Internet of things (IoT) devices have been ubiquitous in recent years. An emerging model for IoT deployment is an open edge-based infrastructure. Edge resources are commonly used to coordinate capabilities and manage access due to IoT device resource limitations and IoT vendor heterogeneity. The open IoT environment often exists in a multi-user setting, where multiple users interact with a single IoT device. In this setting, we assume that none of the users or the edges are fully trusted, thus IoT data privacy may be compromised. Limited attention has been paid to authorization and auditing in this environment. However, exploiting inter-user relationships gives us leverage. In this work, we propose a social quorum based architecture, SQuBA, as an access control mechanism for IoT which provides relationship-driven authorization and auditing. We present a tiered approach to support access control rules and relationship-based trustworthiness. We implemented a prototype and carried out experiments using a real-world dataset under various scenarios and configurations. The results demonstrate both SQuBA's promising near real-time response latency that is in the order of milliseconds, and good resilience to different edge faulty models. We also compare with various baselines and SQuBA is able to improve end-to-end latency by up to 10X and tolerate the number of faulty edges by up to 2X.
