A capability-oriented approach to assessing privacy risk in smart home ecosystems

Smart devices are increasingly ubiquitous; the multitude of risks they pose to user privacy continues to grow, but assessing such risks comprehensively has proven difficult. In this paper, we discuss three factors which complicate the assessment of privacy risks in the context of the smart home. Firstly, smart devices are highly heterogeneous and hard to categorise, so top-down, taxonomy-oriented approaches to risk assessment do not fit well. Secondly, the threat landscape is vast, varied, and growing. Thirdly, the chief asset, personal information, is difficult to value-especially given that its value can be hugely affected by aggregation. To address these factors, we propose a novel, bottom-up approach in which the smart home ecosystem is reduced to its data-collecting capabilities (such as sensors and apps) and then privacy risk is assessed based on the information that the user exposes. We define a capability-oriented model which is system-neutral, extensible, and therefore well-suited to the fast-evolving nature of the smart home.

[1]  L. Delahoche,et al.  The Smart Home Concept : our immediate future , 2006, 2006 1ST IEEE International Conference on E-Learning in Industrial Electronics.

[2]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[3]  Karl Aberer,et al.  Data-Driven Privacy Indicators , 2016, WPI@SOUPS.

[4]  Michael G. Mitchell Taxonomy , 2013, Viruses and the Lung.

[5]  Andrew P. Martin,et al.  Towards a Usable Framework for Modelling Security and Privacy Risks in the Smart Home , 2016, HCI.

[6]  Jinyan Zang,et al.  Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps , 2015 .

[7]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[8]  Tadayoshi Kohno,et al.  Computer security and the modern home , 2013, CACM.

[9]  Rafik A. Goubran,et al.  Privacy versus autonomy: A tradeoff model for smart home monitoring technologies , 2011, 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[10]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[11]  Andreas Jacobsson,et al.  Towards a model of privacy and security for smart homes , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[12]  Sadie Creese,et al.  A Data-Reachability Model for Elucidating Privacy and Security Risks Related to the Use of Online Social Networks , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[13]  Abdullahi Arabo,et al.  Privacy in the Age of Mobility and Smart Devices in Smart Homes , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[14]  Mamun Bin Ibne Reaz,et al.  A Review of Smart Homes—Past, Present, and Future , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[15]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[16]  Karim Djemame,et al.  A Risk Assessment Framework and Software Toolkit for Cloud Service Ecosystems , 2011, CLOUD 2011.

[17]  Andreas Jacobsson,et al.  On Privacy and Security Challenges in Smart Connected Homes , 2016, 2016 European Intelligence and Security Informatics Conference (EISIC).

[18]  Damith Chinthana Ranasinghe,et al.  Taxonomy, technology and applications of smart objects , 2011, Inf. Syst. Frontiers.

[19]  Andreas Jacobsson,et al.  A risk analysis of a smart home automation system , 2016, Future Gener. Comput. Syst..