Design of a Smart Lock Retrofit Device; Security and Privacy of Smart Home Devices: an Analysis of User Perceptions

Gudka, Rory, School of Engineering and Applied Science, University of Virginia
Barnes, Adam, EN-Elec & Comp Engr Dept, University of Virginia
Francisco, Pedro Augusto, EN-Engineering and Society, University of Virginia

Smart devices are an increasingly important aspect of modern society, and while there are associated costs and challenges with their security, the large majority of technical vulnerabilities can be readily resolved. In my technical research report, I dived into the development process of a smart lock retrofit device that handles communication via Bluetooth, WiFi, and RF transceivers. This research was conducted because smart locks number among the most important devices for security to be effectively maintained, and because there are a multitude of challenges securing the various communication methods that the device offers. In my STS research report, I analyzed user perceptions of smart device privacy and security, and I explored the impact that these perceptions have on the practices of smart device producers. This research question was selected due to the increasing concerns of privacy and security in the ever expanding smart device market. These two research projects are intrinsically related, as the development of a smart lock retrofit device offered me insight into the challenges, solutions, and costs of modern smart device development. This allowed me to better understand the values and factors that could drive producers to take advantage of user perceptions for a greater profit.
The technical research explored the causes of technical vulnerabilities and the feasibility of their solutions using the same process that smart device producers would take. This project began by proposing a list of features that necessitated the use of three separate communication protocols–Bluetooth, WiFi, and RF–between four separate devices. Given the variety of communication methods used and the features planned, several basic security measures had to be implemented, including authentication, authorization, and encryption. Moreover, given the nature of this device, more advanced security measures had to be explored, such as the prevention of encrypted data being inferred and authorized commands being replayed.
Over the course of this development process, it was found that higher quality microcontrollers or a greater number of components dedicated to implementing these security features would be necessary to fully secure the device. Not only would this increase the final cost of the device itself, but it would also require a greater amount of research and development to alter existing designs to reduce vulnerabilities, and the testing and validation process would become more complex and intensive. This research project showed that the majority of technical risks associated with smart locks are readily resolvable, but it also demonstrated how the increased costs associated with their fixes might influence the decisions of producers.
On the other hand, my STS research project analyzed the question: what are current user perceptions of smart home device security, how much do they care about the associated risks they perceive, and how do companies seem to be responding to protect consumers’ security and privacy? This topic is becoming ever more significant, as both the number of smart devices in circulation and the number of malicious attacks on smart devices increase every year, and the influence of consumers on the security practices of producers should not be underestimated. To do this, I used the Social Construction of Technology theory to examine relevant literature.
There is a significant amount of evidence from available literature that users are excessively accepting of privacy and security risks associated with smart devices, despite not fully understanding the risks to begin with. There is a substantial lack of transparency provided by smart device producers regarding how their data is handled and what security measures have been taken to secure it. Producers appear to be taking advantage of this by selling devices that are not fully secured against common attacks, and by sharing or selling private user data. It is important that action is taken to increase the responsibility of these producers and that consumers are made aware of the risks associated with their devices.

BS (Bachelor of Science)
Security, Privacy, Smart Device, IoT

School of Engineering and Applied Science

Bachelor of Science in Electrical Engineering

Technical Advisor: Adam Barnes

STS Advisor: Pedro Francisco

Technical Team Members: Emil Ivanov, Alexandros Pfoser, Rohit Rajuladevi

All rights reserved (no additional license for public reuse)
Issued Date: