Zero Trust Access Control with Context-Aware and Behavior-Based Continuous Authentication for Smart Homes
Resumo
Generally, approaches to build the security of Smart Home Systems (SHS) require big amount of data to implement Access Control and Intrusion Detection Systems, with storage in cloud, for instance, being a vulnerability to inhabitants privacy. Besides, most works rely on cloud computing or resources in the cloud to perform security tasks, what can be exploited by attackers. This work presents the ZASH (Zero-Aware Smart Home System), an Access Control for SHS. ZASH uses Continuous Authentication with Zero Trust, supported by real-time context and activity information, enabled by Edge Computing and Markov Chain, to prevent and mitigate impersonation attacks that aim to invade inhabitants privacy. An experimental evaluation demonstrated the system capability to dynamically adapt to new inhabitants behaviors withal blocking impersonation attacks.
Palavras-chave:
Zero Trust, Continuous Authentication, Context-Aware, Behavior-Based, Smart Home, Edge Computing
Referências
Al-Naji, F. H. and Zagrouba, R. (2020). A survey on continuous authentication methods in Internet of Things environment. Computer Communications, 163(August):109–133.
Alshammari, T., Alshammari, N., Sedky, M., and Howard, C. (2018). SIMADL: Simulated activities of daily living dataset. Data, 3(2):1–13.
Amraoui, N., Besrour, A., Ksantini, R., and Zouari, B. (2020). Implicit and Continuous Authentication of Smart Home Users, volume 926. Springer International Publishing.
Ashibani, Y., Kauling, D., and Mahmoud, Q. (2019). Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes. Applied System Innovation, 2(1):4.
Ashibani, Y. and Mahmoud, Q. H. (2019). User authentication for smart home networks based on mobile apps usage. Proceedings of Communications and Networks, ICCCN, 2019-July:1–6.
Bakar, U. A. B. U. A., Ghayvat, H., Hasanm, S. F., and Mukhopadhyay, S. C. (2016). Activity and Anomaly Detection in Smart Home: A Survey, pages 191–220. Springer International Publishing, Cham.
Castro, T. O., Caitité, V. G., Macedo, D. F., and dos Santos, A. L. (2019). CASA-IoT: Scalable and contextInternational Journal of Network Management, aware IoT access control supporting multiple users. 29(5):1–18.
de Matos, E., Amaral, L. A., and Hessel, F. (2017). Context-aware systems: Technologies and challenges in internet of everything environments. In Beyond the Internet of Things, pages 1–25. Springer.
Dimitrakos, T., Dilshener, T., Kravtsov, A., La Marra, A., Martinelli, F., Rizos, A., Rosett, A., and Saracino, A. (2020). Trust aware continuous authorization for zero trust in consumer internet of things. Proceedings 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, pages 1801–1812.
Dong, M. and Ansari, N. (2020). Guest editorial: Special section on cyber-physical social systems—integrating human into computing. IEEE Trans. on Emerging Topics in Computing, 8(1):4–5.
Ghosh, N., Chandra, S., Sachidananda, V., and Elovici, Y. (2019). SoftAuthZ: A Context-Aware, BehaviorBased Authorization Framework for Home IoT. IEEE Internet of Things Journal, 6(6):10773–10785.
IEEE Humayed, A., Lin, J., Li, F., and Luo, B. (2017). Cyber-Physical Systems Security A Survey. Internet of Things Journal, 4(6):1802–1831.
Junior, C. P., Santos, A., and Nogueira, M. (2020). Detecting fdi attack on dense iot network with distributed ltering collaboration and consensus. In 2020 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6.
Krombholz, K., Hobel, H., Huber, M., and Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22:113–122. Special Issue on Security of Information and Networks.
Kuyucu, M. K., Bahtiyar, , and Ince, G. (2019). Security and privacy in the smart home: A survey of issues and mitigation strategies. In 2019 4th International Conference on Computer Science and Engineering (UBMK), pages 113–118.
Lal, N. A., Prasad, S., and Farik, M. (2015). A Review Of Authentication Methods. International Journal of Scientic Technology Research, 4(8):246–249.
Lee, H. (2020). Home IoT resistance: Extended privacy and vulnerability perspective. Telematics and Informatics, 49:101377.
MarketsAndMarkets (2020). Smart home market with covid-19 impact analysis by product (lighting control, security access control, hvac control, entertainment, home healthcare), software services (proactive, behavioural), and region global forecast to 2025. [link].
Mocrii, D., Chen, Y., and Musilek, P. (2018). IoT-based smart homes: A review of system architecture, software, communications, privacy and security. Internet of Things, 1-2:81–98.
Nakayama, F., Lenz, P., Banou, S., Nogueira, M., Santos, A., Chowdhury, K. R., and Lacuesta, R. (2019). A Continuous User Authentication System Based on Galvanic Coupling Communication for s-Health. Wireless Communications and Mobile Computing, 2019.
Scott W. Rose, Oliver Borchert, Stuart Mitchell, S. C. (2020). Zero Trust Architecture NIST Special Publication 800-207. Nist, page 49.
Sikder, A. K., Aksu, H., and Uluagac, A. S. (2020). A context-aware framework for detecting sensor-based threats on smart devices. IEEE Trans. on Mobile Computing, 19(2):245–261.
Sikder, A. K., Babun, L., Aksu, H., and Uluagac, A. S. (2019). AEGIS: A Context-aware Security Framework for Smart Home Systems. ACM Int. Conference Proceeding Series, pages 28–41.
Alshammari, T., Alshammari, N., Sedky, M., and Howard, C. (2018). SIMADL: Simulated activities of daily living dataset. Data, 3(2):1–13.
Amraoui, N., Besrour, A., Ksantini, R., and Zouari, B. (2020). Implicit and Continuous Authentication of Smart Home Users, volume 926. Springer International Publishing.
Ashibani, Y., Kauling, D., and Mahmoud, Q. (2019). Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes. Applied System Innovation, 2(1):4.
Ashibani, Y. and Mahmoud, Q. H. (2019). User authentication for smart home networks based on mobile apps usage. Proceedings of Communications and Networks, ICCCN, 2019-July:1–6.
Bakar, U. A. B. U. A., Ghayvat, H., Hasanm, S. F., and Mukhopadhyay, S. C. (2016). Activity and Anomaly Detection in Smart Home: A Survey, pages 191–220. Springer International Publishing, Cham.
Castro, T. O., Caitité, V. G., Macedo, D. F., and dos Santos, A. L. (2019). CASA-IoT: Scalable and contextInternational Journal of Network Management, aware IoT access control supporting multiple users. 29(5):1–18.
de Matos, E., Amaral, L. A., and Hessel, F. (2017). Context-aware systems: Technologies and challenges in internet of everything environments. In Beyond the Internet of Things, pages 1–25. Springer.
Dimitrakos, T., Dilshener, T., Kravtsov, A., La Marra, A., Martinelli, F., Rizos, A., Rosett, A., and Saracino, A. (2020). Trust aware continuous authorization for zero trust in consumer internet of things. Proceedings 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2020, pages 1801–1812.
Dong, M. and Ansari, N. (2020). Guest editorial: Special section on cyber-physical social systems—integrating human into computing. IEEE Trans. on Emerging Topics in Computing, 8(1):4–5.
Ghosh, N., Chandra, S., Sachidananda, V., and Elovici, Y. (2019). SoftAuthZ: A Context-Aware, BehaviorBased Authorization Framework for Home IoT. IEEE Internet of Things Journal, 6(6):10773–10785.
IEEE Humayed, A., Lin, J., Li, F., and Luo, B. (2017). Cyber-Physical Systems Security A Survey. Internet of Things Journal, 4(6):1802–1831.
Junior, C. P., Santos, A., and Nogueira, M. (2020). Detecting fdi attack on dense iot network with distributed ltering collaboration and consensus. In 2020 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6.
Krombholz, K., Hobel, H., Huber, M., and Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22:113–122. Special Issue on Security of Information and Networks.
Kuyucu, M. K., Bahtiyar, , and Ince, G. (2019). Security and privacy in the smart home: A survey of issues and mitigation strategies. In 2019 4th International Conference on Computer Science and Engineering (UBMK), pages 113–118.
Lal, N. A., Prasad, S., and Farik, M. (2015). A Review Of Authentication Methods. International Journal of Scientic Technology Research, 4(8):246–249.
Lee, H. (2020). Home IoT resistance: Extended privacy and vulnerability perspective. Telematics and Informatics, 49:101377.
MarketsAndMarkets (2020). Smart home market with covid-19 impact analysis by product (lighting control, security access control, hvac control, entertainment, home healthcare), software services (proactive, behavioural), and region global forecast to 2025. [link].
Mocrii, D., Chen, Y., and Musilek, P. (2018). IoT-based smart homes: A review of system architecture, software, communications, privacy and security. Internet of Things, 1-2:81–98.
Nakayama, F., Lenz, P., Banou, S., Nogueira, M., Santos, A., Chowdhury, K. R., and Lacuesta, R. (2019). A Continuous User Authentication System Based on Galvanic Coupling Communication for s-Health. Wireless Communications and Mobile Computing, 2019.
Scott W. Rose, Oliver Borchert, Stuart Mitchell, S. C. (2020). Zero Trust Architecture NIST Special Publication 800-207. Nist, page 49.
Sikder, A. K., Aksu, H., and Uluagac, A. S. (2020). A context-aware framework for detecting sensor-based threats on smart devices. IEEE Trans. on Mobile Computing, 19(2):245–261.
Sikder, A. K., Babun, L., Aksu, H., and Uluagac, A. S. (2019). AEGIS: A Context-aware Security Framework for Smart Home Systems. ACM Int. Conference Proceeding Series, pages 28–41.
Publicado
04/10/2021
Como Citar
DA SILVA, Giovanni R.; MACEDO, Daniel F.; DOS SANTOS, Aldri L..
Zero Trust Access Control with Context-Aware and Behavior-Based Continuous Authentication for Smart Homes. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 43-56.
DOI: https://doi.org/10.5753/sbseg.2021.17305.