End User Security and Privacy Concerns with Smart Homes

The Internet of Things is becoming increasingly widespread in home environments. Consumers are transforming their homes into smart homes, with internet-connected sensors, lights, appliances, and locks, controlled by voice or other user-defined automations. Security experts have identified concerns with IoT and smart homes, including privacy risks as well as vulnerable and unreliable devices. These concerns are supported by recent high profile attacks, such as the Mirai DDoS attacks. However, little work has studied the security and privacy concerns of end users who actually set up and interact with today’s smart homes. To bridge this gap, we conduct semi-structured interviews with fifteen people living in smart homes (twelve smart home administrators and three other residents) to learn about how they use their smart homes, and to understand their security and privacy related attitudes, expectations, and actions. Among other findings, we identify gaps in threat models arising from limited technical understanding of smart homes, awareness of some security issues but limited concern, ad hoc mitigation strategies, and a mismatch between the concerns and power of the smart home administrator and other people in the home. From these and other findings, we distill recommendations for smart home technology designers and future research.

[1]  Elaine M. Huang,et al.  Hacking the Natural Habitat: An In-the-Wild Study of Smart Homes, Their Development, and the People Who Live in Them , 2012, Pervasive.

[2]  Salvatore J. Stolfo,et al.  A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan , 2010, ACSAC '10.

[3]  Tadayoshi Kohno,et al.  Computer security and the modern home , 2013, CACM.

[4]  Shwetak N. Patel,et al.  Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security , 2013, LASER.

[5]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[6]  Rafik A. Goubran,et al.  Privacy versus autonomy: A tradeoff model for smart home monitoring technologies , 2011, 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[7]  A. J. Bernheim Brush,et al.  Home computing unplugged: why, where and when people use different connected devices at home , 2013, UbiComp.

[8]  Blase Ur,et al.  Intruders versus intrusiveness: teens' and parents' perspectives on home-entryway surveillance , 2014, UbiComp.

[9]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[10]  Kirstie Hawkey,et al.  Revealing hidden context: improving mental models of personal firewall users , 2009, SOUPS.

[11]  Tadayoshi Kohno,et al.  A spotlight on security and privacy risks with future household robots: attacks and lessons , 2009, UbiComp.

[12]  Laura A. Dabbish,et al.  "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[13]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[14]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[15]  Lujo Bauer,et al.  Access Control for Home Data Sharing: Attitudes, Needs and Practices , 2010, CHI.

[16]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[17]  Ben Matthews,et al.  Trust Me: Doubts and Concerns Living with the Internet of Things , 2016, Conference on Designing Interactive Systems.

[18]  Yier Jin,et al.  Privacy and Security in Internet of Things and Wearable Devices , 2015, IEEE Transactions on Multi-Scale Computing Systems.

[19]  Anind K. Dey,et al.  Casalendar: a temporal interface for automated homes , 2014, CHI Extended Abstracts.

[20]  Melanie Volkamer,et al.  Why Doesn't Jane Protect Her Privacy? , 2014, Privacy Enhancing Technologies.

[21]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[22]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[23]  M. Skubic,et al.  Needing smart home technologies: the perspectives of older adults in continuing care retirement communities. , 2008, Informatics in primary care.

[24]  Kentaro Toyama,et al.  Geek Heresy: Rescuing Social Change from the Cult of Technology , 2015 .

[25]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[26]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[27]  David A. Wagner,et al.  Somebody's Watching Me?: Assessing the Effectiveness of Webcam Indicator Lights , 2015, CHI.

[28]  Gregory J. Conti,et al.  An honest man has nothing to fear: user perceptions on web-based information disclosure , 2007, SOUPS '07.

[29]  Maya Cakmak,et al.  Toys that Listen: A Study of Parents, Children, and Internet-Connected Toys , 2017, CHI.

[30]  Sybille Caffiau,et al.  Building and Using Home Automation Systems: A Field Study , 2015, IS-EUD.

[31]  Ankur Taly,et al.  Privacy, Discovery, and Authentication for the Internet of Things , 2016, ESORICS.

[32]  Tara Matthews,et al.  Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse , 2017, CHI.

[33]  Zinaida Benenson,et al.  All Your Bulbs Are Belong to Us: Investigating the Current State of Security in Connected Lighting Systems , 2016, ArXiv.

[34]  Shwetak N. Patel,et al.  Investigating receptiveness to sensing and inference in the home using sensor proxies , 2012, UbiComp.

[35]  Tadayoshi Kohno,et al.  Securing vulnerable home IoT devices with an in-hub security manager , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[36]  Maya Cakmak,et al.  The Privacy-Utility Tradeoff for Remotely Teleoperated Robots , 2015, 2015 10th ACM/IEEE International Conference on Human-Robot Interaction (HRI).

[37]  D. Jonassen,et al.  Externalizing Mental Models with Mindtools , 2008 .

[38]  Youn-Kyung Lim,et al.  User experience in do-it-yourself-style smart homes , 2015, UbiComp.

[39]  Edward Cutrell,et al.  "Yours is better!": participant response bias in HCI , 2012, CHI.

[40]  B. Everitt,et al.  Statistical methods for rates and proportions , 1973 .

[41]  Stefan Saroiu,et al.  Home automation in the wild: challenges and opportunities , 2011, CHI.

[42]  Kelly Caine,et al.  Understanding Your Users: A Practical Guide to User Research Methods , 2015 .

[43]  Sunny Consolvo,et al.  The Wi-Fi privacy ticker: improving awareness & control of personal information exposure on Wi-Fi , 2010, UbiComp.