Nisha Panwar,Shantanu Sharma,Sharad Mehrotra,Łukasz Krzywiecki,Nalini Venkatasubramanian

DOI: https://doi.org/10.48550/arXiv.1904.05476

2019-05-04

Abstract:Smart homes are a special use-case of the Internet-of-Things (IoT) paradigm. Security and privacy are two prime concern in smart home networks. A threat-prone smart home can reveal lifestyle and behavior of the occupants, which may be a significant concern. This article shows security requirements and threats to a smart home and focuses on a privacy-preserving security model. We classify smart home services based on the spatial and temporal properties of the underlying device-to-device and owner-to-cloud interaction. We present ways to adapt existing security solutions such as distance-bounding protocols, ISO-KE, SIGMA, TLS, Schnorr, Okamoto Identification Scheme (IS), Pedersen commitment scheme for achieving security and privacy in a cloud-assisted home area network.

Cryptography and Security,Networking and Internet Architecture

Jiahong Chen,Lachlan Urquhart

DOI: https://doi.org/10.48550/arXiv.2105.11751

2021-05-25

Abstract:Insecure connected devices can cause serious threats not just to smart home owners, but also the underlying infrastructural network as well. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of Internet of Things (IoT) vendors and that of end-users. In addition to the current data protection and network security legal frameworks, for example, the UK government has initiated the 'Secure by Design' campaign. While there has been work on how organisations and individuals manage their own cybersecurity risks, it remains unclear to what extent IoT vendors are supporting end-users to perform day-to-day management of such risks in a usable way, and what is stopping the vendors from improving such support. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products usably secure: technical, legal and organisational. In this paper we further discuss the policymaking implications of these findings and make some recommendations.

Cryptography and Security,Computers and Society,Human-Computer Interaction

Huichen Lin,Neil W. Bergmann,Neil Bergmann

DOI: https://doi.org/10.3390/info7030044

2016-07-13

Information

Abstract:Often the Internet of Things (IoT) is considered as a single problem domain, with proposed solutions intended to be applied across a wide range of applications. However, the privacy and security needs of critical engineering infrastructure or sensitive commercial operations are very different to the needs of a domestic Smart Home environment. Additionally, the financial and human resources available to implement security and privacy vary greatly between application domains. In domestic environments, human issues may be as important as technical issues. After surveying existing solutions for enhancing IoT security, the paper identifies key future requirements for trusted Smart Home systems. A gateway architecture is selected as the most appropriate for resource-constrained devices, and for high system availability. Two key technologies to assist system auto-management are identified. Firstly, support for system auto-configuration will enhance system security. Secondly, the automatic update of system software and firmware is needed to maintain ongoing secure system operation.

Nandita Pattnaik,Shujun Li,Jason R. C. Nurse

DOI: https://doi.org/10.1145/3558095

IF: 16.6

2023-01-18

ACM Computing Surveys

Abstract:The security and privacy of smart home systems, particularly from a home user’s perspective, have been a very active research area in recent years. However, via a meta-review of 52 review papers covering related topics (published between 2000 and 2021), this article shows a lack of a more recent literature review on user perspectives of smart home security and privacy since the 2010s. This identified gap motivated us to conduct a systematic literature review (SLR) covering 126 relevant research papers published from 2010 to 2021. Our SLR led to the discovery of a number of important areas where further research is needed; these include holistic methods that consider a more diverse and heterogeneous range of home devices, interactions between multiple home users, complicated data flow between multiple home devices and home users, some less studied demographic factors, and advanced conceptual frameworks. Based on these findings, we recommended key future research directions, e.g., research for a better understanding of security and privacy aspects in different multi-device and multi-user contexts, and a more comprehensive ontology on the security and privacy of the smart home covering varying types of home devices and behaviors of different types of home users.

computer science, theory & methods

Alessandro Ecclesie Agazzi

DOI: https://doi.org/10.48550/arXiv.2007.02628

2020-07-06

Abstract:The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices. Solutions and countermeasures are also provided: choosing a strong password, strong authentication mechanisms, check online databases of exposed or default credentials to mitigate the first threat; a selection of smart home devices from reputable companies and the implementation of the SDN for the Dos/DDoS threat; and finally IDS, HTTPS protocol and VPN for eavesdropping. The paper concludes dealing with a further challenge, "the lack of technical support", by which an auto-configuration approach should be analysed; this could both ease the installation/maintenance and enhance the security in the self configuration step of Smart Home devices.

Cryptography and Security,Computers and Society

Giles Birchley,Richard Huxtable,Madeleine Murtagh,Ruud Ter Meulen,Peter Flach,Rachael Gooberman-Hill

DOI: https://doi.org/10.1186/s12910-017-0183-z

2017-04-04

Abstract:Background: Smart-home technologies, comprising environmental sensors, wearables and video are attracting interest in home healthcare delivery. Development of such technology is usually justified on the basis of the technology's potential to increase the autonomy of people living with long-term conditions. Studies of the ethics of smart-homes raise concerns about privacy, consent, social isolation and equity of access. Few studies have investigated the ethical perspectives of smart-home engineers themselves. By exploring the views of engineering researchers in a large smart-home project, we sought to contribute to dialogue between ethics and the engineering community. Methods: Either face-to-face or using Skype, we conducted in-depth qualitative interviews with 20 early- and mid-career smart-home researchers from a multi-centre smart-home project, who were asked to describe their own experience and to reflect more broadly about ethical considerations that relate to smart-home design. With participants' consent, interviews were audio-recorded, transcribed and analysed using a thematic approach. Results: Two overarching themes emerged: in 'Privacy', researchers indicated that they paid close attention to negative consequences of potential unauthorised information sharing in their current work. However, when discussing broader issues in smart-home design beyond the confines of their immediate project, researchers considered physical privacy to a lesser extent, even though physical privacy may manifest in emotive concerns about being watched or monitored. In 'Choice', researchers indicated they often saw provision of choice to end-users as a solution to ethical dilemmas. While researchers indicated that choices of end-users may need to be restricted for technological reasons, ethical standpoints that restrict choice were usually assumed and embedded in design. Conclusions: The tractability of informational privacy may explain the greater attention that is paid to it. However, concerns about physical privacy may reduce acceptability of smart-home technologies to future end-users. While attention to choice suggests links with privacy, this may misidentify the sources of privacy and risk unjustly burdening end-users with problems that they cannot resolve. Separating considerations of choice and privacy may result in more satisfactory treatment of both. Finally, through our engagement with researchers as participants this study demonstrates the relevance of (bio)ethics as a critical partner to smart-home engineering.

Kulani Mahadewa,Kailong Wang,Guangdong Bai,Ling Shi,Yan Liu,Jin Song Dong,Zhenkai Liang

DOI: https://doi.org/10.1109/tse.2019.2960690

IF: 7.4

2021-12-01

IEEE Transactions on Software Engineering

Abstract:A key feature of the booming smart home is the integration of a wide assortment of technologies, including various standards, proprietary communication protocols and heterogeneous platforms. Due to customization, unsatisfied assumptions and incompatibility in the integration, critical security vulnerabilities are likely to be introduced by the integration. Hence, this work addresses the security problems in smart home systems from an integration perspective, as a complement to numerous studies that focus on the analysis of individual techniques. We propose HomeScan, an approach that examines the security of the implementations of smart home systems. It extracts the abstract specification of application-layer protocols and internal behaviors of entities, so that it is able to conduct an end-to-end security analysis against various attack models. Applying HomeScan on three extensively-used smart home systems, we have found twelve non-trivial security issues, which may lead to unauthorized remote control and credential leakage.

engineering, electrical & electronic,computer science, software engineering

Fraser Hall,Leandros Maglaras,Theodoros Aivaliotis,Loukas Xagoraris,Ioanna Kantzavelou

DOI: https://doi.org/10.48550/arXiv.2010.15394

2020-10-29

Abstract:Development and growth of Internet of Things (IoT) technology has exponentially increased over the course of the last 10 years since its inception, and as a result has directly influenced the popularity and size of smart homes. In this article we present the main technologies and applications that constitute a smart home, we identify the main security and privacy challenges that smart home face and we provide good practices to mitigate those threats.

Cryptography and Security

Jiahong Chen,Lachlan Urquhart

DOI: https://doi.org/10.1080/13600834.2021.1957193

2021-07-22

Abstract:Insecure connected devices can cause serious threats not just to smart home-owners, but also the underlying infrastructural network. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of IoT vendors and that of end-users. In addition to the current data protection and network security legal frameworks, for example, the UK government has initiated the 'Secure by Design' campaign. While there has been work on how organisations and individuals manage their own cybersecurity risks, it remains unclear to what extent IoT vendors are supporting end-users to perform day-to-day management of such risks, and what is stopping the vendors from improving such support. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products useably secure: technical, legal and organisational. In this paper we further discuss the policymaking implications of these findings and make some recommendations.

Miguel Botto Botto-Tobar,Sumaiya Rehan,Ravi Prakash Verma,,,

DOI: https://doi.org/10.54216/jcim.120206

2023-01-01

Journal of Cybersecurity and Information Management

Abstract:Cyberthreat proliferation parallels the rapid surge in smart home usage. While having everything in one place is convenient, it also increases your home's vulnerability to cyber threats. Such an attack could result in bodily harm, the theft of sensitive information, or both. To mitigate the effects of these threats, owners of smart homes can make efforts to prevent cybercriminals from breaking into their premises starting by updating their firmware to the most recent version, creating secure passwords, and enabling two-factor authentication. Second, people should safeguard their gadgets by creating unique user IDs, disabling unneeded functions, and always keeping a tight eye on them. Finally, they must safeguard the facility where they conduct business by installing surveillance equipment, employing electronic locks, and restricting network access. Individuals must take these safeguards, but they must also stay informed about the most recent threats to home cybersecurity and the best strategies to combat them. Smart home device owners should become acquainted with the risks to which their devices are prone and ensure that their devices are updated to the most recent versions of all available software and security upgrades. Collaboration between homeowners, connected device manufacturers, and internet service providers is required to ensure the security of a smart home. Homeowners should research the security features available in smart home devices and only buy from reputable businesses that value consumer privacy and security. As the Internet of Things (IoT) expands and develops, a data privacy standard that meets the criteria of Data protection is in great demand. Safeguarding smart family apps necessitates a community agreement and specific permission from users to store their personal information in the product's database.

George Vardakis,George Hatzivasilis,Eleftheria Koutsaki,Nikos Papadakis

DOI: https://doi.org/10.3390/electronics13163343

IF: 2.9

2024-08-24

Electronics

Abstract:As the Internet of Things (IoT) continues to revolutionize the way we interact with our living spaces, the concept of smart homes has become increasingly prevalent. However, along with the convenience and connectivity offered by IoT-enabled devices in smart homes comes a range of security challenges. This paper explores the landscape of smart-home security. In contrast to similar surveys, this study also examines the particularities of popular categories of smart devices, like home assistants, TVs, AR/VR, locks, sensors, etc. It examines various security threats and vulnerabilities inherent in smart-home ecosystems, including unauthorized access, data breaches, and device tampering. Additionally, the paper discusses existing security mechanisms and protocols designed to mitigate these risks, such as encryption, authentication, and intrusion-detection systems. Furthermore, it highlights the importance of user awareness and education in maintaining the security of smart-home environments. Finally, the paper proposes future research directions and recommendations for enhancing smart-home security with IoT, including the development of robust security best practices and standards, improved device authentication methods, and more effective intrusion-detection techniques. By addressing these challenges, the potential of IoT-enabled smart homes to enhance convenience and efficiency while ensuring privacy, security, and cyber-resilience can be realized.

engineering, electrical & electronic,computer science, information systems,physics, applied

Verena Zimmermann,Paul Gerber,Karola Marky,Leon Böck,Florian Kirchbuchner

DOI: https://doi.org/10.1515/icom-2019-0015

2019-11-18

Abstract:Abstract Smart Home technologies have the potential to increase the quality of life, home security and facilitate elderly care. Therefore, they require access to a plethora of data about the users’ homes and private lives. Resulting security and privacy concerns form a relevant barrier to adopting this promising technology. Aiming to support end users’ informed decision-making through addressing the concerns we first conducted semi-structured interviews with 42 potential and little-experienced Smart Home users. Their diverse concerns were clustered into four themes that center around attacks on Smart Home data and devices, the perceived loss of control, the trade-off between functionality and security, and user-centric concerns as compared to concerns on a societal level. Second, we discuss measures to address the four themes from an interdisciplinary perspective. The paper concludes with recommendations for addressing user concerns and for supporting developers in designing user-centered Smart Home technologies.

Mahmoud Barhamgi,Charith Perera,Chirine Ghedira,Djamal Benslimane

DOI: https://doi.org/10.48550/arXiv.1809.00926

2018-09-04

Abstract:User privacy concerns are widely regarded as a key obstacle to the success of modern smart cyber-physical systems. In this paper, we analyse, through an example, some of the requirements that future data collection architectures of these systems should implement to provide effective privacy protection for users. Then, we give an example of how these requirements can be implemented in a smart home scenario. Our example architecture allows the user to balance the privacy risks with the potential benefits and take a practical decision determining the extent of the sharing. Based on this example architecture, we identify a number of challenges that must be addressed by future data processing systems in order to achieve effective privacy management for smart cyber-physical systems.

Networking and Internet Architecture,Computers and Society

Ana-Maria Comeaga,Iuliana Marin

2024-02-29

Abstract:In today's life, more and more people tend to opt for a smart house. In this way, the idea of including technology has become popular worldwide. Despite this concept's many benefits, managing security remains an essential problem due to the shared activities. The Internet of Things system behind a smart house is based on several sensors to measure temperature, humidity, air quality, and movement. Because of being supervised every day through sensors and controlling their house only with a simple click, many people can be afraid of this new approach in terms of their privacy, and this fact can constrain them from following their habits. The security aspects should be constantly analyzed to keep the data's confidentiality and make people feel safe in their own houses. In this context, the current paper puts light on an alternative design of a platform in which the safety of homeowners is the primary purpose, and they maintain complete control over the data generated by smart devices. The current research highlights the role of security and interface design in controlling a smart house. The study underscores the importance of providing an interface that can be used easily by any person to manage data and live activities in a modern residence in an era dominated by continuously developing technology.

Cryptography and Security,Software Engineering

William Seymour,Reuben Binns,Petr Slovak,Max Van Kleek,Nigel Shadbolt

DOI: https://doi.org/10.48550/arXiv.2005.00284

IF: 6.4588

2020-05-01

Human-Computer Interaction

Abstract:The increasingly widespread use of 'smart' devices has raised multifarious ethical concerns regarding their use in domestic spaces. Previous work examining such ethical dimensions has typically either involved empirical studies of concerns raised by specific devices and use contexts, or alternatively expounded on abstract concepts like autonomy, privacy or trust in relation to 'smart homes' in general. This paper attempts to bridge these approaches by asking what features of smart devices users consider as rendering them 'smart' and how these relate to ethical concerns. Through a multimethod investigation including surveys with smart device users (n=120) and semi-structured interviews (n=15), we identify and describe eight types of smartness and explore how they engender a variety of ethical concerns including privacy, autonomy, and disruption of the social order. We argue that this middle ground, between concerns arising from particular devices and more abstract ethical concepts, can better anticipate potential ethical concerns regarding smart devices.

Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

DOI: https://doi.org/10.48550/arXiv.1811.03241

2019-06-26

Abstract:A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and blackbox testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.

Cryptography and Security,Networking and Internet Architecture

William Seymour

DOI: https://doi.org/10.48550/arXiv.2211.16914

IF: 6.4588

2022-11-30

Human-Computer Interaction

Abstract:The home is often the most private space in people's lives, and not one in which they expect to be surveilled. However, today's market for smart home devices has quickly evolved to include products that monitor, automate, and present themselves as human. After documenting some of the more unusual emergent problems with contemporary devices, this body of work seeks to develop a design philosophy for intelligent agents in the smart home that can act as an alternative to the ways that these devices are currently built. This is then applied to the design of privacy empowering technologies, representing the first steps from the devices of the present towards a more respectful future.

Ahmed J. Obaid

DOI: https://doi.org/10.54489/ijcim.v1i1.34

2021-12-19

Abstract:A smart home personal assistant technology is an intrinsic system, which incorporates many elements such as users, Smart Home Personal Assistants (SPA) devices, cloud, skill provider and other responsive devices. Even though Smart Home Personal Assistants give a robust security and privacy options, the devices face many weaknesses, which make the system vulnerable and can be comprised by adversaries, who can capitalize on limitations to gain access to delicate information and privacy of users. In this research, the aim is to assess how invention and innovation of security and SPA can be harnessed by users to interrelate with the system. Subsequently, this write-up will address both the problems related to the system and attempt to bring in solutions, which makes the technology more adaptable and versatile to all users. Initial studies show that some of the weakness underlying the technology include the open-nature of the voice channel, complexity of the architecture, software implications, and the utility of the technology to less proficient users. As a result, the study anticipates at solving the voice squatting attack, using the SPA intelligent assistant, incorporating a filer to filter the ultrasonic attack and noise as well as trying to assess the efficacy of the elements developed against the voice squatting attacks. The study found out that there is a need to mitigate the attacks on the blockchain technology and Natural Language Processors (NLP) to assure protection of SPA from attacks.

English Else

Madiha Tabassum,Jess Kropczynski,Pamela Wisniewski,Heather Richter Lipford

DOI: https://doi.org/10.1145/3313831.3376255

2020-04-21

Abstract:As smart devices are becoming commonplace in homes, we need to explore the needs of not just the residents of the home, but also of secondary stakeholders who may be granted access to these devices from outside of the home. We conducted a mixed methods study, which included a survey of 163 smart home device owners and a follow-up interview with 13 individuals who currently share their smart home devices with others outside of their home. Nearly half (47.8%) of our survey participants shared at least one smart home device with someone that did not live with them. Individuals sought greater safety and security by providing remote access to trusted family members or friends. By understanding users' perspectives about privacy and trust in relation to sharing smart home devices beyond the home, we build a case for community-based access control of smart home devices in the Internet of Things.

Jide S. Edu,Jose M. Such,Guillermo Suarez-Tangil

DOI: https://doi.org/10.48550/arXiv.1903.05593

2019-03-13

Cryptography and Security

Abstract:Smart Home Personal Assistants (SPA) are an emerging innovation that is changing the way in which home users interact with the technology. However, there are a number of elements that expose these systems to various risks: i) the open nature of the voice channel they use, ii) the complexity of their architecture, iii) the AI features they rely on, and iv) their use of a wide-range of underlying technologies. This paper presents an in-depth review of the security and privacy issues in SPA, categorizing the most important attack vectors and their countermeasures. Based on this, we discuss open research challenges that can help steer the community to tackle and address current security and privacy issues in SPA. One of our key findings is that even though the attack surface of SPA is conspicuously broad and there has been a significant amount of recent research efforts in this area, research has so far focused on a small part of the attack surface, particularly on issues related to the interaction between the user and the SPA devices. We also point out that further research is needed to tackle issues related to authorization, speech recognition or profiling, to name a few. To the best of our knowledge, this is the first article to conduct such a comprehensive review and characterization of the security and privacy issues and countermeasures of SPA.