Abstract
The number of IoT devices in the home has been increasing rapidly. With the popularity comes different security vulnerabilities. One of the main causes for some vulnerabilities is users’ weak password management strategies. In this paper, we explored end-users’ password management for home IoT devices. We conducted a literature survey examining previous works on security and privacy concerns of home IoT devices and password management. We also conducted an online survey with 93 home IoT device users to determine their security and privacy concerns, authentication management, and feature preferences for a new authentication management tool. We found out that our participants were very concerned about security/privacy issues, but they followed insecure security steps in practice. However, they were found to be welcoming towards a new security tool for managing their passwords. We used the findings to suggest design principles for the design of an authentication management tool for home IoT devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alqhatani, A., Lipford, H.R.: There is nothing that I need to keep secret: sharing practices and concerns of wearable fitness data. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019) (2019)
Behm, S., Deetjen, U., Kaniyar, S., Methner, N., Münstermann, B.: Digital ecosystems for insurers: Opportunities through the internet of things. McKinsey (Feb 2019)
Bilton, N.: Nest thermostat glitch leaves users in the cold. The New York Times (Jan 2016)
Blumtritt, C.: Smart Home - Number of Households in the Segment Smart Home Worldwide 2024 (2020). www.statista.com/forecasts/887613/number-of-smart-homes-in-thesmart- home-market-worldwide
Brush, A.B., Lee, B., Mahajan, R., Agarwal, S., Saroiu, S., Dixon, C.: Home automation in the wild: challenges and opportunities. In: proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2115–2124 (2011)
Butler, D.J., Huang, J., Roesner, F., Cakmak, M.: The privacy-utility tradeoff for remotely teleoperated robots. In: Proceedings of the Tenth Annual ACM/IEEE International Conference on Human-Robot Interaction, pp. 27–34 (2015)
De Carné de Carnavalet, X., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: Network and Distributed System Security Symposium (NDSS 2014). Internet Society (2014)
Choe, E.K., Consolvo, S., Jung, J., Harrison, B., Patel, S.N., Kientz, J.A.: Investigating receptiveness to sensing and inference in the home using sensor proxies. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 61–70 (2012)
Courtney, K.L., Demeris, G., Rantz, M., Skubic, M.: Needing smart home technologies: the perspectives of older adults in continuing care retirement communities (2008)
Demeure, A., Caffiau, S., Elias, E., Roux, C.: Building and using home automation systems: a field study. In: Díaz, P., Pipek, V., Ardito, C., Jensen, C., Aedo, I., Boden, A. (eds.) IS-EUD 2015. LNCS, vol. 9083, pp. 125–140. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18425-8_9
Denning, T., Kohno, T., Levy, H.M.: Computer security and the modern home. Commun. ACM 56(1), 94–103 (2013)
El-Hajj, M., Fadlallah, A., Chamoun, M., Serhrouchni, A.: A survey of internet of things (IoT) authentication schemes. Sensors 19(5), 1141 (2019)
Geeng, C., Roesner, F.: Who’s in control? interactions in multi-user smart homes. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2019)
Geneiatakis, D., Kounelis, I., Neisse, R., Nai-Fovino, I., Steri, G., Baldini, G.: Security and privacy issues for an IoT based smart home. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1292–1297. IEEE (2017)
Haney, J.M., Furman, S.M., Acar, Y.: Smart home security and privacy mitigations: consumer perceptions, practices, and challenges. In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 393–411. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50309-3_26
He, W., et al.: Rethinking access control and authentication for the home internet of things (IoT). In: 27th USENIX Security Symposium (USENIX Security 18), pp. 255–272 (2018)
He, W., Hainline, J., Padhi, R., Ur, B.: Clap on, clap off: usability of authentication methods in the smart home. In: Proceedings of the Interactive Workshop on the Human Aspect of Smarthome Security and Privacy (2018)
He, W., Martinez, J., Padhi, R., Zhang, L., Ur, B.: When smart devices are stupid: negative experiences using home smart devices. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 150–155. IEEE (2019)
Hill, K.: ‘baby monitor hack’could happen to 40,000 other foscam users (2013)
Jan, M.A., Khan, F., Alam, M., Usman, M.: A payload-based mutual authentication scheme for internet of things. Future Gener. Comput. Syst. 92, 1028–1039 (2019)
Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the Sigchi Conference on Human Factors in Computing Systems, pp. 2595–2604 (2011)
Lee, H., Kobsa, A.: Understanding user privacy in internet of things environments. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 407–412. IEEE (2016)
Lin, H., Bergmann, N.W.: IoT privacy and security challenges for smart home environments. Information 7(3), 44 (2016)
Locasto, M.E., Massimi, M., DePasquale, P.J.: Security and privacy considerations in digital death. In: Proceedings of the 2011 New Security Paradigms Workshop, pp. 1–10 (2011)
Maclean, R., Ophoff, J.: Determining key factors that lead to the adoption of password managers. In: 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC), pp. 1–7. IEEE (2018)
McLean, A.: IoT malware and ransomware attacks on the incline: Intel security (2015)
McReynolds, E., Hubbard, S., Lau, T., Saraf, A., Cakmak, M., Roesner, F.: Toys that listen: a study of parents, children, and internet-connected toys. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 5197–5207 (2017)
Mennicken, S., Huang, E.M.: Hacking the natural habitat: an in-the-wild study of smart homes, their development, and the people who live in them. In: Kay, J., Lukowicz, P., Tokuda, H., Olivier, P., Krüger, A. (eds.) Pervasive 2012. LNCS, vol. 7319, pp. 143–160. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31205-2_10
Naeini, P.E., et al.: Privacy expectations and preferences in an IoT world. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 399–412 (2017)
Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5(2), 1184–1195 (2018)
Oluwafemi, T., Kohno, T., Gupta, S., Patel, S.: Experimental security analyses of non-networked compact fluorescent lamps: a case study of home automation security. In: LASER 2013, pp. 13–24 (2013)
Seymour, W., Kraemer, M.J., Binns, R., Van Kleek, M.: Informing the design of privacy-empowering tools for the connected home. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2020)
Shane, S., Rosenberg, M., Lehren, A.W.: WikiLeaks releases trove of alleged CIA hacking documents. New York Times (2017)
Simpson, A.K., Roesner, F., Kohno, T.: Securing vulnerable home IoT devices with an in-hub security manager. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 551–556. IEEE (2017)
Stobert, E., Biddle, R.: Authentication in the home. Proc. HUPS (2013)
Tabassum, M., Kosinski, T., Lipford, H.R.: “I don’t own the data”: end user perceptions of smart home device data practices and risks. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019) (2019)
Tian, Y., et al.: Smartauth: user-centered authorization for the internet of things. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 361–378 (2017)
Townsend, D., Knoefel, F., Goubran, R.: Privacy versus autonomy: a tradeoff model for smart home monitoring technologies. In: 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society, pp. 4749–4752. IEEE (2011)
Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3775–3786 (2017)
Ur, B., Jung, J., Schechter, S.: The current state of access control for smart devices in homes. In: Workshop on Home Usable Privacy and Security (HUPS), vol. 29, pp. 209–218. HUPS 2014 (2013)
Ur, B., et al.: “I added‘!’at the end to make it secure”: observing password creation in the lab. In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 123–140 (2015)
Wang, Q., Hassan, W.U., Bates, A., Gunter, C.: Fear and logging in the internet of things. In: Network and Distributed Systems Symposium (2018)
Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 157–173 (2016)
Woo, J.B., Lim, Y.K.: User experience in do-it-yourself-style smart homes. In: Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, pp. 779–790 (2015)
Worthy, P., Matthews, B., Viller, S.: Trust me: doubts and concerns living with the internet of things. In: Proceedings of the 2016 ACM Conference on Designing Interactive Systems, pp. 427–434 (2016)
Wu, D.J., Taly, A., Shankar, A., Boneh, D.: Privacy, discovery, and authentication for the internet of things. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part II. LNCS, vol. 9879, pp. 301–319. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_16
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the internet-of-things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks, pp. 1–7 (2015)
Zeng, E., Mare, S., Roesner, F.: End user security and privacy concerns with smart homes. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 65–80 (2017)
Zeng, E., Roesner, F.: Understanding and improving security and privacy in multi-user smart homes: a design exploration and in-home user study. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 159–176 (2019)
Zhang-Kennedy, L., Chiasson, S., Biddle, R.: Password advice shouldn’t be boring: visualizing password guessing attacks. In: 2013 APWG eCrime Researchers Summit, pp. 1–11. IEEE (2013)
Zheng, S., Apthorpe, N., Chetty, M., Feamster, N.: User perceptions of smart home IoT privacy. Proc. ACM Hum. Comput. Interact. 2(CSCW), 1–20 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Crown
About this paper
Cite this paper
Alam, A., Molyneaux, H., Stobert, E. (2021). Authentication Management of Home IoT Devices. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2021. Lecture Notes in Computer Science(), vol 12788. Springer, Cham. https://doi.org/10.1007/978-3-030-77392-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-77392-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-77391-5
Online ISBN: 978-3-030-77392-2
eBook Packages: Computer ScienceComputer Science (R0)