K Shravya received her MS in Computer Science and Engineering (CSE). Her research work was supervised by Prof. Kamal Karlapalem. Here’s a summary of her research work on A Multi Perspective Access control for Smart Homes:
The present-day smart homes are proliferated with innumerable smart home devices. The community is accepting smart home devices. More than 70% of homes in North America have an IoT device. The growing number of smart home devices has led to its variegated usage patterns. Unlike mobile phones, IoT devices are usually static, have less computation power and are shared among the members and visitors of a house. Several studies have shown different usage patterns of smart devices based on the relationships among the people in the house. However, devices in a house can be used to cause dangerous consequences to the property or its members.
Smart homes do not usually appear to be places where security and privacy could be compromised. We challenge this premise by proving that when individuals in a smart home have malicious intentions, they can cause maximum damage to the people and devices of the house. Though the issue is not commonly addressed, one can use smart home devices to hamper the security or privacy of the house members. Since those who get access to these devices are trusted, it is imperative to manage the rights of these users.
A strict access control policy is required to grant only required privileges to the users of the devices and monitor their activities to prevent abuse. Our work aims to regulate the usage of devices in a shared multi-user, multi-device setup by laying out an access control system for the home. Designing such a system has been previously attempted. However, those works failed to acknowledge the practicality of every device being used differently by each user. We assign each user a different role for every device based on the user’s suitability with that of the device. Existing methods to manage privileges in smart home systems have not considered allocating privileges to users based on (i) the relationship of the user with the device, (ii) the location and risk of the device and (iii) the current environment. In this work, we take a multi-perspective view on the problem of sharing fine-grained privileges of IoT devices among multiple users in a smart home. We propose the concepts of user role (subset of privileges specific to each device), tasks and security levels (labels for each privilege) to allot the proper privileges to users. We limit the exploitation of privileges assigned to legitimate insiders of the house. Thus, our work matches the aspirations of previous surveys on building a comprehensive access control system to manage privileges in a shared smart home.
We deployed our solution as a tool on a python-based Flask server that receives requests from users in the home through a REST API.
Administrators in a smart home are often overwhelmed by the number of options, controls and environments given to them to manage. Since devices are varied, managing a smart home becomes a non-trivial task. To aid administrators to manage the environment in a hassle-free manner, we have also designed Vigile. This system verifies whether the aspirations of privilege distribution to users in the smart home matches with the actual allocation of privileges