Skip to main content
SpringerLink
Log in

Authentication-enabled attribute-based access control for smart homes

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Smart home technologies constantly bring significant convenience to our daily lives. Unfortunately, increased security risks accompany this convenience. There can be severe consequences when unauthorized or malicious users gain access to smart home devices. Therefore, dependable and comprehensive access control models are needed to address the security concerns. To this end, the attribute-based access control (ABAC) model is usually considered the most satisfactory access control model for running IoT applications. However, the uncertainty left with the authentication stage should be carried to the authorization policy specification. In this work, we extend the ABAC model by carrying the assurance level of user authentication obtained from biometric authentication systems for authorization. The extended ABAC model quantifies how far the authentication matching score is from the predefined threshold. This quantification serves as a regular attribute like others to define authorization policies. The novelty in this quantification is that it consults false matching rate and hence can easily normalize across wide range of biometric authentication devices and algorithms. As a result, the resulting access control policies are concise and easy to comprehend. Moreover, our model is fine-grained in that different access policies can be specified for each smart device functionality. This work also shows, through case studies, that the extended ABAC model is feasible and implementable in XACML language.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Data availability

No datasets were generated or analyzed during the current study.

Notes

  1. https://iot-analytics.com/number-connected-iot-devices/.

References

  1. Ravidas, S., Lekidis, A., Paci, F., Zannone, N.: Access control in Internet-of-Things: a survey. J. Netw. Comput. Appl. 144, 79–101 (2019). https://doi.org/10.1016/j.jnca.2019.06.0171610.01065

    Article  Google Scholar 

  2. Naik, S., Maral, V.: Cyber security—IoT. In: RTEICT 2017—2nd IEEE International Conference on Recent Trends in Electronics, Information and Communication Technology, Proceedings 2018-January, pp. 764–767 (2018). https://doi.org/10.1109/RTEICT.2017.8256700

  3. Ogonji, M.M., Okeyo, G., Wafula, J.M.: A survey on privacy and security of Internet of Things. Comput. Sci. Rev. 38, 100312 (2020). https://doi.org/10.1016/j.cosrev.2020.100312

  4. Fremantle, P., Scott, P.: A survey of secure middleware for the internet of things. PeerJ Comput. Sci. (2017). https://doi.org/10.7717/peerj-cs.114

  5. Lee, S., Kim, J., Lee, S., Tech, G., Kim, H., Kim, J.: FACT: Functionality-Centric Access Control System for IoT Programming Frameworks. In: SACMAT’17, pp. 43–54 (2017)

  6. He, W., Padhi, R., Ofek, J., Golla, M., Dürmuth, M., Fernandes, E., Ur, B.: Rethinking Access Control and Authentication for the Home Internet of Things (IoT). Usenix Sec (2018). https://www.usenix.org/conference/usenixsecurity18/presentation/he

  7. Borse, Y., Chawathe, A.: A survey on access control in cloud computing. Int. J. Comput. Trends Technol. 59(2), 81–84 (2018). https://doi.org/10.14445/22312803/ijctt-v59p113

    Article  Google Scholar 

  8. Tian, Y., Zhang, N., Lin, Y.H., Wang, X.F., Ur, B., Guo, X.Z., Tague, P.: Smartauth: user-centered authorization for the internet of things. In: Proceedings of the 26th USENIX Security Symposium, pp. 361–378 (2017)

  9. Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015, pp. 1–7 (2015). https://doi.org/10.1145/2834050.2834095

  10. Ouaddah, A., Mousannif, H., Abou Elkalam, A., Ait Ouahman, A.: Access control in the Internet of Things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017). https://doi.org/10.1016/j.comnet.2016.11.007

    Article  Google Scholar 

  11. Adda, M., Abdelaziz, J., McHeick, H., Saad, R.: Toward an access control model for IOTCollab. Procedia Comput. Sci. 52(1), 428–435 (2015). https://doi.org/10.1016/j.procs.2015.05.009

    Article  Google Scholar 

  12. Ye, N., Zhu, Y., Wang, R.C., Malekian, R., Lin, Q.M.: An efficient authentication and access control scheme for perception layer of internet of things. Appl. Math. Inf. Sci. 8(4), 1617–1624 (2014). https://doi.org/10.12785/amis/080416

    Article  Google Scholar 

  13. Yalcinkaya, E., Maffei, A., Onori, M.: Application of attribute based access control model for industrial control systems. Int. J. Comput. Netw. Inf. Secur. 9(2), 12–21 (2017). https://doi.org/10.5815/ijcnis.2017.02.02

    Article  Google Scholar 

  14. Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication (2014). https://doi.org/10.6028/NIST.SP.800-162

  15. Oasis: eXtensible Access Control Markup Language. OASIS Standard (January):154 (2013)

  16. Rath, A.T., Colin, J.N.: Strengthening access control in case of compromised accounts in smart home. In: International Conference on Wireless and Mobile Computing, Networking and Communications 2017-October, pp. 1–8 (2017). https://doi.org/10.1109/WiMOB.2017.8115827

  17. Rath, T.A., Colin, J.N.: Adaptive risk-aware access control model for Internet of Things. In: Proceedings—2017 International Workshop on Secure Internet of Things, SIoT 2017, pp. 40–49 (2018). https://doi.org/10.1109/SIoT.2017.00010

  18. Dong, Y., Wan, K., Huang, X., Yue, Y.: Contexts-states-aware access control for Internet of Things. In: Proceedings of the 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design, CSCWD 2018, pp. 271–276 (2018). https://doi.org/10.1109/CSCWD.2018.8465364

  19. Bezawada, B., Haefner, K., Ray, I.: Securing home IoT environments with attribute-based access control. In: Proceedings of the 3rd ACM Workshop on Attribute-Based Access Control, Co-located with CODASPY 2018, pp. 43–53 (2018). https://doi.org/10.1145/3180457.3180464

  20. Sun, K., Yin, L.: Attribute-role-based hybrid access control. In: APWeb 2014 Workshops (61100181), pp. 333–343 (2014). https://doi.org/10.1007/978-3-319-11119-3_31

  21. Aghili, S.F., Sedaghat, M., Singelée, D., Gupta, M.: MLS-ABAC: efficient multi-level security attribute-based access control scheme. Future Gener. Comput. Syst. 131(January), 75–90 (2022). https://doi.org/10.1016/j.future.2022.01.003

    Article  Google Scholar 

  22. Song, L., Li, M., Zhu, Z., Yuan, P., He, Y.: Attribute-based access control using smart contracts for the Internet of Things. Procedia Comput. Sci. 174(2019), 231–242 (2020). https://doi.org/10.1016/j.procs.2020.06.079

    Article  Google Scholar 

  23. Cathey, G., Benson, J., Gupta, M., Sandhu, R.: Edge centric secure data sharing with digital twins in smart ecosystems. In: Proceedings—2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021, pp. 70–79 (2021). https://doi.org/10.1109/TPSISA52974.2021.00008

  24. Goyal, G., Liu, P., Sural, S.: Securing Smart Home IoT Systems with Attribute-Based Access Control, vol 1. Association for Computing Machinery (2022). https://doi.org/10.1145/3510547.3517920

  25. Gupta, M., Sandhu, R.: Towards activity-centric access control for smart collaborative ecosystems, vol 1. Association for Computing Machinery (2021). https://doi.org/10.1145/3450569.3463559, arXiv:2102.11484

  26. Mawla, T., Gupta, M., Sandhu, R.: BlueSky: Activity Control: A Vision for “active” Security Models for Smart Collaborative Systems, vol 1. Association for Computing Machinery (2022). https://doi.org/10:1145/3532105.3535017

  27. Zeng, E., Roesner, F.: Understanding and improving security and privacy in multi-user smart homes: a design exploration and in-home user study. In: Proceedings of the 28th USENIX Security Symposium, pp. 159–176 (2019)

  28. Burakgazi Bilgen, M., Bicakci, K.: Extending attribute-based access control model with authentication information for Internet of Things. In: 2020 International Conference on Information Security and Cryptology, ISCTURKEY 2020—Proceedings, pp. 48–55 (2020). https://doi.org/10.1109/ISCTURKEY51113.2020.9307964

  29. How biometrics will have a big impact on IoT technology - NEC NZ https://www.nec.co.nz/marketleadership/publications-media/how-biometrics-will-have-a-big-impact-on-iot-technology/

  30. Sugrim, S., Liu, C., McLean, M., Lindqvist, J.: Robust Performance Metrics for Authentication Systems. Network and Distributed Systems Security (NDSS) Symposium 2019 (February) (2019). https://doi.org/10.14722/ndss.2019.23351

  31. Dunstone, T., Yager, N.: Biometric System and Data Analysis Design, Evaluation, and Data Mining. Springer US, (2009). 14:40. https://doi.org/10.1007/978-0-387-77627-92022-12-10

  32. Dhir, V., Singh, A., Kumar, R., Singh, G.: Biometric recognition: a modern era for security. Int. J. Eng. Sci. Technol. 2(8), 3364–3380 (2010)

    Google Scholar 

  33. Https://biolabcsruniboit/FvcOnGoing/UI/Form/PublishedAlgsaspx (2022) FVC-onGoing. https://biolab.csr.unibo.it/FvcOnGoing/UI/Form/PublishedAlgs.aspx# &&opq9kKfNMmetNyGfkPzA5od/P/tuPosw2DR8xqBRrz6hauX5tMGdzgwPF/egYeXkNIbFbE31OxgFjPHfByvIrbTvKn9EiOXZgtaXs7W2HpEj4EOZyEo0fs4RzbQGiqLmPbECcldIg/yR4Jl4iG4mhH2n7Uo37vRKR/RCw8F9HvRLJE+o

  34. Dorizzi, B., Cappelli, R., Ferrara, M., Maio, D., Maltoni, D., Houmani, N., Garcia-Salicetti, S., Mayoue, A.: Fingerprint and on-line signature verification competitions at ICB 2009. In: Proceedings International Conference on Biometrics (ICB) 5558 LNCS, pp. 725–732 (2009). https://doi.org/10.1007/978-3-642-01793-3_74

  35. Maio, D., Maltoni, D., Cappelli, R., Wayman, J.L., Jain, A.K.: FVC2002: second fingerprint verification competition. In: Proceedings—International Conference on Pattern Recognition, Vol. 16, No. 3, pp. 811–814 (2002). https://doi.org/10.1109/icpr.2002.1048144

  36. Ameer, S., Sandhu, R.: The HABAC model for smart home IoT and comparison to EGRBAC. In: SAT-CPS 2021—Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, pp. 39–48 (2021). https://doi.org/10.1145/3445969.3450428

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, TOBB University of Economics and Technology, Ankara, Turkey

    Melike Burakgazi Bilgen & Osman Abul

  2. Informatics Institute, Istanbul Technical University, Istanbul, Turkey

    Kemal Bicakci

Authors
  1. Melike Burakgazi Bilgen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Osman Abul
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kemal Bicakci
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Melike Burakgazi Bilgen.

Ethics declarations

Conflict of interest

The authors declare no competing financial interests.

Ethical approval

This article does not contain any studies with human participants or animals.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix

Appendix

A sample policy specification with four permit rules (projected on critical functionalities).

figure a
figure b
figure c
figure d
figure e
figure f

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Burakgazi Bilgen, M., Abul, O. & Bicakci, K. Authentication-enabled attribute-based access control for smart homes. Int. J. Inf. Secur. 22, 479–495 (2023). https://doi.org/10.1007/s10207-022-00639-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00639-x

Keywords

Search

Navigation