Malmö University Publications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
On Privacy and Security in Smart Connected Homes
Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).ORCID iD: 0000-0003-0546-072X
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The growth and presence of heterogeneous sensor-equipped Internet-connected devices inside the home can increase efficiency and quality of life for the residents. Simultaneously, these devices continuously collect, process, and transmit data about the residents and their daily lifestyle activities to unknown parties outside the home. Such data can be sensitive and personal, leading to increasingly intimate insights into private lives. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a surge of cyberattacks on connected home devices that essentially compromise privacy and security of the residents.

Providing privacy and security is a critical issue in smart connected homes. Many residents are concerned about unauthorized access into their homes and about the privacy of their data. However, it is typically challenging to implement privacy and security in a smart connected home because of its heterogeneity of devices, the dynamic nature of the home network, and the fact that it is always connected to the Internet, amongst other things. As the numbers and types of smart home devices are increasing rapidly, so are the risks with these devices. Concurrently, it is also becoming increasingly challenging to gain a deeper understand- ing of the smart home. Such understanding is necessary to build a more privacy-preserving and secure smart connected home. Likewise, it is needed as a precursor to perform a comprehensive privacy and security analysis of the smart home.

In this dissertation, we render a comprehensive description and account of the smart connected home that can be used for conducting risk analysis. In doing so, we organize the underlying smart home devices ac- cording to their functionality, identify their data-collecting capabilities, and survey the data types being collected by them. Such is done using the technical specification of commercial devices, including their privacy policies. This description is then leveraged for identifying threats and for analyzing risks present in smart connected homes. Such is done by analyzing both scholarly literature and examples from the industry, and leveraging formal modeling. Additionally, we identify malicious threat agents and mitigations that are relevant to smart connected homes. This is performed without limiting the research and results to a particular configuration and type of smart home.

This research led to three main findings. First, the majority of the surveyed commercial devices are collecting instances of sensitive and personal data but are prone to critical vulnerabilities. Second, there is a shortage of scientific models that capture the complexity and heterogeneity of real-world smart home deployments, especially those intended for privacy risk analysis. Finally, despite the increasing regulations and attention to privacy and security, there is a lack of proactive and integrative approaches intended to safeguard privacy and security of the residents. We contributed to addressing these three findings by developing a framework and models that enable early identification of threats, better planning for risk management scenarios, and mitigation of potential impacts caused by attacks before they reach the homes and compromise the lives of the residents.

Overall, the scientific contributions presented in this dissertation help deepen the understanding and reasoning about privacy and security concerns affecting smart connected homes, and contributes to advancing the research in the area of risk analysis as applied to such systems.

Place, publisher, year, edition, pages
Malmö: Malmö universitet, 2021. , p. 66
Series
Studies in Computer Science
Keywords [en]
smart connected homes, Internet of Things, smart homes devices, smart home data, threat identification, risk analysis, privacy, security, vulnerability assessment, mitigations, threat agents
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:mau:diva-39619DOI: 10.24834/isbn.9789178771646ISBN: 978-91-7877-163-9 (print)ISBN: 978-91-7877-164-6 (electronic)OAI: oai:DiVA.org:mau-39619DiVA, id: diva2:1520701
Public defence
2021-01-11, D138 Orkanen och Zoom, Malmö University, Malmö, 13:15 (English)
Opponent
Supervisors
Note

Note: The papers are not included in the fulltext online

Available from: 2021-01-21 Created: 2021-01-21 Last updated: 2024-03-04Bibliographically approved
List of papers
1. An Investigation of Vulnerabilities in Smart Connected Cameras
Open this publication in new window or tab >>An Investigation of Vulnerabilities in Smart Connected Cameras
2018 (English)In: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2018, p. 656-661Conference paper, Published paper (Refereed)
Abstract [en]

The Internet of Things is enabling innovative ser-vices promising added convenience and value in various domains such as the smart home. Increasingly, households, office envi-ronments and cities, are being fitted with smart camera systems aimed to enhance the security of citizens. At the same time, sev-eral systems being deployed suffer from weak security implemen-tations. Recognizing this, and to understand the extent of this situation, in this study we perform a global vulnerability assess-ment using the Shodan search engine and the Common Vulnera-bilities and Exposures database. This is done to detect smart con-nected cameras exposed on the Internet alongside their sensitive, potentially private, data being broadcasted. Furthermore, we discuss whether the discovered data can be used to compromise the safety and privacy of individuals, and identify some mitiga-tions that can be adopted. The results indicate that a significant number of smart cameras are indeed prone to diverse security and privacy vulnerabilities.

Place, publisher, year, edition, pages
IEEE, 2018
Keywords
IoT, IoT security, Shodan, smart connected cameras, smart connected homes, vulnerabilities
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mau:diva-12708 (URN)10.1109/PERCOMW.2018.8480184 (DOI)000541062400110 ()2-s2.0-85056473592 (Scopus ID)26328 (Local ID)978-1-5386-3227-7 (ISBN)978-1-5386-3228-4 (ISBN)26328 (Archive number)26328 (OAI)
Conference
IEEE PerCom 2018 - Second International Workshop on Pervasive Smart Living Spaces (PerLS 2018), Athens, Greece (19 March - 23 March)
Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-04-05Bibliographically approved
2. On Privacy and Security Challenges in Smart Connected Homes
Open this publication in new window or tab >>On Privacy and Security Challenges in Smart Connected Homes
2016 (English)In: Proceedings: 2016 European Intelligence and Security Informatics Conference, IEEE, 2016Conference paper, Published paper (Refereed)
Abstract [en]

Smart homes have become increasingly popular for IoT products and services with a lot of promises for improving the quality of life of individuals. Nevertheless, the heterogeneous, dynamic, and Internet-connected nature of this environment adds new concerns as private data becomes accessible, often without the householders’ awareness. This accessibility alongside with the rising risks of data security and privacy breaches, makes smart home security a critical topic that deserves scrutiny. In this paper, we present an overview of the privacy and security challenges directed towards the smart home domain. We also identify constraints, evaluate solutions, and discuss a number of challenges and research issues where further investigation is required.

Place, publisher, year, edition, pages
IEEE, 2016
Keywords
smart home, security, privacy, IoT
National Category
Computer Systems
Identifiers
urn:nbn:se:mau:diva-12630 (URN)10.1109/EISIC.2016.044 (DOI)000411272300033 ()2-s2.0-85017282760 (Scopus ID)21507 (Local ID)21507 (Archive number)21507 (OAI)
Conference
European Intelligence and Security Informatics Conference (EISIC), Uppsala, Sweden (August 17-19)
Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-02-05Bibliographically approved
3. An Analysis of Malicious Threat Agents for the Smart Connected Home
Open this publication in new window or tab >>An Analysis of Malicious Threat Agents for the Smart Connected Home
2017 (English)In: Proceeding of 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2017Conference paper, Published paper (Refereed)
Abstract [en]

Smart connected home systems aim to enhance the comfort, convenience, security, entertainment, and health of the householders and their guests. Despite their advantages, their interconnected characteristics make smart home devices and services prone to various cybersecurity and privacy threats. In this paper, we analyze six classes of malicious threat agents for smart connected homes. We also identify four different motives and three distinct capability levels that can be used to group the different intruders. Based on this, we propose a new threat model that can be used for threat profiling. Both hypothetical and real-life examples of attacks are used throughout the paper. In reflecting on this work, we also observe motivations and agents that are not covered in standard agent taxonomies.

Place, publisher, year, edition, pages
IEEE, 2017
Keywords
Smart homes, Privacy, Terrorism, Computer security, Taxonomy, Home appliances, connected home, IoT, threat agent, threat agent motivations, threat agent capabilities
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mau:diva-12595 (URN)10.1109/PERCOMW.2017.7917623 (DOI)000411208400111 ()2-s2.0-85020053641 (Scopus ID)22578 (Local ID)22578 (Archive number)22578 (OAI)
Conference
IEEE International Conference on Pervasive Computing and Communication (PerCom) 2017 - the First International Workshop on Pervasive Smart Living Spaces (PerLS 2017), Kona, Big Island, Hawaii, USA (March 13–17, 2017)
Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2023-12-27Bibliographically approved
4. Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems
Open this publication in new window or tab >>Is Your Home Becoming a Spy?: A Data-Centered Analysis and Classification of Smart Connected Home Systems
2020 (English)In: IoT '20: Proceedings of the 10th International Conference on the Internet of Things, New York, United States: ACM Digital Library, 2020, article id 17Conference paper, Published paper (Refereed)
Abstract [en]

Smart connected home systems bring different privacy challenges to residents. The contribution of this paper is a novel privacy grounded classification of smart connected home systems that is focused on personal data exposure. This classification is built empirically through k-means cluster analysis from the technical specification of 81 commercial Internet of Things (IoT) systems as featured in PrivacyNotIncluded – an online database of consumer IoT systems. The attained classification helps us better understand the privacy implications and what is at stake with different smart connected home systems. Furthermore, we survey the entire spectrum of analyzed systems for their data collection capabilities. Systems were classified into four tiers: app-based accessors, watchers, location harvesters, and listeners, based on the sensing data the systems collect. Our findings indicate that being surveilled inside your home is a realistic threat, particularly, as the majority of the surveyed in-home IoT systems are installed with cameras, microphones, and location trackers. Finally, we identify research directions and suggest some best practices to mitigate the threat of in-house surveillance.

Place, publisher, year, edition, pages
New York, United States: ACM Digital Library, 2020
Keywords
IoT, smart home, home automation, privacy, unsupervised classification, survey, web mining
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-18599 (URN)10.1145/3410992.3411012 (DOI)2-s2.0-85123040173 (Scopus ID)978-1-4503-8758-3 (ISBN)
Conference
IoT '20
Available from: 2020-10-10 Created: 2020-10-10 Last updated: 2024-02-05Bibliographically approved
5. A Privacy-Centered System Model for Smart Connected Homes
Open this publication in new window or tab >>A Privacy-Centered System Model for Smart Connected Homes
2020 (English)In: 2020 IEEE International Conference on Pervasive Computing and Communications Workshops: PerCom Workshops, IEEE, 2020Conference paper, Published paper (Refereed)
Abstract [en]

Smart connected homes are integrated with heterogeneous Internet-connected devices interacting with the physical environment and human users. While they have become an established research area, there is no common understanding of what composes such a pervasive environment making it challenging to perform a scientific analysis of the domain. This is especially evident when it comes to discourse about privacy threats. Recognizing this, we aim to describe a generic smart connected home, including the data it deals with in a novel privacy-centered system model. Such is done using concepts borrowed from the theory of Contextual Integrity. Furthermore, we represent privacy threats formally using the proposed model. To illustrate the usage of the model, we apply it to the design of an ambient-assisted living use-case and demonstrate how it can be used for identifying and analyzing the privacy threats directed to smart connected homes.

Place, publisher, year, edition, pages
IEEE, 2020
Keywords
Internet of Things, system model, privacy, privacy threats, home data, smart home, smart living
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-18127 (URN)10.1109/PerComWorkshops48775.2020.9156246 (DOI)000612838200136 ()2-s2.0-85091968572 (Scopus ID)978-1-7281-4716-1 (ISBN)
Conference
IEEE PerCom
Available from: 2020-08-25 Created: 2020-08-25 Last updated: 2024-02-05Bibliographically approved
6. An Empirical Analysis of Smart Connected Home Data
Open this publication in new window or tab >>An Empirical Analysis of Smart Connected Home Data
2018 (English)In: Internet of Things – ICIOT 2018, Springer, 2018, p. 134-149Conference paper, Published paper (Refereed)
Abstract [en]

The increasing presence of heterogeneous Internet of Things devices inside the home brings with it added convenience and value to the householders. At the same time, these devices tend to be Internet-connected and continuously monitor and collect data about the residents and their daily lifestyle activities. Such data can be of a sensitive nature, given that the house is the place where privacy is naturally expected. To gain insight into this state of affairs, we empirically investigate the privacy policies of 87 different categories of commercial smart home devices in terms of data being collected. This is done using a combination of manual and data mining techniques. The overall contribution of this work is a model that identifies and categorizes smart connected home data in terms of its collection mode, collection method, and collection phase. Our findings bring up several implications for smart connected home privacy, which include the need for better security controls to safeguard the privacy of the householders.

Place, publisher, year, edition, pages
Springer, 2018
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10972
Keywords
Smart home, IoT, Data model, Privacy policies
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mau:diva-12509 (URN)10.1007/978-3-319-94370-1_10 (DOI)2-s2.0-85049026562 (Scopus ID)26281 (Local ID)26281 (Archive number)26281 (OAI)
Conference
International Conference on Internet of Things (ICIOT 2018), Seattle, USA (June 25 - June 30)
Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2024-02-05Bibliographically approved
7. Smart Connected Homes
Open this publication in new window or tab >>Smart Connected Homes
2018 (English)In: Internet of Things A to Z: Technologies and Applications / [ed] Qusay F. Hassan, John Wiley & Sons, 2018, p. 359-384Chapter in book (Other academic)
Place, publisher, year, edition, pages
John Wiley & Sons, 2018
Keywords
smart connected home, Internet of Things, smart home services, system architectures, security, privacy, reliability, usability, interoperability
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mau:diva-10482 (URN)10.1002/9781119456735.ch13 (DOI)25158 (Local ID)978-1-119-45674-2 (ISBN)25158 (Archive number)25158 (OAI)
Available from: 2020-02-28 Created: 2020-02-28 Last updated: 2022-08-29Bibliographically approved
8. On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces
Open this publication in new window or tab >>On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces
2020 (English)In: Privacy and Identity Management. Data for Better Living: AI and Privacy: 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19--23, 2019, Revised Selected Papers / [ed] Michael Friedewald, Melek Önen, Eva Lievens, Stephan Krenn, and Samuel Fricker, Springer, 2020, 576, p. 126-141Chapter in book (Refereed)
Abstract [en]

Many living spaces, such as homes, are becoming smarter and connected by using Internet of Things (IoT) technologies. Such systems should ideally be privacy-centered by design given the sensitive and personal data they commonly deal with. Nonetheless, few systematic methodologies exist that deal with privacy threats affecting IoT-based systems. In this paper, we capture the generic function of an IoT system to model privacy so that threats affecting such contexts can be identified and categorized at system design stage. In effect, we integrate an extension to so called Data Flow Diagrams (DFD) in the model, which provides the means to handle the privacy-specific threats in IoT systems. To demonstrate the usefulness of the model, we apply it to the design of a realistic use-case involving Facebook Portal. We use that as a means to elicit the privacy threats and mitigations that can be adopted therein. Overall, we believe that the proposed extension and categorization of privacy threats provide a useful addition to IoT practitioners and researchers in support for the adoption of sound privacy-centered principles in the early stages of the smart living design process.

Place, publisher, year, edition, pages
Springer, 2020 Edition: 576
Series
IFIP Advances in Information and Communication Technology book series, ISSN 1868-4238, E-ISSN 1868-422X ; 576
Keywords
IoT, Data lifecycle, Data Flow Diagrams, Data privacy, Privacy threats, Smart connected home, Smart living space, Facebook Portal
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-16962 (URN)10.1007/978-3-030-42504-3_9 (DOI)2-s2.0-85082383912 (Scopus ID)978-3-030-42503-6 (ISBN)978-3-030-42504-3 (ISBN)
Note

14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19--23, 2019, Revised Selected Papers

Available from: 2020-03-31 Created: 2020-03-31 Last updated: 2024-02-05Bibliographically approved
9. Functional Classification and Quantitative Analysis of Smart Connected Home Devices
Open this publication in new window or tab >>Functional Classification and Quantitative Analysis of Smart Connected Home Devices
2018 (English)In: 2018 Global Internet of Things Summit (GIoTS), Institute of Electrical and Electronics Engineers (IEEE), 2018, p. 144-149Conference paper, Published paper (Refereed)
Abstract [en]

The home environment is rapidly becoming more complex with the introduction of numerous and heterogeneous Internet of Things devices. This development into smart connected homes brings with it challenges when it comes to gaining a deeper understanding of the home environment as a socio-technical system. A better understanding of the home is essential to build robust, resilient, and secure smart home systems. In this regard, we developed a novel method for classifying smart home devices in a logical and coherent manner according to their functionality. Unlike other approaches, we build the categorization empirically by mining the technical specifications of 1,193 commercial devices. Moreover, we identify twelve capabilities that can be used to characterize home devices. Alongside the classification, we also quantitatively analyze the entire spectrum of commercial smart home devices in accordance to their functionality and capabilities. Overall, the categorization and analysis provide a foundation for identifying opportunities of generalizations and common solutions for the smart home.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2018
Series
Global Internet of Things Summit
Keywords
classification, connected home, devices, IoT, smart home, survey, taxonomy, web mining
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mau:diva-12487 (URN)10.1109/giots.2018.8534563 (DOI)000456099600039 ()2-s2.0-85059075949 (Scopus ID)26327 (Local ID)26327 (Archive number)26327 (OAI)
Conference
Global IoT Summit, Bilbao, Spain (June 4 - June 7)
Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2023-12-15Bibliographically approved

Open Access in DiVA

comprehensive summary(1665 kB)749 downloads
File information
File name SUMMARY01.pdfFile size 1665 kBChecksum SHA-512
895b0c6114c3e00902a69937886cef2b081b8d6232684dc5621a4ef926a66de2d2c7ae74902431bab934e4b22943f3a9734c2ecdad15be68474cceb4f7526304
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records

Bugeja, Joseph

Search in DiVA

By author/editor
Bugeja, Joseph
By organisation
Internet of Things and People (IOTAP)Department of Computer Science and Media Technology (DVMT)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 0 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 4587 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf