Primary Investigator:
Smriti Bhatt

Project Members
Hritik Thapa Smriti Bhatt

Smart homes consist of a dynamic set of IoT Devices with a diverse set of features and control. Researchers discuss smart home environments involving multiple users with complex social relationships interacting with those devices. However, the atomic unit of security remains the individual. Access control frameworks should be able to robustly model a single user's behavior over time. Traditional access control models such as RBAC, ABAC, and hybrid approaches (e.g., EGRBAC, HABAC, HyBAC_AC) provide mechanisms for fine-grained and dynamic authorization, but they often fail to capture the situational and behavioral trust aspects necessary for secure operations in these complex social environments. In this paper, we propose a Dynamic Trust Based Access Control for Smart Homes (DTBAC_SH) for smart home IoT that integrates attribute-based policies with a dynamic trust score derived from user behavior and historical access patterns. Our approach leverages session and user attributes to enforce ABAC-style policies while continuously updating a trust score based on time series access data of the user. We propose a shift toward dynamic evaluation, analyzing a user’s behavioral history as a time-dependent variable to ensure authorization levels reflect real-time trustworthiness. We present a practical implementation of the proposed framework using cloud and edge components, including JWT-based authentication, AWS IoT Core, and smart lock devices. A detailed threat model and security analysis are conducted to evaluate the system against common attack scenarios such as token replay, token forgery, MQTT interception, and policy misconfigurations. The results show that integrating trust into access control decisions improves flexibility and resilience, while also highlighting configuration and deployment challenges in real-world IoT systems. Finally, we outline future directions toward more adaptive and scalable smart home security.