Journal of Communications and Networks

  • 제13권2호
  • /
  • Pages.175-186
  • /
  • 2011
  • /
  • 1229-2370(pISSN)
  • /
  • 1976-5541(eISSN)
한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지

Access Right Assignment Mechanisms for Secure Home Networks

  • Kim, Tiffany Hyun-Jin (Department of Electrical and Computer Engineering, Carnegie Mellon University) ;
  • Bauer, Lujo (Department of Electrical and Computer Engineering, Carnegie Mellon University) ;
  • Newsome, James (Department of Electrical and Computer Engineering, Carnegie Mellon University) ;
  • Perrig, Adrian (Department of Electrical and Computer Engineering, Carnegie Mellon University) ;
  • Walker, Jesse (Intel Corporation)
  • 투고 : 2010.10.27
  • 발행 : 2011.04.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

The proliferation of advanced technologies has been altering our lifestyle and social interactions-the next frontier is the digital home. Although the future of smart homes is promising, many technical challenges must be addressed to achieve convenience and security. In this paper, we delineate the unique combination of security challenges specifically for access control and consider the challenges of how to simply and securely assign access control policies to visitors for home devices and resources. We present a set of intuitive access control policies and suggest four access control settings based on our in-person interview results. Furthermore, we propose the automated Clairvoyant access right assignment (CARA) mechanism that utilizes home owners' social relationship to automatically deduce to which class a visitor belongs. The combination of CARA and the suggested mapping provides a promising first step for home policy assignment such that nonexpert home owners can let visitors use their home network with confidence. We anticipate that future research can build on our proposed mechanisms to provide confidence to non-expert home owners for letting visitors use their home network.

키워드

참고문헌

  1. M. Weiser, "The computer for the twenty-first century," Scientific American, vol. 265, pp. 94-104, Sept. 1991.
  2. T. H.-J. Kim, L. Bauer, J. Newsome, A. Perrig, and J.Walker, "Challenges in access right assignment for secure home networks," in Proc. USENIX HotSec, 2010.
  3. D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong, "Talking to strangers: Authentication in ad-hoc wireless networks," in Proc. NDSS, 2002.
  4. J. M. McCune, A. Perrig, and M. K. Reiter, "Seeing-is-believing: Using camera phones for human-verifiable authentication," in Proc. IEEE Symp. Security and Privacy, 2005.
  5. M. Blaze, J. Feigenbaum, and A. D. Keromytis, "KeyNote: Trust management for public-key infrastructures," in Proc. Int. Workshop on Security Protocols, 1999.
  6. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis, "The Key-Note trust management system," Internet Request for Comment RFC 2704, Internet Engineering Task Force, 1999.
  7. M. Blaze, J. Feigenbaum, and J. Lacy, "Decentralized trust management," in Proc. IEEE Symp. Research in Security and Privacy, 1996.
  8. Trusted Computing Group, "Trusted platform module main specification, Part 1: Design principles, Part 2: TPM structures, Part 3: Commands," Version 1.2, Revision 103, 2007.
  9. P. Bergstrom, K. Driscoll, and J. Kimball, "Making home automation communications secure," Computer, vol. 34, no. 10, pp. 50-56, 2001. https://doi.org/10.1109/2.955099
  10. C. A. Brodie, C.-M. Karat, and J. Karat, "An empirical study of natural language parsing of privacy policy rules using the sparcle policy workbench," in Proc. The Second Symp. Usable Privacy and Security, 2006.
  11. R. W. Reeder, L. Bauer, L. F. Cranor, M. K. Reiter, K. Bacon, K. How, and H. Strong, "Expandable grids for visualizing and authoring computer security policies," in Proc. Conf. Human Factors in Comput. Syst., 2008.
  12. J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor, "Crying wolf: An empirical study of SSL warning effectiveness," in Proc. USENIX Security, 2009.
  13. M. L. Mazurek, J. Arsenault, J. Breese, N. Gupta, I. Ion, C. Johns, D. Lee, Y. Liang, J. Olsen, B. Salmon, R. Shay, K. Vaniea, L. Bauer, L. F. Cranor, G. R. Ganger, and M. K. Reiter, "Access control for home data sharing: Attitudes, needs, and practices," in Proc. Int. Conf. Human Factors in Comput. Syst., 2010.
  14. A. K. Karlson, A. B. Brush, and S. Schechter, "Can I borrow your phone?: Understanding concerns when sharing mobile phones," in Proc. Int. Conf. Human Factors in Comput. Syst., 2009.
  15. L. Bauer, L. Cranor, R. W. Reeder, M. K. Reiter, and K. Vaniea, "Real life challenges in access-control management," in Proc. Conf. Human Factors in Comput. Syst., 2009.
  16. J. M. Seigneur, C. D. Jensen, S. Farrell, E. Gray, and Y. Chen, "Towards security auto-configuration for smart appliances," in Proc. The Smart Objects Conf., 2003.
  17. G. Ananthanarayanan, R. Venkatesan, P. Naldurg, S. Blagsvedt, and A. Hemakumar, "Space: Secure protocol for address-book based connection establishment," in Proc. HotNets, 2006.
  18. L. Bauer, S. Garriss, J. M. McCune, M. K. Reiter, J. Rouse, and P. Rutenbar, "Device-enabled authorization in the grey system," in Proc. The Int. Conf. Inf. Security, 2005.
  19. L. Bauer, L. Cranor, R. W. Reeder, M. K. Reiter, and K. Vaniea, "A user study of policy creation in a flexible access-control system," in Proc. Conf. Human Factors in Comput. Syst., 2008.
  20. A. Beaufour and P. Bonnet, "Personal servers as digital keys," in Proc. IEEE Int. Conf. Pervasive Comput. Commun., 2004.
  21. F. Zhu, M. W. Mutka, and L. M. Ni, "The master key: A private authentication approach for pervasive computing environments," in Proc. IEEE Int. Conf. Pervasive Comput. Commun., 2006.
  22. A. Mayer, A. Wool, and E. Ziskind, "Fang: A firewall analysis engine," in Proc. IEEE Symp. Security and Privacy, 2000.
  23. S. Hazelhurst, A. Attar, and R. Sinnappan, "Algorithms for improving the dependability of firewall and filter rule lists," in Proc. Int. Conf. Dependable Systems and Networks, 2000.
  24. E. S. Al-Shaer and H. H. Hamed, "Firewall policy advisor for anomaly detection and rule editing," in Proc. Int. Symp. Integr. Network Manage., 2003.
  25. F. Le, S. Lee, T. Wong, H. S. Kim, and D. Newcomb, "Minerals: Using data mining to detect router misconfigurations," in Proc. SIGCOMM Workshop on Mining Network Data, 2006.
  26. L. Bauer, S. Garriss, and M. K. Reiter, "Detecting and resolving policy misconfigurations in access-control systems," in Proc. ACM Symp. Access Control Models and Technol., 2008.
  27. M. Kuhlmann, D. Shohat, and G. Schimpf, "Role mining-revealing business roles for security administration using data mining technology," in Proc. ACM SACMAT, 2003.
  28. J. Schlegelmilch and U. Steffens, "Role mining with ORCA," in Proc. ACM SACMAT, 2005.
  29. R. Campbell, J. Al-Muhtadi, P. Naldurg, G. Sampemane, and M. D. Mickunas, "Towards security and privacy for pervasive computing," in Proc. Theories and Systems, Mext-NSF-JSPS (ISSS), 2002.
  30. M. Romn, C. K. Hess, R. Cerqueira, A. Ranganathan, R. H. Campbell, and K. Nahrstedt, "Gaia: A middleware infrastructure to enable active spaces," IEEE Pervasive Comput., vol.1 no. 2, pp. 74-83, 2002.
  31. P. Argyroudis and D. O'Mahony, "Securing communications in the smart home," in Proc. EUC, 2004.
  32. K. Kostiainen, O. Rantapuska, S. Moloney, V. Roto, U. Holmstrom, and K. Karvonen, "Usable access control inside home networks," Nokia Research Center, Tech. Rep. NRC-TR-2007-009, 2007.
  33. A.Marin, W.Mueller, R. Schaefer, F. Almenarez, D. Diaz, and M. Ziegler, "Middleware for secure home access and control," in Proc. IEEE Int. Conf. Pervasive Comput. and Commun. Workshops, 2007.
  34. M. Johnson and F. Stajano, "Usability of security management: Defining the permissions of guests," in Proc. The Security Protocols Workshop, 2006.
  35. A. J. B. Brush and K. M. Inkpen, "Yours, mine and ours? Sharing and use of technology in domestic environments," in Proc. Ubicomp, 2007.