Addressing the inconsistent security policies across various IoT management channels like Bluetooth and Cloud, researchers developed DMCGuard. This framework utilizes a capability-based access control model to unify permissions across diverse channels, providing a robust and backward-compatible solution to prevent unauthorized access in smart environments without modifying underlying protocols.
The rapid expansion of the Internet of Things (IoT) has introduced a convenient yet risky feature: Multiple Management Channels (DMC), where devices are controlled via Bluetooth, Wi-Fi, or the Cloud simultaneously. However, these channels often lack consistent security policies and fine-grained access control. Users might encounter scenarios where restrictive policies on a mobile app are bypassed through a less secure Bluetooth connection. This fragmentation creates significant vulnerabilities, allowing unauthorized access or privilege escalation. The absence of a unified defense mechanism across heterogeneous protocols remains a critical pain point, hindering the establishment of a truly secure and trustworthy IoT ecosystem for smart homes and industrial applications.
To bridge this gap, the HUST research team proposed DMCGuard, a novel framework designed for fine-grained control over multiple IoT management channels. At its core, DMCGuard implements a capability-based access control model that functions as a unified policy enforcement layer. By generating dynamic, cryptographically secure tokens for specific actions, it ensures that every command—regardless of the transmission channel—undergoes rigorous validation against a centralized security policy. This middleware approach allows for precise permission management without requiring modifications to the devices' original firmware or protocols. It effectively isolates threats and enforces the principle of least privilege across the entire management spectrum.
Comprehensive evaluations on real-world devices, including smart locks and cameras, demonstrate that DMCGuard achieves high detection accuracy with minimal latency. It successfully thwarts cross-channel unauthorized access attempts while maintaining high compatibility with existing IoT standards. This research provides a scalable strategy for securing decentralized device management, offering significant theoretical and practical value for the future of smart environment protection.
DOI
10.1007/s11704-024-40143-0