Norbert Nthala scite author profile

et al. 2020

Smart home devices are growing in popularity due to their functionality, convenience, and comfort. However, they are raising security and privacy concerns for users who may have very little technical ability. User experience (UX) focuses on improving user interactions, but little work has investigated how companies factor user experience into the security and privacy design of smart home devices as a means of addressing these concerns. To explore this in more detail, we designed and conducted six in-depth interviews with employees of a large smart home company in the United Kingdom (UK). We analyzed the data using Grounded Theory, and found little evidence that UX is a consideration for the security design of these devices. Based on the results of our study, we proposed user-centered design guidelines and recommendations to improve data protection in smart homes.

“It did not give me an option to decline”: A Longitudinal Analysis of the User Experience of Security and Privacy in Smart Home Products

Chalhoub

Kraemer

et al. 2021

Smart home products aren't living up to their promise. They claim to transform the way we live, providing convenience, energy efficiency, and safety. However, the reality is significantly less profound and often frustrating. This is particularly apparent in security and privacy experiences: powerlessness, confusion, and annoyance have all been reported.In order to reduce frustration and help fulfill the promise of smart homes, we need to explore the experience of security and privacy in situ. We analyze an ethnographic study observing six UK households over six months to present a longitudinal view of security and privacy user experiences in smart products. We find inconsistencies in managing security and privacy, e.g., contrasting

“If It’s Urgent or It Is Stopping Me from Doing Something, Then I Might Just Go Straight at It”: A Study into Home Data Security Decisions

Fléchais

2017

Data security incidents have led to a wave of security awareness campaigns by public institutions targeted towards the so-called home user. Despite this rise, studies have shown poor adoption rates of security measures by the target. In this paper, we conduct a qualitative investigation of 15 home users, analyse the data using Grounded Theory and present a model of factors of data security decisions made in the home. We further consolidate the literature on this topic and analyse our findings against it using meta-synthesis. From this we identify the critical issues that surround data security in the home environment. We finally present a consolidated theoretical model for investigating factors that influence security practices in the home, and suggest future work based on our findings.

Rethinking Home Network Security

Nthala¹,

Fléchais²

2018

The continued rise in the number of managed and unmanaged devices connected to home networks has expanded the threat surface in the home. We have seen increases in the number and impact of attacks targeting network and IoT devices in the home, yet effective mitigations targeting the home are still too few. Approaches have been proposed to holistically secure the home network, but such proposals also face a number of challenges in their practical uptake. More empirical research needs to be done to understand the context of use and needs of the stakeholders involved in securing home networks in order to rigorously evaluate and inform these solutions. As a step in this direction, we conduct a Grounded Theory exploration of context aimed at 1) understanding current security practice in the home to identify the areas that need improvement or support, and 2) identifying security-related practices in the home that could be leveraged to improve network security. We found evidence that current security practices in the home are focussed on securing endpoints; home users assess risk by evaluating the impact of a successful attack, and also the value of gain for the attacker; identification of security problems in the home is done through visibility of harm, security alerts and warnings, and intuition; incident management in the home is mostly done through social networks and often undertaken by trusted individuals as an informal duty of care. We discuss these findings and provide recommendations for improving network security in the home.

Towards a Conceptual Model for Provoking Privacy Speculation

Rader

2020