Risk Prevention in the Internet of Things; The Concern of Privacy in the Smart Home
Burke, Brendan, School of Engineering and Applied Science, University of Virginia
Hassanzadeh, Farzad, EN-Elec/Computer Engr Dept, University of Virginia
Baritaud, Catherine, EN-Engineering and Society, University of Virginia
The internet grows increasingly pervasive in each of our lives, with more everyday devices being replaced with online equivalents, and so the need for strong network security and privacy protections has never been greater. Through the proposal of a new software tool, the technical topic addresses the need for easy and convenient way to measure the security of a network. Many different options for internet-enabled devices that can replace common household items exist, but there is not an easy way to figure out which is the most secure, so users often unknowingly put their safety and privacy at risk with insecure products. The science, technology, and society (STS) topic analyzes the role of privacy in smart home networks, made up of Internet of Things devices, and how social groups influence the development of new products. The two tightly coupled topics approach related problems within the Internet of Things that can create distrust in the field.
The technical portion describes the function and purpose of a new tool that could allow users to analyze and improve the security of their home networks and reduce the risk of introducing any insecure products to that network. This proposed tool, which takes the form of an application, uses network device and port scans to identify potential security issues within any connected nodes, and its database searching functionality would allow users to search for products while shopping to determine which products are known to be vulnerable. The tool uses open-source network scanning tools and exploit databases to determine risk, and the device database uses the results of such scans to log risks.
With a single person team, the time constraint meant that the tool never received a fully functional prototype, but the general design of the tool was completed. While originally intended to be a mobile application, both the Android and iOS operating systems are unable to do sufficient port scanning to meet the requirements of the tool without being modified to grant the user root access, and so the design was extended to include a desktop application, since all desktop operating systems allow administrators to grant the necessary permissions by default. However, the desktop version also did not extend beyond proof-of-concept.
The STS research question stems from a curiosity as to how if at all privacy expectations influence the adoption of smart home products. From there, the focus of the research shifted into how privacy protections could be improved. Specifically, this research looked at how human and non-human actors influence the privacy and security of new smart home devices. The framework developed to outline the relationships between these actors uses Actor Network Theory to see which actors could act as the best influence towards improved privacy in new products. This framework and the suggestions for further protecting user privacy were developed by examining previous research, case studies, and opinions about privacy within the smart home environment.
Previous research suggests that the lack of user protections within these gadget stems from the willingness of consumers to sacrifice their privacy for the sake of convenience, often due to an incomplete understanding of the value of their private data and risks involved if malicious parties get access to this information. The research also suggested that the absence of strong policy requiring these devices meet security and privacy standards can also be due to the lack of quality education about this field of computing. This analysis showed that by improving education and increasing transparency on data collection and risk, consumers can make more informed decisions about their privacy and governments can more effectively create solutions to protect their citizens. This research also suggested that legislation alone would not be sufficient to protect smart home users, since the rapid development of both new products and exploits mean that any specific law could be quickly outdated, so the creation of a regulatory body that manages privacy and security requirements would be required to best protect those that use this technology. This research alone cannot be used to create an ideal solution, but it could serve to inform future research on potential solutions.
The need for strong security in this internet age is clear, as privacy cannot exist without proper security. However, even with perfect security, the future of how personal data is used and shared depends on what consumers are willing to tolerate for perceived benefits of new technologies. While individuals can influence the security of their own private data by carefully choosing which products they use, the future of smart home technology will be determined by society as a whole.
BS (Bachelor of Science)
Actor Network Theory, Privacy, Security, Internet of Things, Smart Home
School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Farzad Hassanzadeh
STS Advisor: Catherine Baritaud
Technical Team Members: Brendan Burke
All rights reserved (no additional license for public reuse)