A. Sikder, Leonardo Babun, Z. Berkay Celik, Hidayet Aksu, P. Mcdaniel, E. Kirda, A. Uluagac
{"title":"谁在控制我的设备?面向共享智能家居环境的多用户多设备感知门禁系统","authors":"A. Sikder, Leonardo Babun, Z. Berkay Celik, Hidayet Aksu, P. Mcdaniel, E. Kirda, A. Uluagac","doi":"10.1145/3543513","DOIUrl":null,"url":null,"abstract":"Multiple users have access to multiple devices in a smart home system – typically through a dedicated app installed on a mobile device. Traditional access control mechanisms consider one unique, trusted user that controls access to the devices. However, multi-user multi-device smart home settings pose fundamentally different challenges to traditional single-user systems. For instance, in a multi-user environment, users have conflicting, complex, and dynamically-changing demands on multiple devices that cannot be handled by traditional access control techniques. Moreover, smart devices from different platforms/vendors can share the same home environment, making existing access control obsolete for smart home systems. To address these challenges, in this paper, we introduce Kratos+, a novel multi-user and multi-device-aware access control mechanism that allows smart home users to flexibly specify their access control demands. Kratos+ has four main components: user interaction module, backend server, policy manager, and policy execution module. Users can easily specify their desired access control settings using the interaction module that are translated into access control policies in the back-end server. The policy manager analyzes these policies, initiates automated negotiation between users to resolve conflicting demands, and generates final policies to enforce in smart home systems. We implemented Kratos+ as a platform-independent solution and evaluated its performance on real smart home deployments featuring multi-user scenarios with a rich set of configurations (337 different policies including 231 demand conflicts and 69 restriction policies). These configurations also included five different threats associated with access control mechanisms. Our extensive evaluations show that Kratos+ is very effective in resolving conflicting access control demands with minimal overhead. We also performed an extensive user study with 72 smart home users to better understand the user’s needs before designing the system and a usability study to evaluate the efficacy of Kratos+ in a real-life smart home environment.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":3.5000,"publicationDate":"2022-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Who’s Controlling My Device? Multi-User Multi-Device-Aware Access Control System for Shared Smart Home Environment\",\"authors\":\"A. Sikder, Leonardo Babun, Z. Berkay Celik, Hidayet Aksu, P. Mcdaniel, E. Kirda, A. Uluagac\",\"doi\":\"10.1145/3543513\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Multiple users have access to multiple devices in a smart home system – typically through a dedicated app installed on a mobile device. Traditional access control mechanisms consider one unique, trusted user that controls access to the devices. However, multi-user multi-device smart home settings pose fundamentally different challenges to traditional single-user systems. For instance, in a multi-user environment, users have conflicting, complex, and dynamically-changing demands on multiple devices that cannot be handled by traditional access control techniques. Moreover, smart devices from different platforms/vendors can share the same home environment, making existing access control obsolete for smart home systems. To address these challenges, in this paper, we introduce Kratos+, a novel multi-user and multi-device-aware access control mechanism that allows smart home users to flexibly specify their access control demands. Kratos+ has four main components: user interaction module, backend server, policy manager, and policy execution module. Users can easily specify their desired access control settings using the interaction module that are translated into access control policies in the back-end server. The policy manager analyzes these policies, initiates automated negotiation between users to resolve conflicting demands, and generates final policies to enforce in smart home systems. We implemented Kratos+ as a platform-independent solution and evaluated its performance on real smart home deployments featuring multi-user scenarios with a rich set of configurations (337 different policies including 231 demand conflicts and 69 restriction policies). These configurations also included five different threats associated with access control mechanisms. Our extensive evaluations show that Kratos+ is very effective in resolving conflicting access control demands with minimal overhead. We also performed an extensive user study with 72 smart home users to better understand the user’s needs before designing the system and a usability study to evaluate the efficacy of Kratos+ in a real-life smart home environment.\",\"PeriodicalId\":29764,\"journal\":{\"name\":\"ACM Transactions on Internet of Things\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.5000,\"publicationDate\":\"2022-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Internet of Things\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3543513\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3543513","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Who’s Controlling My Device? Multi-User Multi-Device-Aware Access Control System for Shared Smart Home Environment
Multiple users have access to multiple devices in a smart home system – typically through a dedicated app installed on a mobile device. Traditional access control mechanisms consider one unique, trusted user that controls access to the devices. However, multi-user multi-device smart home settings pose fundamentally different challenges to traditional single-user systems. For instance, in a multi-user environment, users have conflicting, complex, and dynamically-changing demands on multiple devices that cannot be handled by traditional access control techniques. Moreover, smart devices from different platforms/vendors can share the same home environment, making existing access control obsolete for smart home systems. To address these challenges, in this paper, we introduce Kratos+, a novel multi-user and multi-device-aware access control mechanism that allows smart home users to flexibly specify their access control demands. Kratos+ has four main components: user interaction module, backend server, policy manager, and policy execution module. Users can easily specify their desired access control settings using the interaction module that are translated into access control policies in the back-end server. The policy manager analyzes these policies, initiates automated negotiation between users to resolve conflicting demands, and generates final policies to enforce in smart home systems. We implemented Kratos+ as a platform-independent solution and evaluated its performance on real smart home deployments featuring multi-user scenarios with a rich set of configurations (337 different policies including 231 demand conflicts and 69 restriction policies). These configurations also included five different threats associated with access control mechanisms. Our extensive evaluations show that Kratos+ is very effective in resolving conflicting access control demands with minimal overhead. We also performed an extensive user study with 72 smart home users to better understand the user’s needs before designing the system and a usability study to evaluate the efficacy of Kratos+ in a real-life smart home environment.