Rethinking Access Control and Authentication for the Home Internet of Things (Iot)
Rethinking Access Control and Authentication for the Home Internet of Things (IoT) Weijia He, University of Chicago; Maximilian Golla, Ruhr-University Bochum; Roshni Padhi and Jordan Ofek, University of Chicago; Markus Dürmuth, Ruhr-University Bochum; Earlence Fernandes, University of Washington; Blase Ur, University of Chicago https://www.usenix.org/conference/usenixsecurity18/presentation/he This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Rethinking Access Control and Authentication for the Home Internet of Things (IoT) Weijia He, Maximilian Golla†, Roshni Padhi, Jordan Ofek, Markus Durmuth¨ †, Earlence Fernandes‡, Blase Ur University of Chicago, † Ruhr-University Bochum, ‡ University of Washington Abstract fairs is troubling because the characteristics that make the IoT distinct from prior computing domains neces- Computing is transitioning from single-user devices to sitate a rethinking of access control and authentication. the Internet of Things (IoT), in which multiple users Traditional devices like computers, phones, tablets, and with complex social relationships interact with a single smart watches are generally used by only a single per- device. Currently deployed techniques fail to provide son. Therefore, once a user authenticates to their own usable access-control specification or authentication in device, minimal further access control is needed. These such settings. In this paper, we begin reenvisioning ac- devices have screens and keyboards, so the process of au- cess control and authentication for the home IoT. We pro- thentication often involves passwords, PINs, fingerprint pose that access control focus on IoT capabilities (i.
[Show full text]