Jointly Achieving Smart Homes Security and Privacy through Bidirectional Trust
Abstract The increasing complexity of the smart home ecosystem necessitates effective solutions to pressing security and privacy challenges. Typically, authentication and authorization processes establish system security (i.e., system-to-user trust). Once approved, users are primarily concerned abou...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2025-04-01
|
| Series: | EURASIP Journal on Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1186/s13635-025-00199-2 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850172406986964992 |
|---|---|
| author | Osman Abul Melike Burakgazi Bilgen |
| author_facet | Osman Abul Melike Burakgazi Bilgen |
| author_sort | Osman Abul |
| collection | DOAJ |
| description | Abstract The increasing complexity of the smart home ecosystem necessitates effective solutions to pressing security and privacy challenges. Typically, authentication and authorization processes establish system security (i.e., system-to-user trust). Once approved, users are primarily concerned about privacy protection (i.e., user-to-system trust) when utilizing system services that require sensitive data for their functionality. We define “user-to-system trust” as the user’s confidence in data privacy protection. To establish bidirectional trust, this study enhances the Authentication Enabled Attribute-Based Access Control (AeABAC) model for user privacy protection. While traditional AeABAC focuses on system-to-user trust (authentication and authorization), it lacks mechanisms to address user-to-system trust, leaving users vulnerable to privacy risks such as opaque data handling, insufficient consent frameworks, and unmitigated disclosure risks. This study enhances the AeABAC model by integrating a risk-based privacy approach to address these gaps. The proposed Risk-Based Privacy Approach for the AeABAC model aims to build user confidence by identifying relevant privacy profile information within the smart home environment. It conducts privacy risk assessments by evaluating the likelihood of data disclosure and examining the potential harm (disclosure impact) users may face if their data is exposed. Ultimately, this approach safeguards users’ privacy by offering transparent and informative protections regarding data collection and disclosure. The key findings demonstrate that the RBP-AeABAC model enables role-specific privacy decisions (e.g., stricter controls for children), and balances usability and security through dynamic consent mechanisms. Use-case scenarios validate its practicality in real-world smart home ecosystems. |
| format | Article |
| id | doaj-art-812c8c7043734cb9a31c5b2f4a96b2df |
| institution | OA Journals |
| issn | 2510-523X |
| language | English |
| publishDate | 2025-04-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | EURASIP Journal on Information Security |
| spelling | doaj-art-812c8c7043734cb9a31c5b2f4a96b2df2025-08-20T02:20:06ZengSpringerOpenEURASIP Journal on Information Security2510-523X2025-04-012025112010.1186/s13635-025-00199-2Jointly Achieving Smart Homes Security and Privacy through Bidirectional TrustOsman Abul0Melike Burakgazi Bilgen1Department of Computer Science, College of Computing and Informatics, University of SharjahDepartment of Computer Engineering, TOBB University of Economics and TechnologyAbstract The increasing complexity of the smart home ecosystem necessitates effective solutions to pressing security and privacy challenges. Typically, authentication and authorization processes establish system security (i.e., system-to-user trust). Once approved, users are primarily concerned about privacy protection (i.e., user-to-system trust) when utilizing system services that require sensitive data for their functionality. We define “user-to-system trust” as the user’s confidence in data privacy protection. To establish bidirectional trust, this study enhances the Authentication Enabled Attribute-Based Access Control (AeABAC) model for user privacy protection. While traditional AeABAC focuses on system-to-user trust (authentication and authorization), it lacks mechanisms to address user-to-system trust, leaving users vulnerable to privacy risks such as opaque data handling, insufficient consent frameworks, and unmitigated disclosure risks. This study enhances the AeABAC model by integrating a risk-based privacy approach to address these gaps. The proposed Risk-Based Privacy Approach for the AeABAC model aims to build user confidence by identifying relevant privacy profile information within the smart home environment. It conducts privacy risk assessments by evaluating the likelihood of data disclosure and examining the potential harm (disclosure impact) users may face if their data is exposed. Ultimately, this approach safeguards users’ privacy by offering transparent and informative protections regarding data collection and disclosure. The key findings demonstrate that the RBP-AeABAC model enables role-specific privacy decisions (e.g., stricter controls for children), and balances usability and security through dynamic consent mechanisms. Use-case scenarios validate its practicality in real-world smart home ecosystems.https://doi.org/10.1186/s13635-025-00199-2Internet of ThingsSmart home ecosystemAttribute-based access controlPrivacy profileUser privacy risk assessment |
| spellingShingle | Osman Abul Melike Burakgazi Bilgen Jointly Achieving Smart Homes Security and Privacy through Bidirectional Trust EURASIP Journal on Information Security Internet of Things Smart home ecosystem Attribute-based access control Privacy profile User privacy risk assessment |
| title | Jointly Achieving Smart Homes Security and Privacy through Bidirectional Trust |
| title_full | Jointly Achieving Smart Homes Security and Privacy through Bidirectional Trust |
| title_fullStr | Jointly Achieving Smart Homes Security and Privacy through Bidirectional Trust |
| title_full_unstemmed | Jointly Achieving Smart Homes Security and Privacy through Bidirectional Trust |
| title_short | Jointly Achieving Smart Homes Security and Privacy through Bidirectional Trust |
| title_sort | jointly achieving smart homes security and privacy through bidirectional trust |
| topic | Internet of Things Smart home ecosystem Attribute-based access control Privacy profile User privacy risk assessment |
| url | https://doi.org/10.1186/s13635-025-00199-2 |
| work_keys_str_mv | AT osmanabul jointlyachievingsmarthomessecurityandprivacythroughbidirectionaltrust AT melikeburakgazibilgen jointlyachievingsmarthomessecurityandprivacythroughbidirectionaltrust |