Securing openHAB Smart Home Through User Authentication and Authorization

Jesús Antonio Soto Velázquez
The Internet of Things (IoT) is a dynamic and heterogenous environment where Things gather data from the real world to perform various tasks. Applications in IoT, such as the smart home, typically use private data derived from its users for its operations. Security becomes a concern when these applications are exposed to insecure networks. OpenHAB is an OSGi-based automation software that integrates the data from devices at home. OpenHAB does not enforce any access control mechanism for its users, and depends solely on the security of the wireless network.
In this work, we studied and implemented a JSON Web Token-based authenticator for Eclipse SmartHome, the core of openHAB, as a base for access control mechanisms. Furthermore, we propose a fine-grained, yet usable authorization model to manage access permissions to things among legitimate users. The results obtained show that it is feasible to enforce access control mechanisms for servlet and REST resources in the architecture of openHAB.
Graduation Thesis language
Graduation Thesis type
Master - Computer Science
Satish Narayana Srirama and Danilo Gligoroski
Defence year