Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes
Abstract
:1. Introduction
Motivation
- The absence of clearly defined types of contextual information that could be leveraged for security
- The lack of considering continuous authentication by many proposed approaches beyond point-of-entry
- The lack of considering contextual information as a part of authentication or the tendency to consider only one or two attributes
- The present lack of concern for user privacy with advanced authentication methods
- (1)
- A taxonomy of contextual information that could be leveraged for security purposes, and an examination of the available contextual information with regards to its permission requirements and retrieval time.
- (2)
- An authentication framework that utilizes contextual information as a factor for user authentication, and continuous user authentication during the access session, allowing access to devices and services without necessarily requiring constant interactions, and simply supplying non-expert users with options for configuring the security of their network regarding authentication.
- (3)
- An implementation of the prototype and evaluation regarding: overheads imposed on the system; authentication assigning weights and thresholds; handling of multiple simultaneous requests; and the ability of the prototype to protect against attacks. Evaluation results show that our framework provides security in a flexible manner without requiring additional intervention by users.
2. Related Work
3. Framework Design
3.1. Contextual Information
3.1.1. Contextual Information Taxonomy
- Direct Contextual Information: This can be achieved directly without performing operations on, or modifying, the contextual values (e.g., activities or historical movement information,) as well as social relationships (e.g., friends and family). Direct contextual information, which is mentioned in [43] as the primary context, includes any retrieved contextual information without relying on already existing contextual information. Direct contextual information includes:
- ▪
- User context: any information about the user such as profile, calendar, social networks, and access patterns
- ▪
- Device context: any information related to the used end-device which can be retrieved from sensors, such as location, current and voltage values, Wi-Fi access points, operating systems, and running/installed applications
- ▪
- Network data: IP address, Media Access Control (MAC) address, link speed, ping times, and trace routes
- ▪
- Environmental context: any information related to the physical environment, such as temperature, weather, lighting, loudness, or humidity
- Indirect Contextual Information: This can be indirectly achieved by performing operations on or modifying the contextual values: for example, calculating power consumption using voltage and current values or speed from multiple GPS locations. This classification is mentioned in [43] with the term ‘secondary contextual information’, which refers to any contextual information resulting from performing any operation on existing contextual information.
- Other classifications: Contextual information can also be classified based on the status of the system and its characteristics, as well as the resource of the involved contextual information attributes [44]. Such classifications could include:
- ▪
- Static contextual information: contextual information that changes very slowly or does not change at all, and includes the address and name of the user
- ▪
- Dynamic contextual information: contextual information that changes over time, such as time and location of the user
- ▪
- Internal contextual information: contextual information that is retrieved from the used devices by the user, to access services or other devices, including battery level, and current and voltage readings
- ▪
- External contextual information: contextual information that can be retrieved from external resources such as location of the user, as retrieved by the GSM operator
3.1.2. Contextual Information Gathering
3.1.3. Quality of Context Information
- Statistical analysis, which is based on mathematical models to exclude unreliable values: for example, retrieving the temperature and pressure values from different resources and discarding any anomalous values. Statistical analysis is an effective approach that can be applied especially to environmental contextual information, and also when having multiple resources of the received contextual information.
- Confidence value, which is based on assigning different confidence values for the involved authentication tools and the used devices. As an example, physical tokens have higher confidence values than traditional credentials such as username and password. In our work, higher confidence values will be assigned to the retrieved contextual information based on the trust of the related resource. For instance, by considering MAC address spoofing, a MAC address will be assigned a lower confidence value than voltage value. In addition, the confidence level will be assigned based on information resulting from historical analysis as long-term contextual information.
3.2. Framework Components
- (1)
- A Home Device: A home device might be any device, including an IP camera, thermostat, or smart lock, which can be accessed wirelessly by users through the Gateway. Access request will be granted if the user is either in the boundary area of the physical home space or via the Internet. This access will depend on a combination of traditional authentication with context-aware attributes such as location, schedule, and time.
- (2)
- End-User’s Devices: An end-user’s device is any smart device (e.g., smartphone or tablet) that can be used to access protected devices or services that are resident on that device, through an application programming interface (API) installed during the registration stage. This API can collect sensor data and send it to the home server for user behavior analysis. Every access request or command will be accompanied with sensor data measurements for user pattern analysis and evaluation.
- (3)
- Home Gateway (Local Server): The Gateway acts as an intermediary between the user and the connected home devices. It is responsible for the authentication process, and protects access to these devices. The Gateway, which collects the required context information and determines whether the access request satisfies the predefined requirement, is also responsible for verifying identity information that is received or transferred for authentication purposes.
- Bluetooth Sensor: The embedded Bluetooth sensor in the Raspberry Pi is used for the Gateway and utilized to collect information about the user’s location in real-time.
- The Gateway Database: This contains all the following tables.
- ▪
- Access Control Policies: This contains the assigned policies and roles that dictate a user’s privileges and the security levels of the various smart devices.
- ▪
- Login Access Profile: The system saves a copy of all authentication attempts for each user with related information, such as time, session duration, the number of attempts, access decisions, and any other provided contextual information that is related to every authentication or access attempt. These data will help in interpreting the system’s usage, learning usage behavior, and checking for malicious usage.
- ▪
- General User Information: This contains the information that describes each user’s personal information, such as name, age, and any other identifiers used in authentication.
- ▪
- Calendar: This caches the events retrieved from users’ calendars that are used in determining access schedules, and periodically compares them against the online copies to check for new events or tampering.
3.3. Framework Features
- The user does not always have to provide credentials to be continuously authenticated beyond the point-of-entry, unless a specific situation requires it.
- Users are not required to set up any security configuration, but are required to provide some related information and preferences that will be enhanced with contextual information collected by the system itself. The homeowner configures the user and group policies, which can be easily applied.
- Any undesired offensive event, such as using another user’s credentials, will not permit access to services with high-security levels.
- The devices need to be protected in two scenarios:
- ▪
- From local users with access to the wireless network who are not permitted to access the home devices
- ▪
- From remote access by attackers who try to access home devices.
- Users are provided access privileges that expire without the need for manual revocation in the case of not manually terminating the access session. For example, re-checking the utilized contextual information, such as calendars and locations, should be performed at particular time intervals. When there is some variation from predefined policies, the access session will be automatically revoked.
- The re-check interval is set to one minute as an initial value, and this time is then updated based on the average of the previous access sessions of the user. For example, if the average of the previous access sessions is 10 minutes, then the frequency of re-checking the context information would be one-third of this time. When any of the authentication requirements do not meet predefined roles (the predefined confidence levels, as shown in Table 6, are the minimum threshold for accessing the required device), the access session will be automatically revoked. Access to some devices is restricted to home (local area) boundaries, using short-range wireless communication methods to prevent access from outside the home environment via the used wireless network. Another attribute used for ensuring the correct connected device is by comparing some of the device sensor readings, such as temperature, with locally established sensor readings.
- Once the authentication process is complete, the device that can be accessed will appear in the user's access page devices list. Some devices can be accessed anonymously or without additional authentication, while others will be greyed-out or hidden entirely if blocked.
- The access control policies will be assigned based on the resulting authentication average weight. All authentication logs are registered in the database in order to be used for future logging decisions and analysis.
3.4. Use Case Scenario
- Registration stage: The user will provide some details, including preferences and calendar schedule, and choose a basic credential username and password. Considering that predefined security questions are just like other passwords, our framework requires the user to provide some preferences that are not shared with relatives, and are not available on social media websites. These preferences, in the form of questions, will be used in a situation where the minimum confidence level has not been achieved: for example, when the system is not able to retrieve all the necessary contextual information.
- Verification stage: After completion of the registration stage, the homeowner reviews the user registration and activates the account.
- Login stage: For the first login process, the user inputs credentials to obtain access to the required service. In this access, the system achieves contextual information that is related to the user, which will be later used with the predefined information at the registration time for calculating the confidence level for future access requests. For obtaining the highest level of authentication for subsequent access requests, the system associates the device that the users are using with their profile and available contextual information in the database. The Gateway will verify the context data related to the user, such as location, calendar, preferences, and log history. Based on the result, the user will or will not be granted access. The user’s level of access is determined by calculating the combined confidence level based on the available contextual information. The weights of these contexts can be easily set by the homeowner based on their preferred view of priority regarding the availability of the contextual information. For example, if a user does not have a calendar, the homeowner would replace the weights according to the available contextual attributes.
- In the case of access from outside the home environment to a specific device, access will be restricted based on the predefined policies and roles by the homeowner.
- Usage stage: The user now has access to smart devices through the web GUI, with the Gateway continually confirming access using the other contextual information and history logs.
4. Implementation
Contextual Information Retrieval
5. Evaluation Results
- The overhead (time/ms) imposed on the system by each added attribute used in the authentication process
- The authentication-assigned weights and thresholds set by the homeowner and their effects on access decision-making
- The ability for the server (Home Gateway) to handle multiple simultaneous requests without bottlenecking access to smart devices
5.1. Evaluation 1: Performance
5.2. Evaluation 2: Authentication Weights and Device Thresholds
5.3. Evaluation 3: Scalability
6. Security Analysis
6.1. Obtaining a User’s Login and Password
6.2. Obtaining a User’s Device
6.3. Brute Force or Guessing Attacks
6.4. Unauthorized Modification of Contextual Information
6.5. IP/MAC Address Spoofing and Data Protection
7. Conclusions and Future Work
Author Contributions
Funding
Conflicts of Interest
References
- Ashibani, Y.; Mahmoud, Q.H. Cyber Physical Systems Security: Analysis, Challenges and Solutions. J. Comput. Secur. Elsevier 2017, 68, 81–97. [Google Scholar] [CrossRef]
- Ashibani, Y.; Mahmoud, Q.H. An Efficient and Secure Scheme for Smart Some Sommunication Using Identity-Based Signcryption. In Proceedings of the IEEE 36th International Performance Computing and Communications Conference, IPCCC, San Diego, CA, USA, 10–12 December 2017; pp. 1–7. [Google Scholar] [CrossRef]
- Jeong, J.; Chung, M.Y.; Choo, H. Secure User Authentication Mechanism in Digital Home Network Environments. In Embedded and Ubiquitous Computing. EUC 2006; Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Springer: Berlin/Heidelberg, Germany, 2006; Volume 4096, pp. 345–354. [Google Scholar] [CrossRef]
- Forget, A. A World with Many Authentication Schemes. Ph.D. Thesis, Carleton University, Ottawa, ON, Canada, 2012. [Google Scholar]
- Li, Y.; Wang, H.; Sun, K. Personal Information in Passwords and Its Security Implications. IEEE Trans. Inf. Forensics Secur. 2017, 12, 2320–2333. [Google Scholar] [CrossRef]
- Dropbox Hackers Stole 68 Million Passwords. Available online: http://www.telegraph.co.uk/technology/2016/08/31/dropbox-hackers-stole-70-million-passwords-and-email-addresses/ (accessed on 8 October 2018).
- Covington, M.J.; Fogla, P.; Zhan, Z.; Ahamad, M. A Context-Aware Security Architecture for Emerging Applications. In Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC ’02), Las Vegas, NV, USA, 9–13 December 2002; pp. 249–258. [Google Scholar]
- Covington, M.J.; Sastry, M.R.; Manohar, D.J. Attribute-Based Authentication Model for Dynamic Mobile Environments. In Security in Pervasive Computing. SPC 2006; Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Springer: Berlin/Heidelberg, Germany, 2006; Volume 3934, pp. 227–242. [Google Scholar] [CrossRef]
- Benzekki, K.; El Fergougui, A.; Elalaoui, A.E.B. A Context-Aware Authentication System for Mobile Cloud Computing. Procedia Comput. Sci. 2018, 127, 379–387. [Google Scholar] [CrossRef]
- Kim, S.H.; Choi, D.; Kim, S.H.; Cho, S.; Lim, K.S. Context-Aware Multimodal FIDO Authenticator for Sustainable IT Services. Sustainability 2018, 10, 1656. [Google Scholar] [CrossRef]
- Ehatisham-ul-Haq, M.; Awais Azam, M.; Naeem, U.; Amin, Y.; Loo, J. Continuous Authentication of Smartphone Users Based on Activity Pattern Recognition Using Passive Mobile Sensing. J. Netw. Comput. Appl. 2018, 109, 24–35. [Google Scholar] [CrossRef]
- Lee, W.; Lee, R. Implicit Sensor-Based Authentication of Smartphone Users with Smartwatch. In Proceedings of the Hardware and Architectural Support for Security and Privacy, Seoul, Korea, 18 June 2016; ACM: New York, NY, USA, 2016; Volume 9. [Google Scholar] [CrossRef]
- Fuentes, D.; Maria, J.; Gonzalez-Manzano, L.; Ribagorda, A. Secure and Usable User-in-a-Context Continuous Authentication in Smartphones Leveraging Non-Assisted Sensors. Sensors 2018, 18, 1219. [Google Scholar] [CrossRef] [PubMed]
- Saevanee, H.; Clarke, N.L.; Furnell, S.M. Multi-Modal Behavioural Biometric Authentication for Mobile Devices. IFIP Adv. Inf. Commun. Technol. 2012, 465–474. [Google Scholar] [CrossRef]
- Ashibani, Y.; Mahmoud, Q.H. A Behavior Profiling Model for User Authentication in IoT Networks Based on App Usage Patterns. In Proceedings of the 44th Annual Conference of the IEEE Industrial Electronics Society (IECON), Washington, DC, USA, 21–23 October 2018; pp. 2841–2846. [Google Scholar]
- Ashibani, Y.; Mahmoud, Q.H. A User Authentication Model for IoT Networks Based on App Traffic Patterns. In Proceedings of the 9th Annual IEEE Information Technology; Electronics and Mobile Communication Conference (IEEE IEMCON), Vancouver, BC, Canada, 1–3 November 2018; pp. 1589–1595. [Google Scholar]
- Mahalle, P.N.; Anggorojati, B.; Prasad, N.R.P.; Prasad, R. Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things. J. Cyber Secur. Mobil. 2013, 1, 309–348. [Google Scholar]
- Yaici, M.; Oussayah, A.; Takerrabet, M.A. Trust-Based Context-Aware Authentication System for Ubiquitous Systems. Procedia Comput. Sci. 2018, 134, 35–42. [Google Scholar] [CrossRef]
- Chitalia, U.; Sanghavi, M.; Iyer, S.; Shah, S.; Jyotinagar, V. Single Sign On (SSO) Application for Websites. Int. J. Adv. Eng. Sci. Technol. 2014, 2, 207–212. [Google Scholar]
- Al Abdulwahid, A.; Clarke, N.; Stengel, I.; Furnell, S.; Reich, C. Continuous and Transparent Multimodal Authentication: Reviewing the State of the Art. Clust. Comput. 2016, 19, 455–474. [Google Scholar] [CrossRef]
- Aloul, F.; Zahidi, S.; El-Hajj, W. Two Factor Authentication Using Mobile Phones. In Proceedings of the IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2009, Rabat, Morocco, 10–13 May 2009; pp. 641–644. [Google Scholar] [CrossRef]
- Mock, K.; Weaver, J.; Milton, M. Poster: Real-Time Continuous Iris Recognition for Authentication Using an Eye Tracker. CCS 2012, 1007–1009. [Google Scholar] [CrossRef]
- Tsai, P.W.; Khan, M.K.; Pan, J.S.; Liao, B.Y. Interactive Artificial Bee Colony Supported Passive Continuous Authentication System. IEEE Syst. J. 2014, 8, 395–405. [Google Scholar] [CrossRef]
- Miettinen, M.; Nguyen, T.D.; Sadeghi, A.-R.; Asokan, N. Revisiting Context-Based Authentication in IoT. In Proceedings of the 55th ACM/ESDA/IEEE Design Automation Conference (DAC), San Francisco, CA, USA, 24–28 June 2018; pp. 1–6. [Google Scholar] [CrossRef]
- Zhou, K.; Ren, J. PassBio: Privacy-Preserving User-Centric Biometric Authentication. IEEE Trans. Inf. Forensics Secur. 2018, 13, 3050–3063. [Google Scholar] [CrossRef] [Green Version]
- Belguechi, R.; Alimi, V.; Cherrier, E.; Lacharme, P.; Rosenberger, C. An Overview on Privacy Preserving Biometrics. In Recent Application in Biometrics; InTech: London, UK, 2011; pp. 65–84. [Google Scholar]
- Karim, N.A.; Shukur, Z. Review of User Authentication Methods in Online Examination. Asian J. Inf. Technol. 2015, 14, 166–175. [Google Scholar] [CrossRef]
- Chaim Gartenberg. Hacker Beats Galaxy S8 Iris Scanner. Available online: https://media.ccc.de/v/biometrie-s8-iris-en#video&t=21 (accessed on 13 July 2018).
- Li, F.; Clarke, N.; Papadaki, M.; Dowland, P. Behaviour Profiling for Transparent Authentication for Mobile Devices. In Proceedings of the European Conference on Information Warfare and Security, Tallinn, Estonia; Academic Conferences International Limited: Sonning Common, UK, 2011; pp. 307–315. [Google Scholar]
- Shi, E.; Niu, Y.; Jakobsson, M.; Chow, R. Implicit Authentication through Learning User Behavior. In Proceedings of the Conference on Information Security, Boca Raton, FL, USA, 25–28 October 2010; Springer: Berlin/Heidelberg, Germany, 2011; Volume 6531, pp. 99–113. [Google Scholar] [CrossRef]
- Damopoulos, D.; Menesidou, S.A.; Kambourakis, G.; Papadaki, M.; Clarke, N.; Gritzalis, S. Evaluation of Anomaly-Based IDS for Mobile Devices Using Machine Learning Classifiers. Secur. Commun. Netw. 2012, 5, 3–14. [Google Scholar] [CrossRef]
- Niinuma, K.; Park, U.; Jain, A.K. Soft Biometric Traits for Continuous User Authentication. IEEE Trans Inf. Forensics Secur. 2010, 5, 771–780. [Google Scholar] [CrossRef] [Green Version]
- Agudo, I.; Rios, R.; Lopez, J. A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control. Comput. Secur. 2013, 39 Pt B, 117–126. [Google Scholar] [CrossRef]
- Corner, M.D.; Noble, B.D. Protecting Applications with Transient Authentication. In Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, San Francisco, CA, USA, 5–8 May 2003; pp. 57–70. [Google Scholar] [CrossRef]
- Mhamed, A.; Abi-char, P.E.; Mokhtari, B.E.M. A Dynamic Trust-Based Context-Aware Authentication Framework with Privacy Preserving. Int. J. Comput. Netw. Secur. 2010, 2, 87–102. [Google Scholar]
- Santoso, F.K.; Vun, N.C.H. Securing IoT for Smart Home System. Proc. Int. Symp. Consum. Electron. ISCE 2015, 5–6. [Google Scholar] [CrossRef]
- Ashibani, Y.; Kauling, D.; Mahmoud, Q.H. Poster: A Context-Aware Authentication Service for Smart Homes. In Proceedings of the 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 8–11 January 2017; pp. 587–588. [Google Scholar] [CrossRef]
- Ashibani, Y.; Kauling, D.; Mahmoud, Q.H. A Context-Aware Authentication Framework for Smart Homes. In Proceedings of the IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE), Windsor, ON, Canada, 30 April–3 May 2017; pp. 1–5. [Google Scholar] [CrossRef]
- Trnka, M.; Cerny, T.; Stickney, N. Survey of Authentication and Authorization for the Internet of Things. Secur. Commun. Netw. 2018, 1–17. [Google Scholar] [CrossRef]
- Qin, W.; Zhang, D.; Shi, Y.; Du, K. Combining User Profiles and Situation Contexts for Spontaneous Service Provision in Smart Assistive Environments. In Ubiquitous Intelligence and Computing. UIC 2008; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2008; pp. 187–200. [Google Scholar] [CrossRef]
- Henricksen, K. A Framework for Context-Aware Pervasive Computing Applications. Ph.D. Thesis, The School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, Australia, 2003. [Google Scholar]
- Schilit, B.; Adams, N.; Want, R. Context-Aware Computing Applications. In Proceedings of the First Workshop on Mobile Computing Systems and Applications, Santa Cruz, CA, USA, 8–9 December 1994; pp. 85–90. [Google Scholar] [CrossRef]
- Perera, C.; Member, S.; Zaslavsky, A.; Christen, P. Context Aware Computing for The Internet of Things: A Survey. IEEE Commun. Surv. Tutor. 2014, 16, 414–454. [Google Scholar] [CrossRef] [Green Version]
- Nazário, D.C.; Tromel, I.V.B.; Dantas, M.A.R.; Todesco, J.L. Toward Assessing Quality of Context Parameters in a Ubiquitous Assisted Environment. JISTEM-J. Inf. Syst. Technol. Manag. 2014, 11, 569–590. [Google Scholar] [CrossRef]
- Wrona, K.; Gomez, L. Context-Aware Security and Secure Context-Awareness in Ubiquitous Computing Environments. Ann. UMCS Inf. 2006, 4, 332–348. [Google Scholar]
- Manzoor, A.; Truong, H.L.; Dustdar, S. On The Evaluation of Quality of Context. In Proceedings of the European Conference on Smart Sensing and Context, Zurich, Switzerland, 29–31 October 2008; Springer: Berlin/Heidelberg, Germany, 2008; Volume 5279, pp. 140–153. [Google Scholar] [CrossRef]
- Buchholz, T.; Küpper, A.; Schiffers, M. Quality of Context: What It Is And Why We Need It. In Proceedings of the 10th International Workshop of the HP OpenView University Association (HPOVUA), Hewlet-Packard OpenView University Association, Geneva, Switzerland, July 2003; pp. 1–14. [Google Scholar]
- Linksys E1200 N300 Wireless Router. Available online: http://www.linksys.com/ca/p/P-E1200/ (accessed on 15 July 2018).
- DD-WRT Firmware. Available online: http://www.dd-wrt.com/site/index (accessed on 15 July 2018).
- Welcome | Flask (A Python Microframework). Available online: http://flask.pocoo.org/ (accessed on 15 July 2018).
- Welcome to Paramiko!—Paramiko Documentation. Available online: http://www.paramiko.org/ (accessed on 15 July 2018).
No. | Utilized Information | Advantages | Limitations |
---|---|---|---|
[8] | Location and e-receipt | Provides authentication model for mobile environments | Only includes location and e-receipt as contextual information based on the user’s presence |
[9] | Location, time and operating system processes | Provides context-aware authentication and implementation | Only uses GPS location, which will not be available in most cases, especially indoors |
[21] | SMS | Provides transparent and continuous authentication in addition to implementation | SMS function is ignored and replaced with apps that achieve the same purpose. |
[29] | Calls, SMS and GPS based location. | Enables implicit and continuous authentication | Only uses GPS location, which will not be available in most cases, especially indoors. In addition, SMS and calling functions are ignored and replaced with apps that achieve the same purpose. |
[30] | SMS, calls and geographic location | Provides implicit continuous authentication | SMS and calling functions are ignored and replaced with apps that achieve the same purpose. Only used GPS coordinates collected, which will not be available in most cases, especially indoors. |
[31] | Telephone calls and SMS | Provides illegitimate user detection | SMS and calling functions are ignored and replaced with apps that achieve the same purpose. |
[32] | Wearable clothing colors | Provides continuous user authentication | Unsuitable, for example, in an environment with a uniform clothing style; also restricts users to a specific type of clothing whenever they want to access the desired service. |
[34] | Small hardware tokens | Provides continuous authentication based on the user’s presence | Limits access to the use of location-based contexts |
[35] | Hardware token (RFID tags) location and profile | Perform authentication and access control approach in a very flexible and scalable model | Limited to only using locations and profiles; also does not provide any implementation or evaluation of the proposed framework. |
[36] | Location | Provides an analysis of the requirements of the design and implementation | Only uses Wi-Fi based location; no evaluation is provided. |
Context Type | Feature | Data Collected by | Available Remotely | Requires App or External API | Requires User Intervention |
---|---|---|---|---|---|
User Context | Location (GPS) | Device | Yes | No | No |
Access patterns (logs) | Gateway | Yes | No | No | |
Profile | Device | Yes | No | Yes | |
Calendar | Device | Yes | Yes | Yes | |
Device Context | Location (Bluetooth) | Gateway | Possible | No | No |
Operating System | Gateway | Yes | No | No | |
Browser | Gateway | Yes | No | No | |
Voltage value | Device | Yes | Yes | No | |
Wi-Fi access points | Device | Yes | Yes | No | |
Used applications | Device | Yes | Yes | No | |
Battery level | Device | Yes | Yes | No | |
MAC address | Gateway | Yes | No | No | |
Motion detection | Device | Yes | Yes | No | |
Rotation detection | Device | Yes | Yes | No | |
Compass (environment detection) | Device | Yes | Yes | No | |
Network Context | IP address | Gateway | Yes | No | No |
Connection type | Device | Yes | Yes | No | |
Ping | Gateway | Yes | No | No | |
Speed | Device | Yes | Yes | No | |
Trace route | Gateway | Yes | No | No | |
Environmental Context | Lighting | Device | Possible | Yes | No |
Temperature | Both | Possible | Yes | No | |
Pressure | Both | Possible | Yes | No | |
Humidity | Both | Possible | Yes | No | |
Loudness | Device | Possible | Yes | No |
Brand | Device Type | Device Name | Network Interfaces | Revision | Power |
---|---|---|---|---|---|
Linksys | Wireless Router | N300 Wi-Fi Router | 4x 10/100 Ethernet and 802.11n Wi-Fi | E1200-V2 | AC to DC |
Raspberry Pi Foundation | Single-Board Computer | Raspberry Pi 3 | 10/100 Ethernet, 802.11n Wi-Fi and Bluetooth 4.1 | Model B | USB to DC |
Belkin | Smart Switch | WeMo Insight Switch | 802.11n Wi-Fi | F7C029V2 | AC |
Philips | Smart Bulb | Hue White A19 | ZigBee | 9290011369 | AC / Edison Socket |
Belkin | Camera | NetCam HD+ | 802.11b/g/n Wi-Fi | F7D7606v1 | DC |
Used Credentials | Local Access Time (ms) | Internet Access Time (ms) |
---|---|---|
No authentication | 7 | 90 |
IP address-based location (network) | 8 | 90 |
Bluetooth-based location (proximity) | 14 | 97 |
Static credentials (username, password) | 15 | 96 |
Calendar access | 13 | 96 |
Used Credentials | Local Access Time (ms) | Internet Access Time (ms) |
---|---|---|
No authentication | 7 | 90 |
Location based on both IP address and Bluetooth | 14 | 90 |
Location based on both IP address and Bluetooth, and static credentials (username, password) | 16 | 98 |
Location based on both IP address and Bluetooth, static credentials (username, password), and calendar access | 20 | 98 |
(A) | (B) | |||
---|---|---|---|---|
Available Parameters | Assigned Weight/100 | User Security Level | Access Threshold/100 | |
Username & Password | 40 | 4 | 100 | |
Location (proximity) | 30 | 3 | 70 | |
Location (network) | 20 | 2 | 50 | |
Calendar | 10 | 1 | 30 |
Available Parameters | Weights | Confidence Level | User Security Level | Service Security Level | Access Decision |
---|---|---|---|---|---|
Username, password, and Bluetooth | 40, 30 | 70 | 3 | 2 | Granted |
Bluetooth and on local network | 30, 20 | 50 | 2 | 2 | Granted |
Scheduled and on local network | 10, 20 | 30 | 1 | 3 | Denied |
Username, Password | 40 | 40 (<50) | 1 | 4 | Denied |
Bluetooth | 20 | 20 | 1 | 2 | Denied |
Scheduled, Bluetooth and on local network | 10, 30, 20 | 60 (<70) | 2 | 2 | Granted |
Scheduled, Bluetooth and on local network | 10, 30, 20 | 60 (<70) | 2 | 1 | Granted |
© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Ashibani, Y.; Kauling, D.; Mahmoud, Q.H. Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes. Appl. Syst. Innov. 2019, 2, 4. https://doi.org/10.3390/asi2010004
Ashibani Y, Kauling D, Mahmoud QH. Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes. Applied System Innovation. 2019; 2(1):4. https://doi.org/10.3390/asi2010004
Chicago/Turabian StyleAshibani, Yosef, Dylan Kauling, and Qusay H. Mahmoud. 2019. "Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes" Applied System Innovation 2, no. 1: 4. https://doi.org/10.3390/asi2010004
APA StyleAshibani, Y., Kauling, D., & Mahmoud, Q. H. (2019). Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes. Applied System Innovation, 2(1), 4. https://doi.org/10.3390/asi2010004