A security authorization scheme for smart home Internet of Things devices

The Internet of Things (IoT) is becoming an important factor in many areas of our society. IoT brings intelligence to critical aspects like transportation, industry, payments, health and many others. The interaction between embedded devices and Cloud based web services is a common scenario of IoT deployment. From the security point of view, both users and smart devices must establish a secure communication channel and have a form of digital identity. Most of the times, the usage of IoT devices requires an already existing infrastructure which cannot be controlled by the device owner, for instance in a smart home. This scenario requires a security stack suitable for heterogeneous devices which can be integrated in already existing operating systems or IoT frameworks. This paper proposes a lightweight authorization stack for smart-home IoT applications, where a Cloud-connected device relays input commands to a user's smart-phone for authorization. This architecture is user-device centric and addresses security issues in the context of an untrusted Cloud platform.