CRII: SaTC: Multi-User Authentication and Access Control in the Internet of Things

CRII：SaTC：物联网中的多用户身份验证和访问控制

• 批准号: 1756011
• 负责人: Blase Ur
• 金额: $ 19.1万
• 依托单位: University of Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-07-01 至 2020-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1756011&HistoricalAwards=false
• 关键词: CRII; SaTC; Multi; User; Authentication

Computing is transitioning from single-user devices, such as laptops and phones, to the Internet of Things (IoT), in which numerous users interact with a particular device, such as an Amazon Echo or Internet-connected door lock. The desired level of access to particular capabilities, such as ordering items using a shared voice assistant, likely differs across members of a household (e.g., children and parents). Widely deployed devices and the existing research literature lack mechanisms for specifying who should be able to perform which actions with which household Internet-connected devices. Complicating matters, the users of a given device often have complex social relationships to each other. Our goal is to develop techniques and interfaces that enable non-technical users to specify who should be able to perform what actions using which Internet-connected devices in the home, as well as to verify the identity of the person trying to perform those actions. Misconfigured devices can open the home to attackers, yet may also disenfranchise members of the household. Our approach to authentication and authorization directly impacts security for consumers of an array of household IoT devices. A core objective of this proposal is also to train first-time student researchers in a tangible domain that is ideal for a first research experience.On a technical level, the work comprises three phases. The first phase aims to characterize the access-control policies users will want to express for multi-user IoT devices, focusing on the unique characteristics and capabilities of the IoT. To do so, we will conduct an online user study that elicits users' desired access-control policies for the home IoT, that is, who should be allowed to use particular capabilities, as well as in what circumstances. Having identified the primitives necessary for users to express their desired access-control policies for the home IoT, the second phase will systematize authentication mechanisms and authorization interfaces appropriate for the constraints of these home IoT environments, proposing mechanisms commensurate with the risks of unauthorized use of different capabilities. In the third phase of the research, we will implement our proposed mechanisms and evaluate them through an in-situ field study, allowing us to gauge how effectively these interfaces and mechanisms minimize both unauthorized access and incorrect access denials in the realistic setting of users' homes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

计算正在从笔记本电脑和手机等单用户设备过渡到物联网(IoT)，在物联网中，许多用户与特定设备交互，如Amazon Echo或联网门锁。对特定功能的期望访问级别，例如使用共享语音助手订购物品，可能在家庭成员(例如，孩子和父母)之间有所不同。广泛部署的设备和现有的研究文献缺乏指定谁应该能够对哪些家庭连接互联网的设备执行哪些操作的机制。让事情变得复杂的是，特定设备的用户彼此之间往往有复杂的社会关系。我们的目标是开发技术和界面，使非技术用户能够指定谁应该能够使用家庭中哪些连接互联网的设备执行哪些操作，并验证试图执行这些操作的人的身份。错误配置的设备可能会向攻击者敞开大门，但也可能剥夺家庭成员的权利。我们的身份验证和授权方法直接影响一系列家用物联网设备消费者的安全。这项提议的一个核心目标也是在一个有形的领域培训第一批学生研究人员，这是第一次研究经验的理想选择。在技术层面上，这项工作包括三个阶段。第一阶段旨在描述用户希望为多用户物联网设备表达的访问控制策略，重点是物联网的独特特征和功能。为此，我们将进行一项在线用户研究，得出用户对家庭物联网所需的访问控制策略，即谁应该被允许使用特定功能，以及在什么情况下。在确定了用户表达其期望的家庭物联网访问控制策略所需的原语后，第二阶段将系统化适合这些家庭物联网环境限制的身份验证机制和授权接口，提出与未经授权使用不同功能的风险相称的机制。在研究的第三阶段，我们将实施我们建议的机制，并通过现场实地研究对其进行评估，使我们能够衡量这些接口和机制在用户家庭的现实环境中如何有效地将未经授权的访问和不正确的访问拒绝降至最低。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Clap On, Clap Off: Usability of Authentication Methods in the Smart Home

拍手，拍手关闭：智能家居中身份验证方法的可用性

• 发表时间: 2018
• 期刊: Proceedings of the Interactive Workshop on the Human Aspect of Smarthome Security and Privacy
• 作者: He, Weijia;Hainline, Juliette;Padhi, Roshni;Ur, Blase
• 通讯作者: Ur, Blase

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

• 发表时间: 2018
• 期刊: Remote Sensing of Environment
• 影响因子: 13.5
• 作者: Weijia He;Maximilian Golla;Roshni Padhi;Jordan Ofek;Markus Dürmuth;Earlence Fernandes;Blase Ur