Privacy preserving technology for smart homes: Literature Review
Manjunath, Msc in Big Data Management and Analytics, Griffith College Dublin
Automation is about
making life simpler, not more complicated, by giving you control of the
features around your home or business with the touch of a button.
It provides improved convenience, comfort and energy efficiency, combining
items such as heating, lighting, music and alarms into one easy to use interface. Even though home automation has existed for several
decades, with the emergence of internet, smart home technology has advanced
drastically. However, there are certain security concerns that must be
addressed along with the advancement of technology. Since this technology deals
with sensitive personal data of people or companies, there is a very high
vulnerability of this data getting breached. Therefore, there is a need for a security
solution that is simple to use with a one time installment and regular updates
to provide security to newly emerging risks.
In the last few years, there has been a huge growth in
the number of internet oriented consumer devices that are meant to automate the
home environment. Home automation has existed for several decades, but smart
homes today are more advanced because of their connection to the internet (Zeng, Mare,
& Roesner, 2017). Generally, there are two categories of
smart homes that have emerged; hubs and cloud based integrations. The general
idea of hubs is a central hardware device that other smart home devices then
communicate with. The end user is then able to control the automation of the
home through the hub’s app. Hubs can also support third party applications that
are then pre-packaged and written by other developers (Zeng, Mare,
& Roesner, 2017). The cloud based system in the other
hand relies on the fact that many automated devices can be controlled using
commands from a user’s phone through the cloud (Zeng, Mare,
& Roesner, 2017).
Perhaps the biggest concerns when using smart home
technologies is the security and privacy. Several researchers have raised
concerns about the security and privacy risks that are associated with internet
connected devices in an automated home (Granjal, Monteiro, & Sa
Some of the concerns that have been discovered include the risk due to pairing
and discovery protocols which then leak information about devices in the home
and the residents. Further, technological issues when not implemented properly
might actually amplify relatively simple social issues (Zeng, Mare,
& Roesner, 2017). There are many avenues of attacks and
risks, which gain more significance considering recent reports of malware and
ransomware attacks on the rise (Zeng, Mare, & Roesner, 2017).
The collection of sensor data is one of the most
important aspects of a smart home. Still, collected data is often personal and
sensitive in nature (Chakravoty, Wlodarczyk, &
Privacy prevention makes sure sensitive information is protected throughout the
analytics process. Several researchers have raised privacy concerns in their
literature on the smart home. Demiris et al., (2008) for instance look into the
issues surrounding smart home technologies for elderly people; their
perceptions of the technology and the perceived need. According to them, not
much is done in the way of protecting privacies when these technologies are
developed (Demiris et. al., 2008).
Chakravoty, Wlodarczyk, & Rong
(2013) outline four key issues when it comes to data security and privacy. Data
ownership is not always clear in many smart home technologies. The second issue
is data transfer. Transmission should be through sceure networks which ensure
integrity. The third issue is storage and processing, especially of data stored
with personally identifiable information or identifiers. The third issue for
smart homes and data analytics is access. Access should be only through proper
authentication and authorization (Chakravoty, Wlodarczyk, & Rong, 2013). The fine grained
monitoring required by smart home technologies raises the bar. Those with
access to data can be able to infer answers to many questions about a household
and their personal and private activity (Quinn, 2009).
Generally speaking, privacy is never
given the seriousness it deserves, especially when it involves internet
connection (Golbeck & Mauriello, 2016). Most people
under-estimate the amount of data they make available to third parties, while
overlooking privacy terms and conditions. In fact, privacy concerns are some of
the biggest barriers to growth of technologies like the internet of things and
smart homes (Golbeck & Mauriello, 2016).
Several solutions have been developed,
each with advantages and disadvantages. Russom (2013) when describing the safer
homes project outlines a solution that captures data into a cluster centrally,
and to protect against disclosure and misuse by adversaries. The challenge here
is the balance between maintenance of privacy and maintenance of utility (Russom, 2013). Lee et. al., (2017)
propose the connection of a single home controller with data hiding
capabilities through community networks, integrating data through community
networking and a hierarchial cloud architecture. However, this solution is
targeted at a group home setting, targetting mainly the access control
mechanism (Lee, Hsiao, Lin, & Chou, 2017).
Geneiatakis et. al., (2017) looked into
the utility of the Internet of things (IoT) for the design and support of a
smart home.Typically, IoT smart devices work by interacting with various
components of the system like proxies, mobile devices and data collectors for
the benefit of management, data sharing and other activties in the context of
the provided service (Geneiatakis, et al., 2017). The interaction
with these devices is meant to improve the efficiency of the system and provide
advanced services for the users. However, the limitations of these components
that these devices connect to make them uniquely vulnerable to attacks and
privacy threats. This has been validated by several researchers and studies.
However, literature and research is also generally lacking when it comes to the
mitigation of threats that come from connections to such devices and components (Geneiatakis, et al., 2017).
Smart homes are supposed to provide convenience
for the user, especially when they are used for elderly homeowners or in group
homes. Regardless of the setting, however, and especially given the tremendous
amount of private information and data that these systems collect, this
convenience must go hand in hand with privacy concerns. The aim of this
proposal is to conceptuaize a privacy preserving technological product that
ensures there is no compromise or tradeoff between privacy and convenience.
The advancement of technology is very fast but,
unfortunately the changes in security systems can be slow. Security is a trade-off,
a balancing act between an attacker and a defender. Unfortunately, that balance
is never static. The recent ransom ware attacks like “WannaCry” and “Nyetya or
Goldeneye” have affected the huge masses of people and organizations. Cloudbleed – In February, the internet infrastructure
company Cloudflare announced that a bug in its platform caused random leakage
of potentially sensitive customer data which included Uber account passwords
and even some of Cloudflare’s own internal cryptography keys through simple
google and Bing search engines. As a student of
Big Data Analytics and Management, I have an urge and concern to address these
security issues to make these new cutting-edge technologies safely and easily
accessible to organizations and common people.
The privacy preserving technology
suggested here will be built into the smart home system. The technology will
utilize aspects of behavioral analysis and machine learning, and incorporate
this with an ever improving threat detection system. The technology will work
first by detecting and stopping threats, and secondly by stopping threats that
are uniquely targeted at an individual, based on their behavioral patterns. The
advantage of this system is that it is not one that the user has to constantly
upgrade and update, or even think about once it has been incorporated into the
system. Further, it understands the behavior of the individuals and will be
able to dispel any threats or close any links that an attacker might take
advantage of when they study the user and their weaknesses. Finally, it is
constantly updated by the service provider, meaning it is immune to all the
common attack mechanisms that hackers can use to penetrate the system. This
three fold approach will enable the user enjoy the benefits of the smart home
system, without necessarily worrying about the security.
Several solutions have been developed each with
advantages and disadvantages:
Russom Y K from the University of Stavanger has
outlined a solution in his paper “Privacy preserving for Big Data Analysis”
which was published in 2013, when describing the safer homes project. According to his solution, the data is
captured into a cluster centrally to protect against disclosure and misuse by
adversaries. However, the challenge here is the balance between the maintenance
of privacy and utility.
In 2017, Lee Y T, in his paper “Privacy
preserving data analytics in cloud based smart home with community hierarchy”
proposed the connection of the single home controller with data hiding
capabilities through community networks, integrating data through community
networking and hierarchical cloud architecture. However, this solution is
targeted at a group home setting targeting mainly the access control mechanism.
Geneiatakis D, in his paper ” Security and
privacy issues for an IoT based smart home” published in 2017, looked into
the utility of Internet of Things(IoT) for design and support of Smart Home
system by interacting with various components of the system like proxies,
mobile devices and data collectors for the benefit of management, data sharing
and other activities in the context of the provided service. However, even
though these devices are meant to improve the efficiency of the system, the
limitations are that these systems are uniquely vulnerable to attacks and
The brainstorming session involved 5
other individuals. The brainstorming session started with an introduction of
the idea, the potential design and explanation of the benefits that it brought
to the table, over and above the existing systems in the market.
From the brainstorming session, it was
clear that the automated home systems and connected to the internet were
getting increasingly common and more innovative. Companies were manufacturing
devices and designing systems for the automated home, both hubs and cloud based
systems. One of the most common uses of the smart home systems was for the
elderly and the disabled, those wgo typically for health or physiological
reasons, could not move around as freely. Further, with the increasing
popularity of the internet of things, the number of interconnected devices that
might fit into the smart home architecture is increasing. On the other hand, a
recurrent theme was that almost every new technology or design comes with new
threats, which sometimes develop much faster than the security patches meant to
deal with them. Considering some of the heaviest users might not necesssarily
be tech savvy enough to know the common threat sources and risks, it is
important to come up with a one-size-fits-all solution, or something as close
to it as possible.
The product will be targeted as a third
party device, tyically for the cloud based automated home systems but one that
can also be used for the hub type smart homes. It is essentially a device that
will be plugged into the system and given remote admin access, working just
like any other automated device on the system, but also able to control which
devices are operating and connecting to the cloud or hub at any given time.
However, the product does not necessarily handle or look into the user’s
personal information. It will not make use of deep packet inspection. Instead,
they determine which of the devices in the system should be communicating at
any given time, and looks for indications of connections that are not normal or
that should not be present in the system. Instead, it will use a combination of
intrusion prevention system methods, user behavior analytics and security
information and event management which zone in on specific devices connected to
the system and uses machine learning to gauge common behavioral trends. These
connections and devices are then shut down, depending on the permissions the
end user allows. The shutting down can be after the end user consents or
without needing their permission first in an automated system, unless/until
they then activate the said system themselves.
and Initial Research
into existing tech
of security technologies
gathering and analysis
write-up and presentation
Smart home technologies are getting more
popular in the market, with the increasing popularity of the internet of
things. Today, many devices are connected not only to the internet but also to
each other, making the system autonomous. However, with such advancements come
great security and privacy concerns. The stakes are especially high in the smart
home sector considering the fact that smart home systems typically gather a lot
of information about the end user. This proect proposes a system that not only
preserves security but promotes the preservation of the privacy of the user.
The problem with many automated systems
that are connected to the internet is the nature of cyber crime. The number of
ransomware and malware attacks is increasing and getting more comlex by the
day. The focus of this product is to have a privacy solution that does not
always have to react to new threats and techniques. It is a proactive rather
than reactive product in terms of security.
The smart home technology market is
growing at a very fast rate, and so is the need for security and privacy with
these systems. Smart homes are especially useful to the elderly at home or in
group homes, or disabled persons who in some or all instances have their
mobility limited. For the elderly especially, in a group or single home, most
of the time the end user is not tech savvy enough to keep up with the multiple
ways through which their security can be analyzed. While other products offer
string security and privacy features, the differentiation here is that this
product does not necessarily read the user data that is collected by the
system. It therefore offers a second, anonymous layer of security that works
despite and together with the penetration security systems. The key competitors
in the market are the more established automated smart home tech manufacturers
like Sony, Samsung and LG.
POSSIBLE FUTURE DIRECTIONS
Security and privacy will still remain
important considerations in any automated technology. Smart home systems are vulnerable
in many ways, including through social engineering and taking advantage of the
traditional user as the weak link. This project proposes a solution to this
through the presentation of a stand alone product. In future, the most probable
direction is to have it incorporated into either cloud based or hub systems as
part of the operating system and not necessarily a stand alone product.
A., Wlodarczyk, T., & Rong, C. (2013). Privacy Preserving Data Analytics
for Smart Homes. IEEE Security and Privacy Workshops, 23- 27.
Demiris, G., Hensel, B. K., Skubic, M., & Rantz, M.
(2008). Senior residents’ perceived need of and preferences for “smart
home” sensor technologies. International Journal of technology
Assessment in Health Care, 120- 124.
Geneiatakis, D., Kounelis, I., Neisse, R., Nai-Fovino, I.,
Steri, G., & Baldini, G. (2017). Security and privacy issues for an IoT
based smart home. Information and Communication Technology, Electronics
and Microelectronics (MIPRO). Opatija: IEEE.
Golbeck, J., & Mauriello, M. L. (2016). User Perception
of Facebook App Data Access: A Comparison of Methods and Privacy Concerns. Future
Internet, 1- 14.
Granjal, J., Monteiro, E., & Sa Silva, J. (2015).
Security for the Internet of Things: A survey of existing protocols and open
research issues. IEEE Communications Surveys and Tutorials, 1294–1312.
Lee, Y.-T., Hsiao, W.-H., Lin, Y.-S., & Chou, S.-C.
(2017). Privacy-preserving data analytics in cloud-based smart home with
community hierarchy. IEEE Transactions on Consumer Electronics ,
Quinn, E. (2009). Smart Metering and Privacy: Existing
Law and Competing Policies. Colorado: Colorado Public Utilities
Russom, Y. K. (2013). Privacy preserving for Big Data
Analysis. Stavanger: University of Stavanger.
Zeng, E., Mare, S., & Roesner, F. (2017). End User
Security & Privacy Concerns with Smart Homes. Washington, DC: Paul G.
Allen School of Computer Science & Engineering, University of Washington.