A Problem Analysis of Smart Home Automation: Toward Secure and Usable Communication-Based Authorization

The advent of the Internet of Things (IoT) and Artificial Intelligence (AI) have led to the rising popularity of Smart Home Automation (SHAuto). SHAuto uses a variety of interconnected smart devices to provide life-enhancing services such as smart energy control, smart entertainment, smart healthcare, and so on. If these devices are compromised, sensitive data may be disclosed and the compromised devices or other connected devices may be maliciously controlled, threatening the privacy and safety of home occupants. Therefore, controlling access to devices in SHAuto is of paramount importance. However, due to the characteristics of the SHAuto environment, this has become a challenging issue. As a first step towards addressing this challenging issue, this paper provides a comprehensive problem analysis of SHAuto. The problem analysis consists of two parts. The first part is an in-depth analysis of various SHAuto use case scenarios covering three aspects, i.e., device control modes, automation modes, and device communications. This analysis has led to the formulation of a generic model for SHAuto. Based on this model, the second part analyses potential vulnerabilities and threats in relation to authorisation. The comprehensive problem analysis has led to a hypothesis that access to the devices can be controlled by governing device communications and the specification of a set of requirements for the design of secure and usable communication-based access control solutions for SHAuto environments.