SoftAuthZ: A Context-Aware, Behavior-Based Authorization Framework for Home IoT

Nirnay Ghosh, Saket Chandra, Vinay Sachidananda, Yuval Elovici

Research output: Contribution to journalArticlepeer-review

16 Scopus citations


The smart home is one of the most prominent applications in the paradigm of the Internet of Things (IoT). While, it has added a level of comfort and convenience to our everyday life, at the same time, it brings a unique security challenge of mitigating insider threats, posed by legitimate users. Such threats primarily arise due to sharing of IoT devices and the presence of complex social and trust relationships among the users. The state-of-the-art home IoT platforms manage access control by deploying various multifactor authentication mechanisms. Nevertheless, such hard-security measures are inadequate to thwart insider threats, and there is a growing need to integrate user behavior and environmental contexts to make intelligent authorization decisions. In this article, we propose a novel context-sensitive and behavior-based security framework, called SoftAuthZ, that incorporates soft-security mechanisms, such as belief, confidence, etc., to support authorization decisions. Our framework integrates multiple IoT environment-specific attributes, such as environmental context, nature of the device, requested capabilities (actions), users' trust levels concerning the home environment, and variability in device access requests into a linear regression model, and computes confidence related to access requests. Such confidence scores can be used by the home IoT platform to make authorization decisions. Extensive analysis and simulation-based performance evaluation validate the efficacy of our framework, demonstrating that it can classify users based on their device usages, and also achieve higher rates of successful authorization.

Original languageEnglish
Article number8839776
Pages (from-to)10773-10785
Number of pages13
JournalIEEE Internet of Things Journal
Issue number6
StatePublished - 1 Dec 2019


  • Authorization
  • Internet of Things (IoT)
  • environmental contexts
  • insider threat
  • smart home
  • soft security
  • unalikeability

ASJC Scopus subject areas

  • Signal Processing
  • Information Systems
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications


Dive into the research topics of 'SoftAuthZ: A Context-Aware, Behavior-Based Authorization Framework for Home IoT'. Together they form a unique fingerprint.

Cite this