An Englishman’s home is his castle. To what extent an Englishman’s smart home is his smart castle, we do not yet know…
Where tentative IoT devices are already available, promises and expectations paint a future where technology “merges physical and virtual worlds, creating smart environments to improve lives and enhance wellbeing” (European Commission H2020 Digital Agenda). As the distance between our physical and virtual worlds shrinks, concerns for security, privacy and trust in these technologies grow in similar measures. Successfully addressing these concerns not only demands specific technological dispositions but also targeted interventions at the level of the individual, the user, at the heart of this system.
A phishing email or a piece of malware may cause the inconvenience of having to change one’s passwords or restore lost data. Recent events depict a much bleaker and intimate picture, however; one such example has been the hijacking of baby monitors that allowed cyber attackers to watch and verbally abuse toddlers in what is meant to be their safest place. Most wireless technologies used to control smart locks, sensors, smart meters, smart appliances and other smart home components have been shown to be vulnerable to abuse via cyber means. Some more than others, especially where the home WiFi router and the occupants’ insecure smart phones are part of the equation. Yet, as cyber incidents are still relatively uncommon in this context, manufacturers of smart home devices do not typically deploy security measures beyond the bare minimum (usually lightweight encryption). Nor do they evaluate the impact that a cyber breach could have on the occupants, or even empower users to take charge of their own security.
Foreseeing the growing prevalence of IoT technology, the European Commission takes these issues seriously, and allocated funding to inform tomorrow’s standards and legislations. One such funded project is the Cocoon project “Emotion psychology meets cyber-physical security in IoT smart homes”, led by the University of Reading, which is a 1.2M euro project gathering researchers from the University of Greenwich, Ghent Univ. (Belgium), ETH Zürich (Switzerland) and Eindhoven Technical Univ. (Netherlands). Starting in January 2017, in this project, we interweave innovations in two distinctly different disciplines to understand and improve security of home IoT technology: emotion psychology and cyber security. We aim to produce an understanding of the psychology of IoT users, assess risks in current and future IoT systems, and formulate provisions for the design and integration of user-centric IoT in tomorrow’s homes. We put the user at the center of the IoT landscape of technology: By combining expertise in emotion psychology, value-sensitive design, cyber security, network communication and real-time big data analytics we will create a framework that adapts to user profiles, empowering them to make the right decisions for a safe IoT environment.
Broadly, IoT technology empowers both housing providers and tenants, and there is no doubt it will very soon play a central role in the housing sector. Housing providers will be able to monitor the status of their properties in realtime, forecast demand and repair needs, as well as forecast their financial commitment and that of their tenants. Ultimately, IoT technology increases flexibility and supports an agile practice of social housing. Core to the sustainability of this multifaceted and dynamical system are the tenants, who provide the drive and support the entire system. They are guardians of the entire system’s integrity, for their own knowledge and troubleshooting skills will determine their resilience in case of cyber attacks. They will be the first in line to suffer the consequences of attacks, and the first able to respond appropriately. To secure the integrity of such a complex network of technology, it is thus paramount to understand how users behave and how best to empower them to take ownership of their smart homes. New tools need to be developed, new procedures put in place, and users need to be more in tune with the technology.
The objectives of the Cocoon project are twofold:
- To examine the emotional investment of IoT users who are in the comfort of their own home, which will not only condition their usage of the technology but also drive their reactions when security is breached, and will determine their ability to recover.
- To put mainstream IoT technology to the test, and explore the opportunity to create a network-wide intrusion detection system (IDS), based on real-time analytics of data from such a heterogeneous set of technologies, and which users can actually use.
A version of this post has been published in the January 2017 issue of Housing Technology. Housing Technology (http://www.housing-technology.com/) is the UK’s #1 leading IT, technology and telecoms news and information service for the UK social housing sector and related local government agencies.