Skip to main content
SpringerLink
Log in

Authentication Management of Home IoT Devices

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12788))

Included in the following conference series:

Abstract

The number of IoT devices in the home has been increasing rapidly. With the popularity comes different security vulnerabilities. One of the main causes for some vulnerabilities is users’ weak password management strategies. In this paper, we explored end-users’ password management for home IoT devices. We conducted a literature survey examining previous works on security and privacy concerns of home IoT devices and password management. We also conducted an online survey with 93 home IoT device users to determine their security and privacy concerns, authentication management, and feature preferences for a new authentication management tool. We found out that our participants were very concerned about security/privacy issues, but they followed insecure security steps in practice. However, they were found to be welcoming towards a new security tool for managing their passwords. We used the findings to suggest design principles for the design of an authentication management tool for home IoT devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://store.google.com/us/product/nest_learning_thermostat_3rd_gen.

  2. 2.

    https://www.philips-hue.com/en-us.

  3. 3.

    https://ifttt.com.

References

  1. Alqhatani, A., Lipford, H.R.: There is nothing that I need to keep secret: sharing practices and concerns of wearable fitness data. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019) (2019)

    Google Scholar 

  2. Behm, S., Deetjen, U., Kaniyar, S., Methner, N., Münstermann, B.: Digital ecosystems for insurers: Opportunities through the internet of things. McKinsey (Feb 2019)

    Google Scholar 

  3. Bilton, N.: Nest thermostat glitch leaves users in the cold. The New York Times (Jan 2016)

    Google Scholar 

  4. Blumtritt, C.: Smart Home - Number of Households in the Segment Smart Home Worldwide 2024 (2020). www.statista.com/forecasts/887613/number-of-smart-homes-in-thesmart- home-market-worldwide

  5. Brush, A.B., Lee, B., Mahajan, R., Agarwal, S., Saroiu, S., Dixon, C.: Home automation in the wild: challenges and opportunities. In: proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2115–2124 (2011)

    Google Scholar 

  6. Butler, D.J., Huang, J., Roesner, F., Cakmak, M.: The privacy-utility tradeoff for remotely teleoperated robots. In: Proceedings of the Tenth Annual ACM/IEEE International Conference on Human-Robot Interaction, pp. 27–34 (2015)

    Google Scholar 

  7. De Carné de Carnavalet, X., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: Network and Distributed System Security Symposium (NDSS 2014). Internet Society (2014)

    Google Scholar 

  8. Choe, E.K., Consolvo, S., Jung, J., Harrison, B., Patel, S.N., Kientz, J.A.: Investigating receptiveness to sensing and inference in the home using sensor proxies. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 61–70 (2012)

    Google Scholar 

  9. Courtney, K.L., Demeris, G., Rantz, M., Skubic, M.: Needing smart home technologies: the perspectives of older adults in continuing care retirement communities (2008)

    Google Scholar 

  10. Demeure, A., Caffiau, S., Elias, E., Roux, C.: Building and using home automation systems: a field study. In: Díaz, P., Pipek, V., Ardito, C., Jensen, C., Aedo, I., Boden, A. (eds.) IS-EUD 2015. LNCS, vol. 9083, pp. 125–140. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18425-8_9

    Chapter  Google Scholar 

  11. Denning, T., Kohno, T., Levy, H.M.: Computer security and the modern home. Commun. ACM 56(1), 94–103 (2013)

    Article  Google Scholar 

  12. El-Hajj, M., Fadlallah, A., Chamoun, M., Serhrouchni, A.: A survey of internet of things (IoT) authentication schemes. Sensors 19(5), 1141 (2019)

    Article  Google Scholar 

  13. Geeng, C., Roesner, F.: Who’s in control? interactions in multi-user smart homes. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2019)

    Google Scholar 

  14. Geneiatakis, D., Kounelis, I., Neisse, R., Nai-Fovino, I., Steri, G., Baldini, G.: Security and privacy issues for an IoT based smart home. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1292–1297. IEEE (2017)

    Google Scholar 

  15. Haney, J.M., Furman, S.M., Acar, Y.: Smart home security and privacy mitigations: consumer perceptions, practices, and challenges. In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 393–411. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50309-3_26

    Chapter  Google Scholar 

  16. He, W., et al.: Rethinking access control and authentication for the home internet of things (IoT). In: 27th USENIX Security Symposium (USENIX Security 18), pp. 255–272 (2018)

    Google Scholar 

  17. He, W., Hainline, J., Padhi, R., Ur, B.: Clap on, clap off: usability of authentication methods in the smart home. In: Proceedings of the Interactive Workshop on the Human Aspect of Smarthome Security and Privacy (2018)

    Google Scholar 

  18. He, W., Martinez, J., Padhi, R., Zhang, L., Ur, B.: When smart devices are stupid: negative experiences using home smart devices. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 150–155. IEEE (2019)

    Google Scholar 

  19. Hill, K.: ‘baby monitor hack’could happen to 40,000 other foscam users (2013)

    Google Scholar 

  20. Jan, M.A., Khan, F., Alam, M., Usman, M.: A payload-based mutual authentication scheme for internet of things. Future Gener. Comput. Syst. 92, 1028–1039 (2019)

    Article  Google Scholar 

  21. Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the Sigchi Conference on Human Factors in Computing Systems, pp. 2595–2604 (2011)

    Google Scholar 

  22. Lee, H., Kobsa, A.: Understanding user privacy in internet of things environments. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 407–412. IEEE (2016)

    Google Scholar 

  23. Lin, H., Bergmann, N.W.: IoT privacy and security challenges for smart home environments. Information 7(3), 44 (2016)

    Article  Google Scholar 

  24. Locasto, M.E., Massimi, M., DePasquale, P.J.: Security and privacy considerations in digital death. In: Proceedings of the 2011 New Security Paradigms Workshop, pp. 1–10 (2011)

    Google Scholar 

  25. Maclean, R., Ophoff, J.: Determining key factors that lead to the adoption of password managers. In: 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC), pp. 1–7. IEEE (2018)

    Google Scholar 

  26. McLean, A.: IoT malware and ransomware attacks on the incline: Intel security (2015)

    Google Scholar 

  27. McReynolds, E., Hubbard, S., Lau, T., Saraf, A., Cakmak, M., Roesner, F.: Toys that listen: a study of parents, children, and internet-connected toys. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 5197–5207 (2017)

    Google Scholar 

  28. Mennicken, S., Huang, E.M.: Hacking the natural habitat: an in-the-wild study of smart homes, their development, and the people who live in them. In: Kay, J., Lukowicz, P., Tokuda, H., Olivier, P., Krüger, A. (eds.) Pervasive 2012. LNCS, vol. 7319, pp. 143–160. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31205-2_10

    Chapter  Google Scholar 

  29. Naeini, P.E., et al.: Privacy expectations and preferences in an IoT world. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 399–412 (2017)

    Google Scholar 

  30. Novo, O.: Blockchain meets IoT: an architecture for scalable access management in IoT. IEEE Internet Things J. 5(2), 1184–1195 (2018)

    Article  Google Scholar 

  31. Oluwafemi, T., Kohno, T., Gupta, S., Patel, S.: Experimental security analyses of non-networked compact fluorescent lamps: a case study of home automation security. In: LASER 2013, pp. 13–24 (2013)

    Google Scholar 

  32. Seymour, W., Kraemer, M.J., Binns, R., Van Kleek, M.: Informing the design of privacy-empowering tools for the connected home. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2020)

    Google Scholar 

  33. Shane, S., Rosenberg, M., Lehren, A.W.: WikiLeaks releases trove of alleged CIA hacking documents. New York Times (2017)

    Google Scholar 

  34. Simpson, A.K., Roesner, F., Kohno, T.: Securing vulnerable home IoT devices with an in-hub security manager. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 551–556. IEEE (2017)

    Google Scholar 

  35. Stobert, E., Biddle, R.: Authentication in the home. Proc. HUPS (2013)

    Google Scholar 

  36. Tabassum, M., Kosinski, T., Lipford, H.R.: “I don’t own the data”: end user perceptions of smart home device data practices and risks. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019) (2019)

    Google Scholar 

  37. Tian, Y., et al.: Smartauth: user-centered authorization for the internet of things. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 361–378 (2017)

    Google Scholar 

  38. Townsend, D., Knoefel, F., Goubran, R.: Privacy versus autonomy: a tradeoff model for smart home monitoring technologies. In: 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society, pp. 4749–4752. IEEE (2011)

    Google Scholar 

  39. Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3775–3786 (2017)

    Google Scholar 

  40. Ur, B., Jung, J., Schechter, S.: The current state of access control for smart devices in homes. In: Workshop on Home Usable Privacy and Security (HUPS), vol. 29, pp. 209–218. HUPS 2014 (2013)

    Google Scholar 

  41. Ur, B., et al.: “I added‘!’at the end to make it secure”: observing password creation in the lab. In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 123–140 (2015)

    Google Scholar 

  42. Wang, Q., Hassan, W.U., Bates, A., Gunter, C.: Fear and logging in the internet of things. In: Network and Distributed Systems Symposium (2018)

    Google Scholar 

  43. Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 157–173 (2016)

    Google Scholar 

  44. Woo, J.B., Lim, Y.K.: User experience in do-it-yourself-style smart homes. In: Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing, pp. 779–790 (2015)

    Google Scholar 

  45. Worthy, P., Matthews, B., Viller, S.: Trust me: doubts and concerns living with the internet of things. In: Proceedings of the 2016 ACM Conference on Designing Interactive Systems, pp. 427–434 (2016)

    Google Scholar 

  46. Wu, D.J., Taly, A., Shankar, A., Boneh, D.: Privacy, discovery, and authentication for the internet of things. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part II. LNCS, vol. 9879, pp. 301–319. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_16

    Chapter  Google Scholar 

  47. Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the internet-of-things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks, pp. 1–7 (2015)

    Google Scholar 

  48. Zeng, E., Mare, S., Roesner, F.: End user security and privacy concerns with smart homes. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 65–80 (2017)

    Google Scholar 

  49. Zeng, E., Roesner, F.: Understanding and improving security and privacy in multi-user smart homes: a design exploration and in-home user study. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 159–176 (2019)

    Google Scholar 

  50. Zhang-Kennedy, L., Chiasson, S., Biddle, R.: Password advice shouldn’t be boring: visualizing password guessing attacks. In: 2013 APWG eCrime Researchers Summit, pp. 1–11. IEEE (2013)

    Google Scholar 

  51. Zheng, S., Apthorpe, N., Chetty, M., Feamster, N.: User perceptions of smart home IoT privacy. Proc. ACM Hum. Comput. Interact. 2(CSCW), 1–20 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carleton University, Ottawa, Canada

    Aniqa Alam & Elizabeth Stobert

  2. National Research Council of Canada (NRC), Ottawa, Canada

    Heather Molyneaux

Authors
  1. Aniqa Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heather Molyneaux
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elizabeth Stobert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aniqa Alam .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Crown

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alam, A., Molyneaux, H., Stobert, E. (2021). Authentication Management of Home IoT Devices. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2021. Lecture Notes in Computer Science(), vol 12788. Springer, Cham. https://doi.org/10.1007/978-3-030-77392-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77392-2_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77391-5

  • Online ISBN: 978-3-030-77392-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation