Scenario-Driven Device-to-Device Access Control in Smart Home IoT.

The Internet of Things (IoT) has been widely integrated in people's everyday lives. As an infrastructure of connected heterogeneous devices, IoT has not yet achieved the seamless integration of device-to-device collaboration which is necessary for real-life home automation. Smart home IoT devices expect to exchange their collected data or status in certain circumstances, in spite of their heterogeneity, viz. working with different communication protocols, IoT platforms, middleware, data and semantics. Deploying appropriate access control models and mechanisms is of utmost importance as any unauthorized access to data could have a cascading violation of privacy, safety and security of users. In this work, we propose a novel device-to-device access control paradigm in the smart home IoT. Our approach relies on message passing as the paradigm for device-to-device interactions. We further introduce actions and scenarios reflecting the chain of events in the smart home context, which facilitates scenario-driven attribute-based access control. Each scenario is triggered by triggering events, based on previously set administrative definitions. We define totally ordered sets of triggering events using priorities to enable conflict resolution for devices which may run into conflicting commands delivered though messages in different ongoing scenarios. The viability of the proposed approach is substantiated via a formal model and an enforcement architecture, backed up by a proof-of-concept implementation which affirms a trade-off between required authorization and efficacy. Potential future challenges are explored in the context of smart home IoT platforms.