIresearch. 2017. Smart Home. https://www.abiresearch.com/marketresearch/service/smart-home/. (April 2017).Google Scholar
- Joseph A. Akinyele, Matthew W. Pagano, Matthew D. Green, Christoph U. Lehmann, Zachary N. J. Peterson, and Aviel D. Rubin. 2011. Securing Electronic Medical Records Using Attribute-based Encryption on Mobile Devices. In Proceedings of the ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM). ACM, 75--86. https://doi.org/10.1145/2046614.2046628 Google ScholarDigital Library
- Amazon. [n. d.]. Amazon Echo. https://www.amazon.com/Amazon-EchoBluetooth-Speaker-with-WiFi-Alexa/dp/B00X4WHP5E. ([n. d.]).Google Scholar
- Amazon. 2017. Household Profiles on Alexa. https://www.amazon.com/gp/help/customer/display.html?nodeId=201628040. (2017).Google Scholar
- Maggie Astor. 2017. Microchip Implants for Employees? One Company Says Yes. New York Times (July 2017).Google Scholar
- E. Bardram. 2005. The Trouble with Login: On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing 9, 6 (Nov. 2005), 357--367. https://doi.org/10.1007/s00779-005-0347-6 Google ScholarDigital Library
- John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-Policy Attribute-Based Encryption. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, 321--334. https://doi.org/10.1109/SP.2007.11Google ScholarDigital Library
- A. J. Bernheim Brush and Kori M. Inkpen. 2007. Yours, Mine and Ours? Sharing and Use of Technology in Domestic Environments. In Proceedings of the International Conference on Ubiquitous Computing (UbiComp). Springer-Verlag, 109--126. https://doi.org/10.1007/978-3-540-74853-3_7 Google ScholarCross Ref
- Marta E. Cecchinato and Daniel Harrison. 2017. Degrees of Agency in Owners & Users of Home IoT Devices. In ACM CHI 2017.Google Scholar
- Melissa Chase. 2007. Multi-authority Attribute Based Encryption. In Proceedings of the Conference on Theory of Cryptography (TCC). Springer-Verlag, 515--534. https://doi.org/10.1145/2914642.2914659 Google ScholarCross Ref
- Chui. 2014. Chui Doorbell. https://www.getchui.com. (2014).Google Scholar
- CNET. 2017. Is Google Home good at voice recognition? https://www.cnet.com/news/is-google-home-good-at-voice-recognition/. (2017).Google Scholar
- Ry Crist. 2017. Multiple users, multiple systems, multiple devices: Is this the smart home from hell? https://www.cnet.com/news/multiple-users-multiplesystems-multiple-devices-is-this-the-smart-home-from-hell/. (December 2017).Google Scholar
- Ecobee. 2017. Ecobee4 Wi-Fi Thermostat. (2017). https://www.ecobee.com/ecobee4/Google Scholar
- Serge Egelman, A. J. Bernheim Brush, and Kori M. Inkpen. 2008. Family Accounts: A New Paradigm for User Accounts Within the Home Environment. In Proceedings of the ACM Conference on Computer Supported Cooperative Work(CSCW). ACM, 669--678. https://doi.org/10.1145/1460563.1460666 Google ScholarDigital Library
- Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. 2014. Are You Ready to Lock? In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 750--761. https://doi.org/10.1145/2660267.2660273 Google ScholarDigital Library
- Google. 2017. Media and multiple users on Google Home. https://support.google.com/googlehome/answer/7342711?hl=en. (2017).Google Scholar
- Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based Encryption for Fine-grained Access Control of Encrypted Data. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM, 89--98. https://doi.org/10.1145/1180405.1180418 Google ScholarDigital Library
- Alina Hang, Emanuel von Zezschwitz, Alexander De Luca, and Heinrich Hussmann. 2012. Too Much Information! User Attitudes Towards Smartphone Sharing. In Proceedings of the Nordic Conference on Human-Computer Interaction: Making Sense Through Design (NordiCHI). ACM, 284--287. https://doi.org/10.1145/2399016.2399061 Google ScholarDigital Library
- Luan Ibraimi, Milan Petkovic, Svetla Nikova, Pieter Hartel, and Willem Jonker. 2009. Ciphertext-Policy Attribute-Based Threshold Decryption with Flexible Delegation and Revocation of User Attributes (extended version). Centre for Telematics and Information Technology, University of Twente (2009).Google Scholar
- Maia Jacobs, Henriette Cramer, and Louise Barkhuus. 2016. Caring About Sharing: Couples' Practices in Single User Device Access. In Proceedings of the 19th International Conference on Supporting Group Work (GROUP). ACM, 235--243. https://doi.org/10.1145/2957276.2957296 Google ScholarDigital Library
- Amy K. Karlson, A. J. Bernheim Brush, and Stuart Schechter. 2009. Can I Borrow Your Phone? Understanding Concerns when Sharing Mobile Phones. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI). ACM, 1647--1650. https://doi.org/10.1145/1518701.1518953Google Scholar
- Yunxin Liu, Ahmad Rahmati, Yuanhe Huang, Hyukjae Jang, Lin Zhong, Yongguang Zhang, and Shensheng Zhang. 2009. xShare: Supporting Impromptu Sharing of Mobile Phones. In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys). ACM, 15--28. https://doi.org/10.1145/1555816.1555819Google ScholarDigital Library
- Akhil Mathur, Nicholas D. Lane, Sourav Bhattacharya, Aidan Boran, Claudio Forlivesi, and Fahim Kawsar. 2017. DeepEye: Resource Efficient Local Execution of Multiple Deep Vision Models Using Wearable Commodity Hardware. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys). ACM, 68--81. https://doi.org/10.1145/3081333.3081359 Google ScholarDigital Library
- Tara Matthews, Kerwell Liao, Anna Turner, Marianne Berkovich, Robert Reeder, and Sunny Consolvo. 2016. "She'll Just Grab Any Device That's Closer": A Study of Everyday Device; Account Sharing in Households. In Proceedings of the Conference on Human Factors in Computing Systems (CHI). ACM, 5921--5932. https://doi.org/10.1145/2858036.2858051 Google ScholarDigital Library
- Momo. 2017. Momo | Your Intelligent Smart Home Assistant. https://www.kickstarter.com/projects/98269215/momo-your-intelligentsmart-home-assistant. (May 2017).Google Scholar
- Netatmo. 2015. Netatmo Welcome. https://www.netatmo.com/enUS/product/security/welcome. (2015).Google Scholar
- Xudong Ni, Zhimin Yang, Xiaole Bai, Adam C. Champion, and Dong Xuan. 2009. DiffUser: Differentiated User Access Control on Smartphones. In Mobile Adhoc and Sensor Systems.Google Scholar
- Diana Olick. 2016. Just what is a 'smart home' anyway? https://www.cnbc.com/2016/05/09/just-what-is-a-smart-home-anyway.html. (May 2016).Google Scholar
- Mark Patton, Eric Gross, Ryan Chinn, Samantha Forbis, Leon Walker, and Hsinchun Chen. 2014. Uninvited connections: a study of vulnerable devices on the internet of things (IoT). In Intelligence and Security Informatics Conference (JISIC). IEEE, 232--235. Google ScholarDigital Library
- Philips. 2017. Philips Hue. (2017). http://www2.meethue.com/en-us/Google Scholar
- Oriana Riva, Chuan Qin, Karin Strauss, and Dimitrios Lymberopoulos. 2012. Progressive Authentication: Deciding when to Authenticate on Mobile Phones. In Proceedings of the USENIX Conference on Security Symposium. USENIX Association, 15--15. http://dl.acm.org/citation.cfm?id=2362793.2362808Google Scholar
- Samsung. 2017. Samsung Family Hub Refrigerator. (2017). http://www.samsung.com/us/explore/family-hub-refrigerator/overview/Google Scholar
- X. Si, P. Wang, and L. Zhang. 2013. KP-ABE Based Verifiable Cloud Access Control Scheme. In 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. 34--41. https://doi.org/10.1109/TrustCom.2013.68Google Scholar
- Nigel P. Smart. 2003. Access Control Using Pairing Based Cryptography. In Proceedings of the RSA Conference on The Cryptographers' Track (CT-RSA). SpringerVerlag, 111--121. https://doi.org/10.1007/3-540-36563-X_8 Google ScholarCross Ref
- SmartThings. 2017. Account sharing FAQ. https://support.smartthings.com/hc/en-us/articles/206531223. (2017).Google Scholar
- A. Ben Thabet and N. Ben Amor. 2015. Enhanced smart doorbell system based on face recognition. In 2015 16th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA). 373--377. https://doi.org/10.1109/STA.2015.7505106Google Scholar
- Wired. 2017. APPLE'S "NEURAL ENGINE" INFUSES THE IPHONE WITH AI SMARTS. https://www.wired.com/story/apples-neural-engine-infuses-theiphone-with-ai-smarts/. (2017).Google Scholar
- Jan Henrik Ziegeldorf, Oscar Garcia Morchon, and Klaus Wehrle. 2014. Privacy in the Internet of Things: threats and challenges. Security and Communication Networks 7, 12 (2014), 2728--2742. Google ScholarCross Ref
Index Terms
- Enabling Multi-user Controls in Smart Home Devices
Recommendations
The HABAC Model for Smart Home IoT and Comparison to EGRBAC
SAT-CPS '21: Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical SystemsIn the near future IoT will be part of every home turning our houses into smart houses, in which we have multiple users with complex social relationships between them using the same smart devices. This requires sophisticated access control specification ...
Security Technologies Based on Home Gateway for Making Smart Home Secure
Emerging Directions in Embedded and Ubiquitous ComputingAbstractAs home network is expanding into ubiquitous computing environment and lots of private information is accessible, it is required to protect home network system from illegal accesses and security threats in open network. In general deployment of ...
Security technologies based on home gateway for making smart home secure
EUC'07: Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computingAs home network is expanding into ubiquitous computing environment and lots of private information is accessible, it is required to protect home network system from illegal accesses and security threats in open network. In general deployment of home ...
Comments