Securing Home IoT Environments with Attribute-Based Access Control

Rapid advances in IoT networks have led to the proliferation of several end-user IoT devices. A modern day home IoT environment now resembles a complete network ecosystem with a variety of devices co-existing and operating concurrently. It is necessary that these devices do not disrupt the operations of other devices, either accidentally or maliciously. Accidental disruptions are usually due to misconfigured devices, which may, for instance, result in a device sending network broadcasts and flooding the network. Malicious disruptions may be caused by devices being compromised by attackers or due to devices purchased from untrusted manufacturers. An intentional disruption can include sending control information to other devices to manipulate their operations, and requesting for sensitive information such as surveillance videos or camera pictures. One way of preventing such disruptions is by enforcing access control on IoT devices. Attribute-Based Access Control is the most appropriate model because of its ability to enforce access control based on the attributes of the devices, users, and environment context. We consider the NIST Next Generation Access Control (NGAC) specification for our ABAC requirements because of several reasons, including its support for adaptive policies, efficiency, and ease of policy management.