Privacy preserving technology for smart homes: Literature Review VarshaManjunath, Msc in Big Data Management and Analytics, Griffith College [email protected] is aboutmaking life simpler, not more complicated, by giving you control of thefeatures around your home or business with the touch of a button.It provides improved convenience, comfort and energy efficiency, combiningitems such as heating, lighting, music and alarms into one easy to use interface. Even though home automation has existed for severaldecades, with the emergence of internet, smart home technology has advanceddrastically. However, there are certain security concerns that must beaddressed along with the advancement of technology.
Since this technology dealswith sensitive personal data of people or companies, there is a very highvulnerability of this data getting breached. Therefore, there is a need for a securitysolution that is simple to use with a one time installment and regular updatesto provide security to newly emerging risks.INTRODUCTIONIn the last few years, there has been a huge growth inthe number of internet oriented consumer devices that are meant to automate thehome environment. Home automation has existed for several decades, but smarthomes today are more advanced because of their connection to the internet (Zeng, Mare, & Roesner, 2017). Generally, there are two categories ofsmart homes that have emerged; hubs and cloud based integrations. The generalidea of hubs is a central hardware device that other smart home devices thencommunicate with. The end user is then able to control the automation of thehome through the hub’s app.
Hubs can also support third party applications thatare then pre-packaged and written by other developers (Zeng, Mare, & Roesner, 2017). The cloud based system in the otherhand relies on the fact that many automated devices can be controlled usingcommands from a user’s phone through the cloud (Zeng, Mare, & Roesner, 2017).Perhaps the biggest concerns when using smart hometechnologies is the security and privacy. Several researchers have raisedconcerns about the security and privacy risks that are associated with internetconnected devices in an automated home (Granjal, Monteiro, & Sa Silva, 2015).Some of the concerns that have been discovered include the risk due to pairingand discovery protocols which then leak information about devices in the homeand the residents. Further, technological issues when not implemented properlymight actually amplify relatively simple social issues (Zeng, Mare, & Roesner, 2017). There are many avenues of attacks andrisks, which gain more significance considering recent reports of malware andransomware attacks on the rise (Zeng, Mare, & Roesner, 2017).
The collection of sensor data is one of the mostimportant aspects of a smart home. Still, collected data is often personal andsensitive in nature (Chakravoty, Wlodarczyk, & Rong, 2013).Privacy prevention makes sure sensitive information is protected throughout theanalytics process. Several researchers have raised privacy concerns in theirliterature on the smart home. Demiris et al.
, (2008) for instance look into theissues surrounding smart home technologies for elderly people; theirperceptions of the technology and the perceived need. According to them, notmuch is done in the way of protecting privacies when these technologies aredeveloped (Demiris et. al., 2008).Chakravoty, Wlodarczyk, & Rong(2013) outline four key issues when it comes to data security and privacy. Dataownership is not always clear in many smart home technologies. The second issueis data transfer. Transmission should be through sceure networks which ensureintegrity.
The third issue is storage and processing, especially of data storedwith personally identifiable information or identifiers. The third issue forsmart homes and data analytics is access. Access should be only through properauthentication and authorization (Chakravoty, Wlodarczyk, & Rong, 2013). The fine grainedmonitoring required by smart home technologies raises the bar. Those withaccess to data can be able to infer answers to many questions about a householdand their personal and private activity (Quinn, 2009).Generally speaking, privacy is nevergiven the seriousness it deserves, especially when it involves internetconnection (Golbeck & Mauriello, 2016).
Most peopleunder-estimate the amount of data they make available to third parties, whileoverlooking privacy terms and conditions. In fact, privacy concerns are some ofthe biggest barriers to growth of technologies like the internet of things andsmart homes (Golbeck & Mauriello, 2016).Several solutions have been developed,each with advantages and disadvantages. Russom (2013) when describing the saferhomes project outlines a solution that captures data into a cluster centrally,and to protect against disclosure and misuse by adversaries. The challenge hereis the balance between maintenance of privacy and maintenance of utility (Russom, 2013).
Lee et. al., (2017)propose the connection of a single home controller with data hidingcapabilities through community networks, integrating data through communitynetworking and a hierarchial cloud architecture.
However, this solution istargeted at a group home setting, targetting mainly the access controlmechanism (Lee, Hsiao, Lin, & Chou, 2017).Geneiatakis et. al., (2017) looked intothe utility of the Internet of things (IoT) for the design and support of asmart home.Typically, IoT smart devices work by interacting with variouscomponents of the system like proxies, mobile devices and data collectors forthe benefit of management, data sharing and other activties in the context ofthe provided service (Geneiatakis, et al., 2017). The interactionwith these devices is meant to improve the efficiency of the system and provideadvanced services for the users. However, the limitations of these componentsthat these devices connect to make them uniquely vulnerable to attacks andprivacy threats.
This has been validated by several researchers and studies.However, literature and research is also generally lacking when it comes to themitigation of threats that come from connections to such devices and components (Geneiatakis, et al., 2017).PROJECT PROPOSAL Smart homes are supposed to provide conveniencefor the user, especially when they are used for elderly homeowners or in grouphomes. Regardless of the setting, however, and especially given the tremendousamount of private information and data that these systems collect, thisconvenience must go hand in hand with privacy concerns. The aim of thisproposal is to conceptuaize a privacy preserving technological product thatensures there is no compromise or tradeoff between privacy and convenience.
MOTIVATION The advancement of technology is very fast but,unfortunately the changes in security systems can be slow. Security is a trade-off,a balancing act between an attacker and a defender. Unfortunately, that balanceis never static. The recent ransom ware attacks like “WannaCry” and “Nyetya orGoldeneye” have affected the huge masses of people and organizations. Cloudbleed – In February, the internet infrastructurecompany Cloudflare announced that a bug in its platform caused random leakageof potentially sensitive customer data which included Uber account passwordsand even some of Cloudflare’s own internal cryptography keys through simplegoogle and Bing search engines.
As a student ofBig Data Analytics and Management, I have an urge and concern to address thesesecurity issues to make these new cutting-edge technologies safely and easilyaccessible to organizations and common people.THE PRODUCTThe privacy preserving technologysuggested here will be built into the smart home system. The technology willutilize aspects of behavioral analysis and machine learning, and incorporatethis with an ever improving threat detection system. The technology will workfirst by detecting and stopping threats, and secondly by stopping threats thatare uniquely targeted at an individual, based on their behavioral patterns.
Theadvantage of this system is that it is not one that the user has to constantlyupgrade and update, or even think about once it has been incorporated into thesystem. Further, it understands the behavior of the individuals and will beable to dispel any threats or close any links that an attacker might takeadvantage of when they study the user and their weaknesses. Finally, it isconstantly updated by the service provider, meaning it is immune to all thecommon attack mechanisms that hackers can use to penetrate the system. Thisthree fold approach will enable the user enjoy the benefits of the smart homesystem, without necessarily worrying about the security.BACKGROUND STUDYSeveral solutions have been developed each withadvantages and disadvantages:Russom Y K from the University of Stavanger hasoutlined a solution in his paper “Privacy preserving for Big Data Analysis”which was published in 2013, when describing the safer homes project. According to his solution, the data iscaptured into a cluster centrally to protect against disclosure and misuse byadversaries. However, the challenge here is the balance between the maintenanceof privacy and utility.In 2017, Lee Y T, in his paper “Privacypreserving data analytics in cloud based smart home with community hierarchy”proposed the connection of the single home controller with data hidingcapabilities through community networks, integrating data through communitynetworking and hierarchical cloud architecture.
However, this solution istargeted at a group home setting targeting mainly the access control mechanism.Geneiatakis D, in his paper ” Security andprivacy issues for an IoT based smart home” published in 2017, looked intothe utility of Internet of Things(IoT) for design and support of Smart Homesystem by interacting with various components of the system like proxies,mobile devices and data collectors for the benefit of management, data sharingand other activities in the context of the provided service. However, eventhough these devices are meant to improve the efficiency of the system, thelimitations are that these systems are uniquely vulnerable to attacks andprivacy threats.BRAINSTORMING SESSIONThe brainstorming session involved 5other individuals. The brainstorming session started with an introduction ofthe idea, the potential design and explanation of the benefits that it broughtto the table, over and above the existing systems in the market.From the brainstorming session, it wasclear that the automated home systems and connected to the internet weregetting increasingly common and more innovative.
Companies were manufacturingdevices and designing systems for the automated home, both hubs and cloud basedsystems. One of the most common uses of the smart home systems was for theelderly and the disabled, those wgo typically for health or physiologicalreasons, could not move around as freely. Further, with the increasingpopularity of the internet of things, the number of interconnected devices thatmight fit into the smart home architecture is increasing. On the other hand, arecurrent theme was that almost every new technology or design comes with newthreats, which sometimes develop much faster than the security patches meant todeal with them. Considering some of the heaviest users might not necesssarilybe tech savvy enough to know the common threat sources and risks, it isimportant to come up with a one-size-fits-all solution, or something as closeto it as possible.DEVELOPMENTThe product will be targeted as a thirdparty device, tyically for the cloud based automated home systems but one thatcan also be used for the hub type smart homes. It is essentially a device thatwill be plugged into the system and given remote admin access, working justlike any other automated device on the system, but also able to control whichdevices are operating and connecting to the cloud or hub at any given time.However, the product does not necessarily handle or look into the user’spersonal information.
It will not make use of deep packet inspection. Instead,they determine which of the devices in the system should be communicating atany given time, and looks for indications of connections that are not normal orthat should not be present in the system. Instead, it will use a combination ofintrusion prevention system methods, user behavior analytics and securityinformation and event management which zone in on specific devices connected tothe system and uses machine learning to gauge common behavioral trends.
Theseconnections and devices are then shut down, depending on the permissions theend user allows. The shutting down can be after the end user consents orwithout needing their permission first in an automated system, unless/untilthey then activate the said system themselves.LITERATURE REVIEWDEVELOPMENT Activities Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Brainstorming and Initial Research Research into existing tech Conceptualization Proposal presentation Integration of security technologies Data gathering and analysis Final write-up and presentation BUSINESS PLANA. Executive summarySmart home technologies are getting morepopular in the market, with the increasing popularity of the internet ofthings. Today, many devices are connected not only to the internet but also toeach other, making the system autonomous. However, with such advancements comegreat security and privacy concerns.
The stakes are especially high in the smarthome sector considering the fact that smart home systems typically gather a lotof information about the end user. This proect proposes a system that not onlypreserves security but promotes the preservation of the privacy of the user.B. OpportunityThe problem with many automated systemsthat are connected to the internet is the nature of cyber crime. The number ofransomware and malware attacks is increasing and getting more comlex by theday.
The focus of this product is to have a privacy solution that does notalways have to react to new threats and techniques. It is a proactive ratherthan reactive product in terms of security.C. Market analysisThe smart home technology market isgrowing at a very fast rate, and so is the need for security and privacy withthese systems.
Smart homes are especially useful to the elderly at home or ingroup homes, or disabled persons who in some or all instances have theirmobility limited. For the elderly especially, in a group or single home, mostof the time the end user is not tech savvy enough to keep up with the multipleways through which their security can be analyzed. While other products offerstring security and privacy features, the differentiation here is that thisproduct does not necessarily read the user data that is collected by thesystem. It therefore offers a second, anonymous layer of security that worksdespite and together with the penetration security systems. The key competitorsin the market are the more established automated smart home tech manufacturerslike Sony, Samsung and LG.
CONCLUSION ANDPOSSIBLE FUTURE DIRECTIONSSecurity and privacy will still remainimportant considerations in any automated technology. Smart home systems are vulnerablein many ways, including through social engineering and taking advantage of thetraditional user as the weak link. This project proposes a solution to thisthrough the presentation of a stand alone product. In future, the most probabledirection is to have it incorporated into either cloud based or hub systems aspart of the operating system and not necessarily a stand alone product. REFERENCES Chakravoty, A.
, Wlodarczyk, T., & Rong, C. (2013). Privacy Preserving Data Analytics for Smart Homes. IEEE Security and Privacy Workshops, 23- 27.
Demiris, G., Hensel, B. K., Skubic, M., & Rantz, M. (2008).
Senior residents’ perceived need of and preferences for “smart home” sensor technologies. International Journal of technology Assessment in Health Care, 120- 124. Geneiatakis, D., Kounelis, I., Neisse, R., Nai-Fovino, I., Steri, G.
, & Baldini, G. (2017). Security and privacy issues for an IoT based smart home. Information and Communication Technology, Electronics and Microelectronics (MIPRO). Opatija: IEEE.
Golbeck, J., & Mauriello, M. L. (2016).
User Perception of Facebook App Data Access: A Comparison of Methods and Privacy Concerns. Future Internet, 1- 14. Granjal, J., Monteiro, E., & Sa Silva, J. (2015). Security for the Internet of Things: A survey of existing protocols and open research issues.
IEEE Communications Surveys and Tutorials, 1294–1312. Lee, Y.-T., Hsiao, W.-H., Lin, Y.-S., & Chou, S.
-C. (2017). Privacy-preserving data analytics in cloud-based smart home with community hierarchy.
IEEE Transactions on Consumer Electronics , 200-207. Quinn, E. (2009). Smart Metering and Privacy: Existing Law and Competing Policies. Colorado: Colorado Public Utilities Commision.
Russom, Y. K. (2013). Privacy preserving for Big Data Analysis.
Stavanger: University of Stavanger. Zeng, E., Mare, S., & Roesner, F. (2017).
End User Security & Privacy Concerns with Smart Homes. Washington, DC: Paul G. Allen School of Computer Science & Engineering, University of Washington.