Font Size: a A A

Research On Internet Of Things Smart Home Access Control Technology

Posted on:2021-10-09Degree:MasterType:Thesis
Country:ChinaCandidate:Y L LiFull Text:PDF
GTID:2492306050454324Subject:Master of Engineering
Abstract/Summary:
With the development of the Internet of Things,Io T devices have brought tremendous convenience to people’s lives.For better control of Io T devices,the Io T devices have evolved from early single-user control to multi-role control.Multi-role access can control scenarios that exist in homes,workplaces,and hotels.The resulting security problems will not only cause information leakage but also threaten personal safety and property safety.However,the existing researches on multi-role access control scenarios focus more on providing users with more appropriate policy models.Few studies focus on the security problems in multi-role scenarios of existing platforms.At the same time,the Internet of Things has phenomena such as the lack of standardized architecture;smart devices are complex and highly differentiated;the differences in function implementation.All these make it challenging to analyze the security issues of Io T access control.The main goal of this thesis is to study the security of access control of the Internet of Things under multiple roles.The innovations and main contributions include the following three parts:(1)By investigating the multi-role access control of popular Io T platforms,this paper defines the role access control model applicable to the current multi-role access control scenarios.It can explain the relationship between multiple roles and the permissions of different role’s operations in the multi-role access control scenario.At the same time,by analyzing the popular Internet of Things platforms,we found that there are potential security risks and unauthorized access vulnerabilities in multi-role access control.(2)Design and implement a security analysis framework for multi-role access control.This framework analyzes the security of multi-role access control scenarios from two modules: scenario analysis and unauthorized vulnerability detection.The scenario analysis module summarized the interaction process of the multi-role access control scenario and evaluated the security of the identity authentication scheme by analyzing the interaction process;the unauthorized vulnerability detection module base on the Xposed technology of the Hook module.It detects a possible unauthorized vulnerability in this scenario by replacing the normal operation with the unauthorized operation.(3)We test access control scenarios of seven popular Io T platforms.Using our security analysis framework,we resumed the interaction process of the multi-role access control scenarios and discovered four types of unauthorized access vulnerabilities on seven platforms.Besides,we find that 15 APIs in the seven platforms have no identity verification.Attackers can directly access the device and user information through the API,which brings high-security risks to the privacy and security of users and devices.
Keywords/Search Tags:Internet of Things, Access Control, Unauthorized Vulnerability, Multiple Roles, Identity Authentication
Related items