An official website of the United States government
With the availability of Internet of Things (IoT) devices offering varied services, smart home environments have seen widespread adoption in the last two decades. Protecting privacy in these environments becomes an important problem because IoT devices may collect information about the home’s occupants without their knowledge or consent. Furthermore, a large number of devices in the home, each collecting small amounts of data, may, in aggregate, reveal non-obvious attributes about the home occupants. A first step towards addressing privacy is discovering what devices are present in the home. In this paper, we formally define device discovery in smart homes and identify the features that constitute discovery in that environment. Then, we propose an evaluative rubric that rates smart home technology initiatives on their device discovery capabilities and use it to evaluate four commonly deployed technologies. We find none cover all device discovery aspects. We conclude by proposing a combined technology solution that provides comprehensive device discovery tailored to smart homes.
more »
« less
A Framework for Evaluating the Security and Privacy of Smart-Home Devices, and its Application to Common Platforms
In this article, we outline the challenges associated with the widespread adoption of smart devices in homes. These challenges are primarily driven by scale and device heterogeneity: a home may soon include dozens or hundreds of devices, across many device types, and may include multiple residents and other stakeholders. We develop a framework for reasoning about these challenges based on the deployment, operation, and decommissioning life cycle stages of smart devices within a smart home. We evaluate the challenges in each stage using the well- known CIA triad—Confidentiality, Integrity, and Availability. In addition, we highlight open research questions at each stage. Further, we evaluate solutions from Apple and Google using our framework and find notable shortcomings in these products. Finally, we sketch some preliminary thoughts on a solution for the smart home of the near future.
more »
« less
- Award ID(s):
- 1955805
- PAR ID:
- 10618321
- Publisher / Repository:
- IEEE Computer Society
- Date Published:
- Journal Name:
- IEEE Pervasive Computing
- Volume:
- 23
- Issue:
- 3
- ISSN:
- 1536-1268
- Page Range / eLocation ID:
- 7 to 19
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
With the availability of Internet of Things (IoT) devices offering varied services, smart home environments have seen widespread adoption in the last two decades. Protecting privacy in these environments becomes an important problem because IoT devices may collect information about the home’s occupants without their knowledge or consent. Furthermore, a large number of devices in the home, each collecting small amounts of data, may, in aggregate, reveal non-obvious attributes about the home occupants. A first step towards addressing privacy is discovering what devices are present in the home. In this paper, we formally define device discovery in smart homes and identify the features that constitute discovery in that environment. Then, we propose an evaluative rubric that rates smart home technology initiatives on their device discovery capabilities and use it to evaluate four commonly deployed technologies. We find none cover all device discovery aspects. We conclude by proposing a combined technology solution that provides comprehensive device discovery tailored to smart homes.more » « less
-
This report will discuss and analyze the risks and challenges associated with smart home devices, focusing on vulnerabilities in commonly used products such as smart speakers, security cameras, thermostats, and lighting systems. As the adoption of smart home security grows globally, it has become clear that many users remain unaware of the associated security risks, leading to data breaches and potential privacy violations. This research evaluates the security features of these devices, the frequency of breaches, and common vulnerabilities. Using a mixed-methods approach—including a user survey, analysis of past cybersecurity incidents, and a detailed review of existing literature—this study assesses the current state of smart home device security. The findings aim to highlight gaps in user awareness, evaluate manufacturers’ protective measures, and provide recommendations for improving cybersecurity practices in smart home environments.more » « less
-
Smart-home devices have become integral to daily routines, but their onboarding procedures - setting up a newly acquired smart device into operational mode - remain understudied. The heterogeneity of smart-home devices and their onboarding procedure can easily overwhelm users when they scale up their smart-home system. While Matter, the new IoT standard, aims to unify the smart-home ecosystem, it is still evolving, resulting in mixed compliance among devices. In this paper, we study the complexity of device onboarding from users' perspectives. We thus performed cognitive walkthroughs on 12 commercially available smart-home devices, documenting the commonality and distinctions of the onboarding process across these devices. We found that onboarding smart home devices can often be tedious and confusing. Users must devote significant time to creating an account, searching for the target device, and providing Wi-Fi credentials for each device they install. Matter-compatible devices are supposedly easier to manage, as they can be registered through one single hub independent of the vendor. Unfortunately, we found such a statement is not always true. Some devices still need their own companion apps and accounts to fully function. Based on our observations, we give recommendations about how to support a more user-friendly onboarding process.more » « less
-
Smart home electronic devices invisibly collect, process, and exchange information with each other and with remote services, often without a home occupants' knowledge or consent. These devices may be mobile or fixed and may have wireless or wired network connections. Detecting and identifying all devices present in a home is a necessary first step to control the flow of data, but there exists no universal mechanism to detect and identify all electronic devices in a space. In this paper we present ICED (Identification and Classification of Electronic Devices), a system that can (i) identify devices from a known set of devices, and (ii) detect the presence of previously unseen devices. ICED, based on harmonic radar technology, collects measurements at the first harmonic of the radar's transmit frequency. We find that the harmonic response contains enough information to infer the type of device. It works when the device has no wireless network interface, is powered off, or attempts to evade detection. We evaluate performance on a collection of 17 devices and find that by transmitting a range of frequencies we correctly identify known devices with 97.6% accuracy and identify previously unseen devices as ‘unknown’ with 69.0% balanced accuracy.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1109/MPRV.2024.3421668
