Capability Based Network Access Control for Smart Home Devices

Abstract

Many smart home devices, such as smart speakers, are connected to a home network. However, conventional home networks do not control communications among devices including malicious devices. As a result, some malicious devices in a home network can steal private information from or manipulate devices that have no or weak access control mechanism. Some methods have been proposed to protect devices in home networks, but they require users to configure policies to do fine-grained control of device communications and it is a difficult task for ordinary people. In this paper, we propose an architecture to protect devices from malicious or unintended communications. We designed a capability based authorization architecture based on requirements for easy and user-centric access control in home networks. Also, we designed a method to control communications among devices relying on capabilities that are authorized in the proposed architecture. We have implemented a prototype system and have shown that it is possible to do fine-grained access control among devices in a home network with capability based authorization.