Automated building management systems, commonly referred to as "smart home" technology, are increasingly utilized to address various challenges faced during building operations. This technol ogy employs modern automation systems and a range of peripheral devices to enhance security, conserve resources, and improve overall living conditions. A key feature of smart home technology is the active interaction among various automated subsystems, which enables the system to recog nize and respond effectively to different situations.

Numerous communication protocols are available in the field of building automation; however, there are currently no universally accepted standards for networking the devices that comprise a smart home system [ 1,2 ]. Utilizing local area network (LAN) technologies is often ineffective due to their inherent redundancy. Technologies used in smart home systems must meet specific criteria, including low power consumption, high reliability, secure transmission, low cost, and ease of physical deployment. It is also important to note that many applications do not require high data transfer rates.

When comparing wired and wireless networks, the ease of physically deploying network devices is a decisive factor. A family of competitive wired network technologies known as Power Line Communication (PLC) relies on the fact that most premises are electrified. This allows for the establishment of both wired and wireless networks using technologies such as X10, INSTEON, HomePlug, and LonWorks for communication via electrical wiring, as well as Bluetooth, Z-Wave, and ZigBee for wireless communication.

Z-Wave, a proprietary protocol stack developed and supported by the Z-Wave Alliance, is con sidered one of the most promising protocols for smart home systems. Critical components of these automation systems, such as locks, currently utilize AES-128 encryption. However, this encryption is an extension of the standard, meaning that older devices may not support it. Moreover, some de vices have vulnerabilities in their key exchange protocol implementations, which can allow unau thorized access using the default key "000000000000000000000000000000000h" [ 3 ].

Several solutions exist to facilitate the management of smart home systems based on the ZWave protocol. One such solution certified by the Z-Wave Alliance is Z-Way, which provides a web interface and API for interacting with the system. Unfortunately, authentication and data encryption mechanisms are not included. Consequently, if an attacker compromises the local net work, they can take arbitrary actions within the smart home system.

ZigBee is an open wireless communication standard designed for automation systems. The standard includes upper-layer network protocol specifications for the application and network layers, while the lower-layer services – medium access control and physical layers – are governed by the IEEE 802.15.4 standard. The application layer defines the ZigBee device object, support layer, and the application development interface (ADI), which specifies standard data types, service discovery descriptors, and packet formats, enabling rapid development of simple, attribute-based profiles. Application objects are software modules that control ZigBee devices at the endpoints.

The application support sublayer provides data to applications and manages the connection of devices to the ZigBee network, also storing device data. ZigBee networks can operate in modes that permit unencrypted communication; however, the standard security level does not guarantee secure distribution of network keys.

To mitigate replay attacks, a mechanism for monotonically increasing counters is integrated, but implementing this can induce network issues, necessitating manual counter resets. Without this option enabled, replay attacks can easily occur [ 4 ]. Tools like the KillerBee framework have been developed to analyze ZigBee networks and demonstrate such vulnerabilities in practice.

Overall, smart home systems encounter several security threats common to many computer networks [ 5 ]. An examination of various attacks and the vulnerabilities leading to their success can be found in Table 1.

Based on the threats examined, creating methods for protecting smart home systems is cur rently a pressing scientific task, which is the subject of this article.

A smart home includes many interconnected devices, such as sensors, cameras, controllers, and other smart components, that provide comfort and security. However, these devices also create vulnerabilities that can be exploited to compromise the system’s security. Based on the threats listed above, let us examine the shortcomings of existing smart home security methods.

Many smart home devices can connect via common channels such as Wi-Fi or Bluetooth. Existing security methods are often insufficiently effective at scanning connected devices for viruses or malware, allowing infected devices to penetrate the system and threaten the security of other smart home components [ 6,7 ].

Internal smart home networks can be vulnerable to attack through weak passwords or a lack of security updates. Traditional security methods, such as antivirus software or firewalls, are ineffective against sophisticated attacks, especially when multiple devices interact [ 8,9 ]. Disruption or failure of the central server, and consequently the entire system. Violation of the confidentiality, integrity, and

availability of information System software failures, resulting in system hardware malfunction or failure. Violation of the confidentiality, integrity, and

availability of information

Violation of the confidentiality of information transmitted over the channel.

Possible system control takeover Lack of (or ineffective) authentication and identificationmechanisms

Violation of the confidentiality, integrity, and availability of information located

within the network Lack of (or ineffective) authentication and identification mechanisms

Violation of the confidentiality, integrity, and availability of information located

within the network Lack (ineffectiveness) of system protection mechanisms against user misuse

Violation of confidentiality, integrity, and availability of information. System failures are possible due to improper use of equipment Low equipment reliability, low personnel qualifications

Violation of confidentiality, integrity, and

availability of information Use of unlicensed software, low qualifications of personnel, and a lack of access to information (inefficiency) in testing purchased software

Violation of confidentiality, integrity, and availability of information

Existing systems may use simple data processing algorithms that cannot always account for possible sensor failures. For example, if a temperature sensor produces incorrect data, the system may fail to recognize the problem and continue executing erroneous commands, leading to undesirable consequences (e.g., overheating or cooling) [ 10,11 ].

When devices fail, commands may be sent to the system in an incorrect format or with errors. Current security methods are typically unable to effectively diagnose such errors and prevent their impact on the system, which can lead to unstable or even dangerous operation [12,13].

Configuring smart home devices often depends on predefined settings and user preferences. Configuration errors can lead to improper operation, causing inconvenience or even a security threat. Modern security systems are not always able to adequately manage complex and changing configurations [14,15].

Errors in configuring device operating modes (for example, incorrectly configured heating or s-e curity systems) can lead to malfunctions. This creates additional security risks, as it is impossible to predict or control the system’s behavior in the event of errors [ 8,16 ].

Given all these threats, the need for more comprehensive and flexible security systems that can effectively prevent and respond to potential threats is clear [17]. In this context, access control models (ACMs) are becoming integral to any smart home system. Access control models can en sure access rights are differentiated between different devices and users, preventing unauthorized actions and minimizing the risks associated with malicious code, device failures, and configuration errors. The use of ACMs helps prevent many types of attacks, restricts access to only necessary de vices, and ensures protection at the smart home infrastructure level.

Simple access control models (e.g., basic login and password authentication mechanisms) have several significant shortcomings that can be critical to smart home security. Limited authentication capabilities. Simple access control systems cannot effectively identify a de vice or user based on multiple factors, such as user behavior, interaction context, or current state [ 9,18 ].

Lack of flexibility in responding to threats. Simple access control systems often operate according to rigidly defined rules. They cannot adapt to changes in context, such as changes in device behavior depending on time of day, operating mode, or other factors [19,20].

Vulnerability to brute-force attacks. Simple models based on passwords or PINs are susceptible to brute-force or phishing attacks, allowing attackers to bypass security [21,22] easily.

Ineffectiveness in distributed systems. In a smart home system, devices may be located at different points on the network, and a simple access control mechanism cannot effectively manage ac cess between multiple system components, especially when using different communication proto cols and the vulnerabilities associated with them [23, 24].

The context-based access control model provides a much more flexible and robust security solu tion than simpler methods. In the smart home context, the following factors can be taken into ac count: 1.

User and device context. Models can track not only user identity but also current behavior, such as user location, access time, and task context. For example, access to a heating control system can be permitted only during certain hours or only when the user is in the home. Dynamic adaptation. Context-based systems can change their decisions based on the cur rent system state, for example, blocking access if a sensor detects anomalies in device operation or if an unauthorized connection attempt is detected.

Distributed access control. In a smart home, many devices operate autonomously, and con text-based models allow access control to be integrated at the device level, not just at the central server or user level.

Thus, the context-based access control model provides higher protection and flexibility, which is critical for maintaining security in complex and dynamic environments such as the smart home.

Context-based access control models differ from traditional models that rely on static information about the protected system. Instead, they utilize information about the system’s state when the controlled operation is executed. This information is referred to as "context."

Context represents the aggregate state of system devices during an operation. A device’s state is defined by its parameters, which can be read by third-party devices. Therefore, context consists of various elements describing measurable system parameters. Examples include the current time, device location, and tasks being performed.

Context may also encompass historical data on individual parameters. In this case, it is essential to store information about the relationships between these parameters to track their combined changes over time. The presence of historical data does not contradict the definition of context as the state of the system at the time of an operation, as the current state results from certain previ ously occurring events reflected in the context's change history.

One crucial task in developing context-based access control models is the collection and analysis of context. For effective access control purposes, it is important to prepare the raw data gathered from sensors. The following data preparation stages can be identified: 1. Data Normalization. This process involves converting data from various devices into a uni fied format suitable for processing by the access control system. 2. Data Filtering. This stage focuses on identifying data that is relevant for analysis. 3. Data Correlation. At this initial data preparation stage, various dependent values are correlated.

Access control in context models is conducted based on extended rules derived from context. These rules refine access rights according to known context parameters. An example of a language used for context-based access control rules is the access control policy language, which is similar to the predicate logic employed in expert systems.

In this work, the context model builds upon the role model by dynamically assigning roles based on context.

The access control policy establish in advance, taking into account the conditions and requirements of the protected system. Particular attention give to developing rules for assigning a user’s trust level based on context values. The access-granting process can be represented as a diagram, as shown in Figure 1.

Figure 1 illustrates the main components involved in the access process. A typical scenario is depicted, where a user seeks access to a service provided by one device within a "smart environ ment."

Communication between the user and the device occurs through specialized equipment sup porting the "smart environment," which connects devices into a single network and collects context information. The environment includes an access broker, designed to perform user access verification operations.

A service user submits a request to operate, which requires a specific access level. Before executing the request, the broker requests information about current access rights from the access control service, providing it with the current context.

The access control service, which stores the system’s security policy, determines access rights using the following algorithm:

The digital signature of the user’s context is verified. If the signature is valid, the process continues. Otherwise, the access control service denies access.

The user’s trust levels are calculated based on the context elements. At this stage, the con text is analyzed, and these values will not be used further.

The user's ability to be assigned roles is checked based on the trust levels of the context elements, resulting in a list of user roles.

Based on this list of roles, access rights to the requested service are verified. The operation result is then returned to the broker.

Then, if access is granted, the requested operation is performed. The service receives informa tion about the user’s access level and reports the operation’s result. 4. Expert Access Control System for Access Management in a Smart Home

System

The second form is used to impose arbitrary constraints on context elements. Context element constraints are fragments of the description of the safe state of the smart home system. The primary objective of context analysis in the developed expert access control system is to detect inconsistencies between potentially possible operations in the smart home system and established context restrictions.

Therefore, the context analysis algorithm is used to determine the list of current restrictions Constraint and rules of type Execute=(S ,O , A ) that conflict with the current restrictions.

An important feature is that rules of the Constraint (context_condition, parameter, value_expression) type allow the context to be supplemented with new calculated parameters. This capability allows for creating complex rule chains that can be supplemented by rules from new devices introduced into the system.

This same feature must be taken into account when conducting context analysis. To describe the algorithm with this in mind, the concept of an “involved rule” Constraint is introduced. At the beginning of the algorithm, a list of rules Constraint to be processed is compiled. Initially, the list consists of all rules present in the system. An “involved rule” is a rule from the list of rules to be executed in the current context. This rule is applied immediately upon activation. Further actions depend on the rule type.

If this rule has the form Constraint (context_condition, parameter, value_expression) then a new parameter is added to the context as a result of the calculation value_expression.

If such a parameter exists in the context, the new value is added to the list of possible values. The new value is also added to the list of context constraints. Contradictions are not identified at this stage since they do not affect the integrity level assignment.

If a rule of the form Constraint (context_condition, conditional_expression) is invoked on the context constraint list, then the condition is added. After a rule is invoked, it is removed from the list of rules to be processed. This process is repeated until, at the next iteration, no more invoked rules are left in the list of rules to be processed.

Further processing of the compiled list of context constraints involves identifying rules that violate these constraints. To do this, for each rule Execute=(S, O, A) used in the system, the resulting parameter changes are checked using the function Description(O, A). All rules whose execution would violate the conditions imposed on the context are added to the list of rules that cause conflicts. The result of the algorithm is a list of context constraints and access rules that conflict with them.

Below are examples of some rules.

Unauthorized Access Attempt: Constraint ( context_condition: time_between(00:00, 05:00) AND device_class == "controller", conditional_expression: source_ip NOT IN trusted_ips )

This rule prevents controller-level access attempts from unknown IP addresses during vulnerable hours (e.g., midnight to 5 a.m.).

Repeated Failed Login Attempts: Constraint ( context_condition: failed_login_attempts > 5 AND device_class == "admin_panel", parameter: alert_level, value_expression: "high")

Triggers a high alert level when too many failed login attempts are detected on the admin panel, indicating a potential brute-force attack.

Unexpected Parameter Change: Constraint ( context_condition: last_config_change_source != "authorized_admin", conditional_expression: config_modified == true) Flags unauthorized configuration changes possibly indicating compromise of the central node. Unknown Device Performing Restricted Operations:

Constraint (context_condition: device_class == "light_bulb" AND Operation == "network_scan",

conditional_expression: false)

Devices in the "light_bulb" class are not expected to perform network scans. This rule blocks un expected operations, hinting at Trojan behavior.

Unexpected Data Transmission: Constraint ( context_condition: device_class IN ["thermostat", "camera"] AND data_sent_outside == true, parameter: suspicious_activity, value_expression: true) If typical local-only devices send data to unknown external servers, it could indicate a Trojan. Unauthorized Parameter Creation: Constraint (

context_condition: new_parameter_created == true AND source_device NOT IN trusted_devices,

conditional_expression: false )

Blocks unknown devices from injecting new parameters or modifying system context—this is a behavior often used by Trojans to insert hidden rules.

Multiple Failed Configuration Changes: Constraint ( context_condition = (User.failed_config_changes > 2), parameter = "ConfigLock", value_expression = "true")

If the user fails to apply configuration changes more than twice, lock further configuration attempts.

Unusual Access Time: Constraint ( context_condition = (User.access_time NOT BETWEEN 8:00 AND 20:00), conditional_expression = "RaiseAlert")

If access is attempted outside normal working hours, raise an alert Incorrect Password Attempts: Constraint ( context_condition = (User.login_attempts > 3), parameter = "AccountLock", value_expression = "true")

If the user has tried to log in more than 3 times unsuccessfully, the system adds a new parameter. Temperature Sensor Failure: Constraint ( context_condition = (Sensor.temperature.value > NormalMaxTemperature AND Sensor.temperature.trend = "not_decreasing"), parameter = "HeaterStatus", value_expression = "OFF")

If the temperature exceeds the normal limit and continues not to decrease, then the parameter HeaterStatus with the value "OFF" is added to the context — that is, the heating is forcibly turned off.

Battery Low Warning: Constraint ( context_condition = (Device.battery_level < 15%), conditional_expression = "SendBatteryWarning")

If the battery level drops below 15%, send a battery warning.

Network Module Disconnected: Constraint ( context_condition = (Device.network_module.status = "Disconnected"), parameter = "NetworkAvailable", value_expression = "false")

If the network module is disconnected, update the context to indicate network is unavailable.

Although the expert access control system focuses primarily on context constraints, the complete architecture of the proposed model (Fig. 1) also incorporates two additional groups of rules: Trust Level Rules and Role-Matching Rules. These rules operate at earlier stages of access decision-mak ing and complement the context analysis mechanism.

Trust Level Rules determine the user’s or device’s trust level based on current and historical context elements (e.g., behavioral anomalies, time of access, deviation from typical activity, device in tegrity). The trust level represents an intermediate evaluation metric used to refine access rights be fore role assignment.

Role-Matching Rules define how roles are assigned to subjects according to their computed trust level and contextual compliance. A role is considered applicable to a user or device only if all its pre conditions are satisfied (minimum trust, allowed device class, time-of-day restrictions, or security posture requirements). These rules ensure that role assignment dynamically adapts to the current state of the smart home environment.

Below are examples of possible Trust Level Rules and Role-Matching Rules that illustrate their function within the system.

Low Trust at Night for Unknown Devices: TrustRule( context_condition: time_between(00:00, 05:00) AND device_class NOT IN trusted_devices, trust_level: "low") Unknown devices active during nighttime are assigned a low trust level.

Trust Reduction After Repeated Failed Logins: TrustRule(

context_condition: failed_login_attempts > 3, trust_adjustment: "-1") Each failed login attempt decreases the trust level.

High Trust for Recently Verified Devices: TrustRule(

context_condition: integrity_check == "passed", trust_level: "high") Devices that recently passed integrity validation receive high trust.

Administrative Role Requires High Trust: RoleMatch( role: "admin", required_trust: "high", context_condition: device_class == "controller") Only trusted controllers can obtain the "admin" role.

Guest Role Allowed Only During Daytime: RoleMatch( role: "guest", context_condition: access_time BETWEEN 08:00 AND 20:00)

A total of 1,500 rule instances were developed for the expert system prototype.

A smart home system comprising devices of various classes was simulated. Python was chosen for implementation as a general-purpose language with a proven track record for rapid prototyping. The SimPy discrete-event simulation library was selected for modeling. The library utilizes Python’s gen erator interface, enabling the simulation of multi-agent systems through cooperative multitasking by implementing agents as coroutines.

The smart home system description is stored in a JSON file, which specifies the devices included in the system, their parameters, and the operations Operations(O) allowed on them, along with the values of the Description(O, A) function.

The composition of the simulated system is shown in Figure 2.

The software mockup omits the network layer and focuses solely on the access control gateway, which is responsible for processing and storing context and access control. Using the SimPy library, the simulation involves sending a series of requests between devices.

Its modeling and subsequent testing were conducted to evaluate the effectiveness of the developed smart home security system. Several device compromise and software failure scenarios were simulated.

The analysis demonstrated high threat detection accuracy (Table 2). The expert system correctly classified 391 of 400 dangerous scenarios, with only 2 false negatives. It also correctly identified 98 safe scenarios, with only 9 false positives. Thus, the model’s accuracy was 97.8%, demonstrating its ability to detect atypical behavior in routed nodes of smart systems.

Insider threats to smart home systems pose a serious challenge due to the difficulty of prevention. Using an expert system based on a context-based access control model is a promising solution. Using context opens up new access control capabilities that can be fully utilized in smart home sys tems, as they largely align with the properties of the smart home systems themselves.

For example, the expert system is built based on rules defined by connected devices. This solves the configuration problem that arises due to the differences in the composition of each unique smart home system.

The developed prototype of the expert access control system for access management in a smart home system demonstrated its performance in simulated scenarios of device compromise and soft ware failures.

As a result of this work, areas for further research were identified. One such area is the application of machine learning methods to decision-making regarding the as signment of access levels. This will enable the implementation of more complex access control sce narios.

Another area of focus is the development of a hardware and software prototype for practical verification of the research results, as it was impossible to evaluate the system’s performance within the framework of this work.

During the preparation of this work, the authors used Grammarly in order to grammar and spell check, and improve the text readability. After using the tool, the authors reviewed and edited the content as needed to take full responsibility for the publication’s content. [11] N. E. El Hady, S. Jonas, J. Provost, V. Senner, Sensor failure detection in ambient assisted living using association rule mining, Sensors 20(23) (2020) 6760. doi:10.3390/s20236760. [12] H. Chen, J. Ma, B. Cui, J. Fu, IoTCID: A dynamic detection technology for command injection vulnerabilities in IoT devices, IJACSA 13(10) (2022). doi:10.14569/IJACSA.2022.0131002. [13] M. Stetsiuk, Y. Klots, V. Cheshun, A.-B. M. Salem, A statistical method for real-time intrusion detection and response in ZigBee networks, CEUR Workshop Proceedings 4013 (2025) 174– 188. [14] S. M. H. Anik, X. Gao, H. Zhong, X. Wang, N. Meng, Programming of automation configuration in smart home systems: Challenges and opportunities, ACM Transactions on Software Engineering and Methodology (Apr. 2025). doi:10.1145/3731450. [15] Y. Zhao, B. Yang, F. Teng et al., A review of intelligent configuration and its security for complex networks, Chinese Journal of Electronics 33(4) (2024) 920–947. doi:10.23919/ cje.2023.00.001. [16] M. O. Ozmen, X. Li, A. Chu, Z. B. Celik, B. Hoxha, X. Zhang, Discovering IoT physical channel vulnerabilities, arXiv (2022). doi:10.48550/arXiv.2102.01812. [17] O. Morozova, A. Tetskyi, A. Nicheporuk, D. Kruvak, V. Tkachov, Smart home system security risk assessment, Computer Systems and Information Technologies (3) (2022) 81–88. doi:10.31891/CSIT-2021-5-11. [18] S. Ameer, J. Benson, R. Sandhu, An attribute-based approach toward a secured smart-home IoT access control and a comparison with a role-based approach, Information 13(2) (2022) 60. doi:10.3390/info13020060. [19] B. Li, F. Yang, S. Zhang, Context-aware risk attribute access control, Mathematics 12(16) (2024) 2541. doi:10.3390/math12162541. [20] V. M. Teslyuk, Kh. V. Beregovska, D. D. Zerbino, T. V. Teslyuk, M. Ya. Seneta, Universal con troller for the distributed management in the adaptive smart home systems, Ukrainian Journal of Information Technology 6(2) (2024) 64–73. doi:10.23939/ujit2024.02.064. [21] I. Alkhwaja, M. Albugami, A. Alkhwaja, M. Alghamdi, H. Abahussain, F. Alfawaz, A. Almurayh, N. Min-Allah, Password cracking with brute force algorithm and dictionary attack using parallel programming, Applied Sciences 13(10) (2023) 5979. doi:10.3390/app13105979. [22] W. Y. Saputra, S. Sugiarti, H. Junianto, D. Suhartono, Password strength study using the ZX CVBN algorithm and brute-force time estimation to strengthen cybersecurity, Jurnal Pilar Nusa Mandiri 21(1) (2025) 52–59. doi:10.33480/pilar.v21i1.6119. [23] L. Golightly, P. Modesti, R. Garcia, V. Chang, Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDN, Cyber Security and Applications (2023) 100015. doi:10.1016/j.csa.2023.100015. [24] O. Savenko, S. Lysenko, A. Kryshchuk, Y. Klots, Botnet detection technique for corporate area network, in Proceedings of the the IEEE 7th International Conference on Intelligent Data Ac quisition and Advanced Computing Systems (IDAACS) IEEE, 2013, pp. 363-368.