research-article

Design Considerations for Usable Authentication in Smart Homes

Authors:

Florian AltAuthors Info & Claims

MuC '21: Proceedings of Mensch und Computer 2021

Pages 311 - 324

https://doi.org/10.1145/3473856.3473878

Published: 13 September 2021 Publication History

Abstract

Smart home devices are on the rise. To provide their rich variety of features, they collect, store and process a considerable amount of (potentially sensitive) user data. However, authentication mechanisms on such devices a) have limited usability or b) are non-existing. To close this gap, we investigated, on one hand, users’ perspectives towards potential privacy and security risks as well as how they imagine usable authentication mechanisms in future smart homes. On the other hand, we considered security experts’ perspectives on authentication for smart homes. In particular, we conducted semi-structured interviews (N=20) with potential smart home users using the story completion method and a focus group with security experts (N=10). We found what kind of devices users would choose and why, potential challenges regarding privacy and security, and potential solutions. We discussed and verified these with security experts. We derive and reflect on a set of design implications for usable authentication mechanisms for smart homes and suggest directions for future research. Our work can assist designers and practitioners when implementing appropriate security mechanisms for smart homes.

References

[1]

Imtiaz Ahmad, Rosta Farzan, Apu Kapadia, and Adam J. Lee. 2020. Tangible Privacy: Towards User-Centric Sensor Designs for Bystander Privacy. Proc. ACM Hum.-Comput. Interact. 4, CSCW2, Article 116 (Oct. 2020), 28 pages. https://doi.org/10.1145/3415187

Digital Library

[2]

Gianmarco Baldini, Maarten Botterman, Ricardo Neisse, and Mariachiara Tallacchini. 2018. Ethical Design in the Internet of Things. Science and Engineering Ethics 24, 3 (01 Jun 2018), 905–925. https://doi.org/10.1007/s11948-016-9754-5

[3]

Virginia Braun and Victoria Clarke. 2012. Thematic analysis.APA handbook of research methods in psychology. Research designs: Quantitative, qualitative, neuropsychological, and biological 2 (2012), 57–71.

[4]

George Chalhoub, Ivan Flechais, Norbert Nthala, and Ruba Abu-Salma. 2020. Innovation Inaction or In Action? The Role of User Experience in the Security and Privacy Design of Smart Home Cameras. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, Berkeley, CA, USA, 185–204. https://www.usenix.org/conference/soups2020/presentation/chalhoub

[5]

George Chalhoub, Ivan Flechais, Norbert Nthala, Ruba Abu-Salma, and Elie Tom. 2020. Factoring User Experience into the Security and Privacy Design of Smart Home Devices: A Case Study. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI EA ’20). Association for Computing Machinery, New York, NY, USA, 1–9. https://doi.org/10.1145/3334480.3382850

Digital Library

[6]

Victoria Clarke, Nikki Hayfield, Naomi Moller, and Irmgard Tischner. 2017. Once Upon A Time…: Story Completion Methods. Collecting Qualitative Data: A Practical Guide to Textual, Media and Virtual Techniques 1(2017), 45–70.

[7]

Malin Eiband, Daniel Buschek, and Heinrich Hussmann. 2020. How to Support Users in Understanding Intelligent Systems? Structuring the Discussion. arxiv:2001.08301 [cs.HC]

[8]

Radhika Garg and Christopher Moreno. 2019. Understanding Motivators, Constraints, and Practices of Sharing Internet of Things. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 3, 2, Article 44 (June 2019), 21 pages. https://doi.org/10.1145/3328915

Digital Library

[9]

Christine Geeng and Franziska Roesner. 2019. Who’s In Control? Interactions In Multi-User Smart Homes. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk) (CHI ’19). Association for Computing Machinery, New York, NY, USA, Article 268, 13 pages. https://doi.org/10.1145/3290605.3300498

Digital Library

[10]

Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking Access Control and Authentication for the Home Internet of Things (IoT). In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 255–272. https://www.usenix.org/conference/usenixsecurity18/presentation/he

Digital Library

[11]

Martin J Kraemer, Ivan Flechais, and Helena Webb. 2019. Exploring Communal Technology Use in the Home. In Proceedings of the Halfway to the Future Symposium 2019 (Nottingham, United Kingdom) (HTTF 2019). Association for Computing Machinery, New York, NY, USA, Article 5, 8 pages. https://doi.org/10.1145/3363384.3363389

Digital Library

[12]

William Jang, Adil Chhabra, and Aarathi Prasad. 2017. Enabling Multi-User Controls in Smart Home Devices. In Proceedings of the 2017 Workshop on Internet of Things Security and Privacy (Dallas, Texas, USA) (IoTS&P ’17). Association for Computing Machinery, New York, NY, USA, 49–54. https://doi.org/10.1145/3139937.3139941

Digital Library

[13]

Adam N. Joinson, Ulf-Dietrich Reips, Tom Buchanan, and Carina B. Paine Schofield. 2010. Privacy, Trust, and Self-Disclosure Online. Human–Computer Interaction 25, 1 (2010), 1–24. https://doi.org/10.1080/07370020903586662 arXiv:https://www.tandfonline.com/doi/pdf/10.1080/07370020903586662

[14]

Hassan Khan, Urs Hengartner, and Daniel Vogel. 2018. Augmented Reality-Based Mimicry Attacks on Behaviour-Based Smartphone Authentication. In Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services (Munich, Germany) (MobiSys ’18). Association for Computing Machinery, New York, NY, USA, 41–53. https://doi.org/10.1145/3210240.3210317

Digital Library

[15]

Christine Kühnel, Tilo Westermann, Fabian Hemmert, Sven Kratz, Alexander Müller, and Sebastian Möller. 2011. I’m home: Defining and evaluating a gesture set for smart-home control. International Journal of Human-Computer Studies 69, 11 (2011), 693 – 704. https://doi.org/10.1016/j.ijhcs.2011.04.005

[16]

Xiaopeng Li, Fengyao Yan, Fei Zuo, Qiang Zeng, and Lannan Luo. 2019. Touch Well Before Use: Intuitive and Secure Authentication for IoT Devices. In The 25th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery, New York, NY, USA, Article 33, 17 pages. https://doi.org/10.1145/3300061.3345434

Digital Library

[17]

Shrirang Mare, Logan Girvin, Franziska Roesner, and Tadayoshi Kohno. 2019. Consumer Smart Homes: Where We Are and Where We Need to Go. In Proceedings of the 20th International Workshop on Mobile Computing Systems and Applications (Santa Cruz, CA, USA) (HotMobile ’19). Association for Computing Machinery, New York, NY, USA, 117–122. https://doi.org/10.1145/3301293.3302371

Digital Library

[18]

Davit Marikyan, Savvas Papagiannidis, and Eleftherios Alamanos. 2019. A systematic review of the smart home literature: A user perspective. Technological Forecasting and Social Change 138 (2019), 139 – 154. https://doi.org/10.1016/j.techfore.2018.08.015

[19]

Karola Marky, Sarah Prange, Florian Krell, Max Mühlhäuser, and Florian Alt. 2020. “You Just Can’t Know about Everything”: Privacy Perceptions of Smart Home Visitors. In 19th International Conference on Mobile and Ubiquitous Multimedia. Association for Computing Machinery, New York, NY, USA, 83–95. https://doi.org/10.1145/3428361.3428464

[20]

Emily McReynolds, Sarah Hubbard, Timothy Lau, Aditya Saraf, Maya Cakmak, and Franziska Roesner. 2017. Toys That Listen: A Study of Parents, Children, and Internet-Connected Toys. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). Association for Computing Machinery, New York, NY, USA, 5197–5207. https://doi.org/10.1145/3025453.3025735

Digital Library

[21]

Lukas Mecke, Ken Pfeuffer, Sarah Prange, and Florian Alt. 2018. Open Sesame! User Perception of Physical, Biometric, and Behavioural Authentication Concepts to Open Doors. In Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia (Cairo, Egypt) (MUM 2018). Association for Computing Machinery, New York, NY, USA, 153–159. https://doi.org/10.1145/3282894.3282923

Digital Library

[22]

M Granger Morgan, Baruch Fischhoff, Ann Bostrom, Cynthia J Atman, 2002. Risk communication: A mental models approach. Cambridge University Press, Cambridge, United Kingdom.

[23]

L. O’Gorman. 2003. Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91, 12 (Dec 2003), 2021–2040. https://doi.org/10.1109/JPROC.2003.819611

[24]

Talha Ongun, Alina Oprea, Cristina Nita-Rotaru, Mihai Christodorescu, and Negin Salajegheh. 2018. The House That Knows You: User Authentication Based on IoT Data. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS ’18). Association for Computing Machinery, New York, NY, USA, 2255–2257. https://doi.org/10.1145/3243734.3278523

Digital Library

[25]

Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access control in the Internet of Things: Big challenges and new opportunities. Computer Networks 112(2017), 237 – 262. https://doi.org/10.1016/j.comnet.2016.11.007

Digital Library

[26]

Sarah Prange, Ahmed Shams, Robin Piening, Yomna Abdelrahman, and Florian Alt. 2021. PriView– Exploring Visualisations to Support Users’ Privacy Awareness. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 69, 18 pages. https://doi.org/10.1145/3411764.3445067

Digital Library

[27]

Sarah Prange, Emanuel von Zezschwitz, and Florian Alt. 2019. Vision: Exploring Challenges and Opportunities for Usable Authentication in the Smart Home. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)(Stockholm, Sweden). IEEE, New York, NY, USA, 154–158. https://doi.org/10.1109/EuroSPW.2019.00024

[28]

Aare Puussaar, Adrian K. Clear, and Peter Wright. 2017. Enhancing Personal Informatics Through Social Sensemaking. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). ACM, New York, NY, USA, 6936–6942. https://doi.org/10.1145/3025453.3025804

Digital Library

[29]

B. Qolomany, A. Al-Fuqaha, A. Gupta, D. Benhaddou, S. Alwajidi, J. Qadir, and A. C. Fong. 2019. Leveraging Machine Learning and Big Data for Smart Buildings: A Comprehensive Survey. IEEE Access 7(2019), 90316–90356. https://doi.org/10.1109/ACCESS.2019.2926642

[30]

S. W. Shah and S. S. Kanhere. 2019. Recent Trends in User Authentication – A Survey. IEEE Access 7(2019), 112505–112519. https://doi.org/10.1109/ACCESS.2019.2932400

[31]

Cong Shi, Jian Liu, Hongbo Liu, and Yingying Chen. 2017. Smart User Authentication through Actuation of Daily Activities Leveraging WiFi-Enabled IoT. In Proceedings of the 18th ACM International Symposium on Mobile Ad Hoc Networking and Computing (Chennai, India) (Mobihoc ’17). Association for Computing Machinery, New York, NY, USA, Article 5, 10 pages. https://doi.org/10.1145/3084041.3084061

Digital Library

[32]

Irina Shklovski, Scott D. Mainwaring, Halla Hrund Skúladóttir, and Höskuldur Borgthorsson. 2014. Leakiness and Creepiness in App Space: Perceptions of Privacy and Mobile App Use. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Toronto, Ontario, Canada) (CHI ’14). Association for Computing Machinery, New York, NY, USA, 2347–2356. https://doi.org/10.1145/2556288.2557421

Digital Library

[33]

S. Sicari, A. Rizzardi, L.A. Grieco, and A. Coen-Porisini. 2015. Security, privacy and trust in Internet of Things: The road ahead. Computer Networks 76(2015), 146 – 164. https://doi.org/10.1016/j.comnet.2014.11.008

Digital Library

[34]

Yunpeng Song, Yun Huang, Zhongmin Cai, and Jason I. Hong. 2020. I’m All Eyes and Ears: Exploring Effective Locators for Privacy Awareness in IoT Scenarios. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–13. https://doi.org/10.1145/3313831.3376585

Digital Library

[35]

Statista. 2020. Smart Home Report 2020. https://de.statista.com/statistik/studie/id/41155/dokument/smart-home-report/ last accessed April 15, 2021.

[36]

Elizabeth Stobert and Robert Biddle. 2013. Authentication in the Home. In Workshop on Home Usable Privacy and Security (HUPS), Vol. 29. HUPS 2013, Newcastle, UK, 209–218. https://cups.cs.cmu.edu/soups/2013/HUPS/HUPS13-ElizabethStobert.pdf

[37]

JaYoung Sung, Rebecca E. Grinter, and Henrik I. Christensen. 2009. “Pimp My Roomba”: Designing for Personalization. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Boston, MA, USA) (CHI ’09). Association for Computing Machinery, New York, NY, USA, 193–196. https://doi.org/10.1145/1518701.1518732

Digital Library

[38]

Christian Tiefenau, Maximilian Häring, Eva Gerlitz, and Emanuel von Zezschwitz. 2019. Making Privacy Graspable: Can we Nudge Users to use Privacy Enhancing Techniques?arxiv:1911.07701 [cs.HC]

[39]

Blase Ur, Jaeyeon Jung, and Stuart Schechter. 2013. The current state of access control for smart devices in homes. In Workshop on Home Usable Privacy and Security (HUPS), Vol. 29. HUPS 2013, Newcastle, UK, 209–218.

[40]

Blase Ur, Jaeyeon Jung, and Stuart Schechter. 2014. Intruders versus Intrusiveness: Teens’ and Parents’ Perspectives on Home-Entryway Surveillance. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (Seattle, Washington) (UbiComp ’14). Association for Computing Machinery, New York, NY, USA, 129–139. https://doi.org/10.1145/2632048.2632107

Digital Library

[41]

Ashley V. Whillans, Elizabeth W. Dunn, Paul Smeets, Rene Bekkers, and Michael I. Norton. 2017. Buying time promotes happiness. Proceedings of the National Academy of Sciences 114, 32(2017), 8523–8527. https://doi.org/10.1073/pnas.1706541114 arXiv:https://www.pnas.org/content/114/32/8523.full.pdf

[42]

Roman V. Yampolskiy and Venu Govindaraju. 2008. Behavioural Biometrics: A Survey and Classification. Int. J. Biometrics 1, 1 (June 2008), 81–113. https://doi.org/10.1504/IJBM.2008.018665

Digital Library

[43]

Yaxing Yao, Justin Reed Basdeo, Smirity Kaushik, and Yang Wang. 2019. Defending My Castle: A Co-Design Study of Privacy Mechanisms for Smart Homes. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk) (CHI ’19). Association for Computing Machinery, New York, NY, USA, Article 198, 12 pages. https://doi.org/10.1145/3290605.3300428

Digital Library

[44]

Yaxing Yao, Justin Reed Basdeo, Oriana Rosata Mcdonough, and Yang Wang. 2019. Privacy Perceptions and Designs of Bystanders in Smart Homes. Proc. ACM Hum.-Comput. Interact. 3, CSCW, Article 59 (Nov. 2019), 24 pages. https://doi.org/10.1145/3359161

Digital Library

[45]

Eric Zeng, Shrirang Mare, and Franziska Roesner. 2017. End User Security & Privacy Concerns with Smart Homes. In Proceedings of the 2017 SOUPS Symposium on Usable Privacy and Security. USENIX Association, Berkeley, CA, USA, 65–80.

[46]

Eric Zeng and Franziska Roesner. 2019. Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 159–176. https://www.usenix.org/conference/usenixsecurity19/presentation/zeng

[47]

Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster. 2018. User Perceptions of Smart Home IoT Privacy. Proceedings of the ACM on Human-Computer Interaction 2, CSCW(2018), 200. https://doi.org/10.1145/3274469

Digital Library

[48]

W. Zhou, Y. Jia, A. Peng, Y. Zhang, and P. Liu. 2019. The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved. IEEE Internet of Things Journal 6, 2 (2019), 1606–1616. https://doi.org/10.1109/JIOT.2018.2847733

[49]

Verena Zimmermann, Paul Gerber, Karola Marky, Leon Böck, and Florian Kirchbuchner. 2019. Assessing Users’ Privacy and Security Concerns of Smart Home Technologies. i-com 18, 3 (2019), 197–216.

Cited By

Chiang YKhan OBates ACobb C(2024)More than just informed: The importance of consent facets in smart homesProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642288(1-21)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642288
Gamundani APhillips AMuyingi H(2023)A Scalable and Lightweight Authentication Architecture for the Internet of Things (IoT) in Smart Home Applications2023 2nd Zimbabwe Conference of Information and Communication Technologies (ZCICT)10.1109/ZCICT59466.2023.10528576(1-5)Online publication date: 2-Nov-2023
https://doi.org/10.1109/ZCICT59466.2023.10528576
Prange SDelgado Rodriguez SDoeding TAlt F(2022)“Where did you first meet the owner?” – Exploring Usable Authentication for Smart Home VisitorsExtended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491101.3519777(1-7)Online publication date: 27-Apr-2022
https://dl.acm.org/doi/10.1145/3491101.3519777

Recommendations

“Where did you first meet the owner?” – Exploring Usable Authentication for Smart Home Visitors
CHI EA '22: Extended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems

Visitors in smart homes might want to use certain device features, as far as permitted by the device owner (e.g., streaming music on a smart speaker). At the same time, protecting access to features from attackers is crucial, motivating a need for ...
Mutual authentication scheme for smart devices in IoT-enabled smart home systems
Abstract
The emergence of Internet of Things (IoT) technology has yielded a firm technical basis for the construction of a smart home. A smart home system offers occupants the convenience of remote control and automation of household systems. ...
Highlights
- A method of device communication to support signature updates for a smart home is presented.
I Wish You Were Smart(er): Investigating Users' Desires and Needs Towards Home Appliances
CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems

In this work, we present findings from an online survey (N=77) in which we assessed situations of users wishing for features or devices in their home to be smart(er). Our work is motivated by the fact that on one hand, several successful smart devices ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MuC '21: Proceedings of Mensch und Computer 2021

September 2021

613 pages

ISBN:9781450386456

DOI:10.1145/3473856

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 September 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Deutsche Forschungsgemeinschaft
dtec.bw ? Digitalization and Technology Research Center of the Bundeswehr

Conference

MuC '21

MuC '21: Mensch und Computer 2021

September 5 - 8, 2021

Ingolstadt, Germany

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
312
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)2

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chiang YKhan OBates ACobb C(2024)More than just informed: The importance of consent facets in smart homesProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642288(1-21)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642288
Gamundani APhillips AMuyingi H(2023)A Scalable and Lightweight Authentication Architecture for the Internet of Things (IoT) in Smart Home Applications2023 2nd Zimbabwe Conference of Information and Communication Technologies (ZCICT)10.1109/ZCICT59466.2023.10528576(1-5)Online publication date: 2-Nov-2023
https://doi.org/10.1109/ZCICT59466.2023.10528576
Prange SDelgado Rodriguez SDoeding TAlt F(2022)“Where did you first meet the owner?” – Exploring Usable Authentication for Smart Home VisitorsExtended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491101.3519777(1-7)Online publication date: 27-Apr-2022
https://dl.acm.org/doi/10.1145/3491101.3519777

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten