Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes

摘要

There has been a rapid increase in the number of Internet of Things (IoT) devices in the lastfew years, providing a wide range of services such as camera feeds, light controls, and door locksfor remote access. Access to IoT devices, whether within the same environment or remotely via theInternet, requires proper security mechanisms in order to avoid disclosing any secure information oraccess privileges. Authentication, on which other security classes are built, is the most important partof IoT security. Without ensuring that the authorized party is who it claims to be, other security factorswould be useless. Additionally, with the increased mobility of IoT devices, traditional authenticationmechanisms, such as a username and password, are less effective. Numerous security challenges inthe IoT domain have resulted in the proposal of many different approaches to authentication. Manyof these methods require either carrying an authentication token, such as a smartcard, or restrictingaccess to a particular physical location. Considering that most IoT devices contain a wide arrayof sensors, a large amount of contextual information can be provided. Thus, real-time securitymechanisms can protect user access by, for example, utilizing contextual information to validaterequests. A variety of contextual information can be retrieved to strengthen the authenticationprocess, both at the time of access request and throughout the entire access session, without requiringuser interaction, which avoids the risk of being discovered by attackers of these features. In this paper,we introduce a continuous authentication framework that integrates contextual information for userauthentication in smart homes. The implementation and evaluation show that the framework canprotect smart devices against unauthorized access from both anonymous and known users, either,locally or remotely, in a flexible manner and without requiring additional user intervention.