Skip to main content
SpringerLink
Log in

A trust model for popular smart home devices

  • regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others. There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers. As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it. Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences. In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors. We have evaluated how trust was built and managed from the initial set-up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests). As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. https://www.statista.com/page/compass.

  2. https://www.canalys.com/.

  3. https://www.alexa.com/.

  4. https://store.google.com/es/product/google_home_mini.

  5. https://mobileecosystemforum.com/programmes/analytics/iot-report-2016/.

  6. https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1900060.

  7. https://www.wireshark.org/.

  8. https://play.google.com/store/apps/details?id=com.amazon.dee.app&hl=it

  9. https://play.google.com/store/apps/details?id=com.google.android.apps.chromecast.app&hl=it

  10. https://play.google.com/store.

  11. https://zigbeealliance.org/.

  12. https://play.google.com/store/apps/details?id=com.philips.lighting.hue2.

  13. https://www.spotify.com.

  14. https://www.which.co.uk/reviews/smart-home-hubs/article/smart-hubs-explained/google-assistant-and-alexa-commands.

  15. https://www.bbc.com/.

  16. https://support.google.com/googlenest/answer/7177221?hl=en.

  17. https://support.google.com/googlenest/answer/7177221?hl=en.

  18. https://support.google.com/googlenest/answer/9155535.

  19. https://www.pcmag.com/feature/363112/how-to-let-multiple-people-use-the-same-amazon-echo/1.

  20. https://www.pcmag.com/feature/335949/16-things-to-know-about-amazon-prime/7.

  21. https://www.openhab.org/.

References

  1. Aufner, P.: The IoT security gap: a look down into the valley between threat models and their implementation. Int. J. Inf. Secur. 19, 3–14 (2020). https://doi.org/10.1007/s10207-019-00445-y

    Article  Google Scholar 

  2. Bastos, D., Shackleton, M., El-Moussa, F.: Internet of things: a survey of technologies and security risks in smart home and city environments. In: IET Conference Proceedings, pp. 30(7)–30(7)(1) (2018)

  3. Chung, H., Iorga, M., Voas, J., Lee, S.: Alexa, can i trust you? Computer 50(9), 100 (2017)

    Article  Google Scholar 

  4. Chung, H., Park, J., Lee, S.: Digital forensic approaches for amazon alexa ecosystem. Digit. Invest. 22, S15–S25 (2017)

    Article  Google Scholar 

  5. Erickson, J.: Trust metrics. In: International Symposium on Collaborative Technologies and Systems, CTS’09, pp. 93–97. IEEE (2009)

  6. Fernandez-Gago, C., Moyano, F., Lopez, J.: Modelling trust dynamics in the internet of things. Inf. Sci. 396, 72–82 (2017)

    Article  Google Scholar 

  7. Ferraris, D., Daniel, J., Fernandez-Gago, C., Lopez, J.: A segregated architecture for a trust-based network of internet of things. In: 2019 16th IEEE Annual Consumer Communications and Networking Conference (CCNC) (CCNC 2019). Las Vegas, USA (2019)

  8. Ferraris, D., Fernandez-Gago, C., Lopez, J.: A trust-by-design framework for the internet of things. In: 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–4. IEEE (2018)

  9. Ferraris, D., Fernandez-Gago, C.: TrUStAPIS: a trust requirements elicitation method for IoT. Int. J. Inf. Secur. 19, 111–127 (2020). https://doi.org/10.1007/s10207-019-00438-x

    Article  Google Scholar 

  10. Ford, M., Palmer, W.: Alexa, are you listening to me? An analysis of Alexa voice service network traffic. Pers. Ubiquit. Comput. 23(1), 67–79 (2019)

    Article  Google Scholar 

  11. Ganchev, I., Ji, Z., O’Droma, M.: A generic IoT architecture for smart cities IET (2014)

  12. Giesler, M., Fischer, E.: Iot stories: the good, the bad and the freaky. GfK Market. Intell. Rev. 10(2), 25–30 (2018)

    Google Scholar 

  13. Hoffman, L.J., Lawson-Jenkins, K., Blum, J.: Trust beyond security: an expanded trust model. Commun. ACM 49(7), 94–101 (2006)

    Article  Google Scholar 

  14. Hoy, M.B.: Alexa, Siri, Cortana, and more: an introduction to voice assistants. Med. Ref. Serv. Quart. 37(1), 81–88 (2018)

    Article  Google Scholar 

  15. Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007)

    Article  Google Scholar 

  16. Jose, A.C., Malekian, R.: Smart home automation security: a literature review. SmartCR 5(4), 269–285 (2015)

    Google Scholar 

  17. Kepuska, V., Bohouta, G.: Next-generation of virtual personal assistants (microsoft cortana, apple Siri, Amazon Alexa and Google home). In: 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC), pp. 99–103. IEEE (2018)

  18. Lei, X., Tu, G.H., Liu, A.X., Ali, K., Li, C.Y., Xie, T.: The Insecurity of Home Digital Voice Assistants—Amazon Alexa as a Case Study (2017). arXiv preprint arXiv:1712.03327

  19. Mahmoud, R., Yousuf, T., Aloul, F., Zualkernan, I.: Internet of things (IoT) security: current status, challenges and prospective measures. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 336–341. IEEE (2015)

  20. Moyano, F., Fernandez-Gago, C., Lopez, J.: A conceptual framework for trust models. In: 9th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2012. vol. 7449 of Lectures Notes in Computer Science, pp. 93-104. Springer (2012)

  21. Nieto, A., Rios, R., Lopez, J.: Iot-forensics meets privacy: towards cooperative digital investigations. Sensors 18(2), 492 (2018)

    Article  Google Scholar 

  22. Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., Boreli, R.: An experimental study of security and privacy risks with emerging household appliances. In: IEEE Conference on Communications and Network Security (CNS), pp. 79–84. IEEE (2014)

  23. Ozawa, S., Ban, T., Hashimoto, N., Nakazato, J., Shimamura, J.: A study of iot malware activities using association rule learning for darknet sensor data. Int. J. Inf. Secur. 19(1), 83–92 (2020)

    Article  Google Scholar 

  24. Park, M.J., James, J.I.: Preliminary study of a Google home mini (2020). arXiv preprint arXiv:2001.04574

  25. Park, J.S., Moon, M., Hwang, S., Yeom, K.: CASS: a context-aware simulation system for smart home. In: 5th ACIS International Conference on Software Engineering Research, Management and Applications (SERA 2007). IEEE (2007)

  26. Pavlidis, M.: Designing for trust. In: CAiSE (Doctoral Consortium), pp. 3–14 (2011)

  27. Purington, A., Taft, J.G., Sannon, S., Bazarova, N.N., Taylor, S.H.: Alexa is my new BFF: social roles, user satisfaction, and personification of the Amazon echo. In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 2853–2859. ACM (2017)

  28. Roman, R., Najera, P., Lopez, J.: Securing the internet of things. Computer 44(9), 51–58 (2011)

    Article  Google Scholar 

  29. Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57(10), 2266–2279 (2013)

    Article  Google Scholar 

  30. Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: IEEE European Symposium on Security and Privacy (EuroS&P), pp. 3–12. IEEE (2016)

  31. Ronen, E., Shamir, A., Weingarten, A.O., O’Flynn, C.: IoT goes nuclear. In: IEEE Symposium on Creating a ZigBee chain reaction Security and Privacy (SP), pp. 195–212 (2017)

  32. Sciuto, A., Saini, A., Forlizzi, J., Hong, J.I. (2018). Hey Alexa, What’s Up? A mixed-methods studies of in-home conversational agent usage. In: Proceedings of the 2018 Designing Interactive Systems Conference, pp. 857–868

  33. Shayesteh, B., Hakami, V., Akbari, A.: A trust management scheme for IoT-enabled environmental health/accessibility monitoring services. Int. J. Inf. Secur. 19(1), 93–110 (2020)

    Article  Google Scholar 

  34. Voigt, P., Von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). A Practical Guide, 1st edn. Springer, Cham (2017)

    Book  Google Scholar 

  35. Wiederhold, B.K.: Alexa, are you my mom? The role of artificial intelligence in child development. Cyberpsychol. Behav. Soc. Netw. 21, 471–472 (2018)

    Article  Google Scholar 

  36. Yan, Z., Zhang, P., Vasilakos, A.V.: A survey on trust management for internet of things. J. Netw. Comput. Appl. 42, 120–134 (2014)

    Article  Google Scholar 

  37. Ye, M., et al.: Security analysis of internet-of-things: a case study of august smart lock. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). IEEE (2017)

  38. Zhang, N., Mi, X., Feng, X., Wang, X., Tian, Y., Qian, F.: Understanding and mitigating the security risks of voice-controlled third-party skills on Amazon alexa and Google home (2018). arXiv preprint arXiv:1805.01525

Download references

Acknowledgements

This work has been supported by the EU project H2020-MSCA-RISE-2017 under grant agreement No. 777996 (Sealed-GRID) and the EU H2020-SU-ICT-03-2018 Project No. 830929 CyberSec4Europe (cybersec4europe.eu). This work reflects only the authors view, and the Research Executive Agency is not responsible for any use that may be made of the information it contains.

Author information

Authors and Affiliations

  1. Network, Information and Computer Security Lab, University of Malaga, 29071, Malaga, Spain

    Davide Ferraris & Carmen Fernandez-Gago

  2. British Telecom, Adastral Park, Ipswich, IP5 3RE, UK

    Daniel Bastos & Fadi El-Moussa

Authors
  1. Davide Ferraris
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Bastos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carmen Fernandez-Gago
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fadi El-Moussa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Davide Ferraris.

Ethics declarations

Conflict of interest

All authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ferraris, D., Bastos, D., Fernandez-Gago, C. et al. A trust model for popular smart home devices. Int. J. Inf. Secur. 20, 571–587 (2021). https://doi.org/10.1007/s10207-020-00519-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-020-00519-2

Keywords

Search

Navigation