Abstract
The following capstone project and the STS research paper both explore security vulnerabilities in Internet of Things (IoT) devices. However, both approach this issue from different perspectives, one through a technical lens and the other through a sociotechnical lens. The capstone report is focused on identifying the issue with IoT and evaluating and providing recommendations on engineering-based solutions to vulnerabilities in IoT systems, especially in home automation and healthcare environments. The STS research paper, on the other hand, investigates how user behavior, technological design, and corporate practices shape the outlook of IoT privacy and security. Despite how the capstone project and the STS research paper differ in their approaches, they share the same motivation, which is to design and operate IoT systems that preserve technical integrity as well as user’s safety. Working on both projects in tandem offers an appreciation as to why technical solutions in isolation are insufficient without considering the broader sociotechnical dynamics of play.
The capstone project, “IoT Security: An Analysis of Solutions for IoT Privacy and Security Devices,” analyzes vulnerabilities resulting from the use of interconnected IoT systems in home automation and healthcare settings. Two primary mitigation techniques are network segmentation and multilayered authentication. Network segmentation divides a large network into smaller isolated subnetworks, which makes it much difficult for hackers to compromise other devices that are in a different subnetwork once a device has been compromised in a subnetwork. Multilayered authentication provides additional verification methods to verify the user such as passwords, biometrics, one-time passcodes, etc. However, this form of authentication can pose usability concerns especially in settings such as home automation and medical fields where ease of use and speed are preferred by consumers and in high stress environments. As a result, it has been concluded that while both methods offer great security, network segmentation offers a more scalable, infrastructure-level protection. Future work can include the integration of artificial intelligence and machine learning to detect real-time threats in segmented networks to make security infrastructures in IoT more robust and secure.
The STS research paper, “Exploring Solutions for IoT Privacy and Security: Balancing User Behavior, Ethics, and Technology,” analyzes human, technological, and corporate actors act together to produce IoT security consequences. Actor Network Theory (ANT) framework is used to explore user-IoT device, corporate, hacker interactions as interconnected entities in an expanding network. The finding revealed that consumers prefer convenience in comparison with security and disregard basic security protections such as software updates, strong passwords, and network settings. Corporations may encourage these habits by concealing security options or rendering them as less convenient. On the other hand, hackers take advantage of these weaknesses with or without user participation. The STS paper emphasizes
the idea that solutions to IoT security issues are more than strengthening technical defenses but instead call for a fundamental rethinking of the design, marketing, and upkeep of devices. ANT provided a helpful framework for understanding how agency is distributed among human and non-human actors, demonstrating that effective security improvements must be woven into the fabric of the sociotechnical networks.
Exploring the capstone project and the STS research paper provided deep insights into IoT security and its connection to the sociotechnical dynamic. The Capstone strengthened technical skills in cybersecurity evaluation and system development, while the STS research fostered a deeper understanding of how human agency, corporate agendas, and technological mediation influence the success or failure of security interventions. Together, the projects highlighted the reality that effective IoT security demands a holistic approach, one that addresses both technical risk and the sociotechnical environments in which technologies and users intersect. This will be helpful in the future, whether in tech creation, cybersecurity policymaking, or user experience design. The understanding of technology as being situated in a wider social and ethical environment allows solutions to not merely be technically correct but also practical, inclusive, and robust against changing challenges.
