Securing Smart Home IoT Systems with Attribute-Based Access Control

Over the last few years, there has been an increased proliferation of IoT systems for smart homes, enabling owners to remotely manage a variety of devices and gadgets installed on their properties. This growth was made possible due to several innovative contributions from the industry in device & sensor technology, efficient networking protocols, as well as extensive deployment of cloud infrastructure, and the development of user-friendly smartphone applications. However, the security of such systems, especially controlled access to the devices and their functionality, is still lagging. There were some recent attempts to develop access control methods for smart home IoTs. While the solutions appear to be interesting, they either ignore the practical issues faced during real-world deployment in IoT systems or do not support fine-grained access control as required by such applications. In this paper, we show how the security of smart home IoT systems can be strengthened through the use of attribute-based access control, which has been considered due to its several distinct advantages including the ability to specify fine-grained security policies and consideration of environmental conditions for making access decisions. A prototype implementation of the proposed framework has been done in the SmartThings IoT platform. An extensive set of experiments show that the approach is quite promising.