CREBAS: Enabling Network Access Control in a Home with One Click

抄録

Many smart home devices, such as smart speakers, are connected to a home network. Conventional home networks do not control communications among devices, including malicious devices. As a result, malicious devices in a home network can steal private information and manipulate devices that have no or weak access control mechanisms. Some methods have been proposed to protect devices, but cannot control communications in some situations and do not discuss their authorization architecture or usability. Malicious devices can bypass access control, and users may make incorrect configurations due to their complexity. They can make access control meaningless. In this paper, we propose CREBAS, which enables network access control to protect devices from malicious or unintended communications. We propose a capability-based authorization architecture and discuss its validity according to the guidelines for access control in a home. Also, we propose methods that provide more fine-grained and stricter network access control according to authorized capabilities. We have implemented a prototype of CREBAS. The prototype has shown that the performance degradation is acceptable, and it is possible to perform access control with one click in a real protocol used in a home network.