An official website of the United States government
The increasing adoption of smart home devices has raised significant concerns regarding privacy, security, and vulnerability to cyber threats. This study addresses these challenges by presenting a federated learning framework enhanced with blockchain technology to detect intrusions in smart home environments. The proposed approach combines knowledge distillation and transfer learning to support heterogeneous IoT devices with varying computational capacities, ensuring efficient local training without compromising privacy. Blockchain technology is integrated to provide decentralized, tamper-resistant access control through Role-Based Access Control (RBAC), allowing only authenticated devices to participate in the federated learning process. This combination ensures data confidentiality, system integrity, and trust among devices. This framework’s performance was evaluated using the N-BaIoT dataset, showcasing its ability to detect anomalies caused by botnets such as Mirai and BASHLITE across diverse IoT devices. Results demonstrate significant improvements in intrusion detection accuracy, particularly for resource-constrained devices, while maintaining privacy and adaptability in dynamic smart home environments. These findings highlight the potential of this blockchain-enhanced federated learning system to offer a scalable, robust, and privacy-preserving solution for securing smart homes against evolving threats.
more »
« less
Trust-Based Communities for Smart Grid Security and Privacy
In smart grids, two-way communication between end-users and the grid allows frequent data exchange, which on one hand enhances users' experience, while on the other hand increase security and privacy risks. In this paper, we propose an efficient system to address security and privacy problems, in contrast to the data aggregation schemes with high cryptographic overheads. In the proposed system, users are grouped into local communities and trust-based blockchains are formed in each community to manage smart grid transactions, such as reporting aggregated meter reading, in a light-weight fashion. We show that the proposed system can meet the key security objectives with a detailed analysis. Also, experiments demonstrated that the proposed system is efficient and can provide satisfactory user experience, and the trust value design can easily distinguish benign users and bad actors.
more »
« less
- Award ID(s):
- 1948550
- PAR ID:
- 10399412
- Date Published:
- Journal Name:
- Lecture notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering
- Volume:
- 464
- ISSN:
- 1867-822X
- Page Range / eLocation ID:
- 28–43
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Security designs that presume enacting secure behaviors to be beneficial in all circumstances discount the impact of response cost on users’ lives and assume that all data is equally worth protecting. However, this has the effect of reducing user autonomy by diminishing the role personal values and priorities play in the decision-making process. In this study, we demonstrate an alternative approach that emphasizes users’ comprehension over compliance, with the goal of helping users to make more informed decisions regarding their own security. To this end, we conducted a three-phase redesign of the warning notifications surrounding the authentication ceremony in Signal. Our results show how improved comprehension can be achieved while still promoting favorable privacy outcomes among users. Our experience reaffirms existing arguments that users should be empowered to make personal trade-offs between perceived risk and response cost. We also find that system trust is a major factor in users’ interpretation of system determinations of risk, and that properly communicating risk requires an understanding of user perceptions of the larger security ecosystem in whole.more » « less
-
Smart speakers come with always-on microphones to facilitate voice-based interaction. To address user privacy concerns, existing devices come with a number of privacy features: e.g., mute buttons and local trigger-word detection modules. But it is difficult for users to trust that these manufacturer-provided privacy features actually work given that there is a misalignment of incentives: Google, Meta, and Amazon benefit from collecting personal data and users know it. What’s needed is perceptible assurance — privacy features that users can, through physical perception, verify actually work. To that end, we introduce, implement, and evaluate the idea of “intentionally-powered” microphones to provide users with perceptible assurance of privacy with smart speakers. We employed an iterative-design process to develop Candid Mic, a battery-free, wireless microphone that can only be powered by harvesting energy from intentional user interactions. Moreover, users can visually inspect the (dis)connection between the energy harvesting module and the microphone. Through a within-subjects experiment, we found that Candid Mic provides users with perceptible assurance about whether the microphone is capturing audio or not, and improves user trust in using smart speakers relative to mute button interfaces.more » « less
-
The smart grid provides efficient and cost-effective management of the electric energy grid by allowing real-time monitoring, coordinating, and controlling the system using communication networks between physical components. This inherent complexity significantly increases the vulnerabilities and attack surface in the smart grid due to misconfigurations or the lack of security hardening. Therefore, it is important to ensure a secure and resilient operation of the smart grid by proactive identification of potential threats, impact assessment, and cost-efficient mitigation planning. This paper aims to achieve these goals through the development of an efficient security framework for the Energy Management System (EMS), a core smart grid component. In this paper, we present a framework that combines formal analytic with PowerWorld simulator which verifies the solution model to investigate the feasibility of false data injection attacks against contingency analysis in the power grid. We evaluate the impact of such attacks by running experiments using synthetic data on the standard IEEE test cases.more » « less
-
Home area networks (HANs) are the most vulnerable part of smart grids since they are not directly controlled by utilities. Device authentication is one of most important mechanisms to protect the security of smart grid-enabled HANs (SG-HANs). In this paper, we propose a situation-aware scheme for efficient device authentication in SG-HANs. The proposed scheme utilizes the security risk information assessed by the smart home system with a situational awareness feature. A suitable authentication protocol with adequate security protection and computational and communication complexity is then selected based on the assessed security risk level. A protocol design of the proposed scheme considering two security risk levels is presented in the paper. The security of the design is verified by using both formal verification and informal security analysis. Our performance analysis demonstrates that the proposed scheme is efficient in terms of computational and communication costs.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1007/978-3-031-27041-3_3
