Towards a Usable Framework for Modelling Security and Privacy Risks in the Smart Home

  • Jason R. C. NurseEmail author
  • Ahmad Atamli
  • Andrew Martin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9750)


The Internet-of-Things (IoT) ushers in a new age where the variety and amount of connected, smart devices present in the home is set to increase substantially. While these bring several advantages in terms of convenience and assisted living, security and privacy risks are also a concern. In this article, we consider this risk problem from the perspective of technology users in the smart home, and set out to provide a usable framework for modelling security and privacy risks. The novelty of this work is in its emphasis on supplying a simplified risk assessment approach, complete with typical smart home use cases, home devices, IoT threat and attack models, and potential security controls. The intention is for this framework and the supporting tool interface to be used by actual home users interested in understanding and managing the risks in their smart home environments.


Risk modelling Internet-of-things Smart homes Risk communication Usable security Smart cities Tool support 


  1. 1.
    Sicari, S., Rizzardi, A., Grieco, L., Coen-Porisini, A.: Security, privacy and trust in internet of things: the road ahead. Comput. Netw. 76, 146–164 (2015)CrossRefGoogle Scholar
  2. 2.
    Atamli, A., Martin, A.: Threat-based security analysis for the internet of things. In: International Workshop on Secure Internet of Things (SIoT), pp. 35–43. IEEE (2014)Google Scholar
  3. 3.
    Caviglione, L., Lalande, J.-F., Mazurczyk, W., Wendzel, S.: Analysis of human awareness of security and privacy threats in smart environments. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 165–177. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  4. 4.
    Park, S.H., Won, S.H., Lee, J.B., Kim, S.W.: Smart home-digitally engineered domestic life. Pers. Ubiquit. Comput. 7(3–4), 189–196 (2003)CrossRefGoogle Scholar
  5. 5.
    Han, D.M., Lim, J.H.: Smart home energy management system using IEEE 802.15.4 and zigbee. IEEE Trans. Consum. Electron. 56(3), 1403–1410 (2010)CrossRefGoogle Scholar
  6. 6.
    Hou, J., Wu, C., Yuan, Z., Tan, J., Wang, Q., Zhou, Y.: Research of intelligent home security surveillance system based on zigbee. In: International Symposium on Intelligent Information Technology Application, pp. 554–557. IEEE (2008)Google Scholar
  7. 7.
    Priyadharshini, S., Nivetha, D., Anjalikumari, T., Prakash, P.: Mobile controlled door locking system with two-factor authentication. In: Padma Suresh, L., Panigrahi, B.K. (eds.) Proceedings of the International Conference on Soft Computing Systems. AISC, vol. 398, pp. 133–139. Springer, Chennai (2016)CrossRefGoogle Scholar
  8. 8.
    Arcelus, A., Jones, M.H., Goubran, R., Knoefel, F.: Integration of smart home technologies in a health monitoring system for the elderly. In: 21st International Conference on Advanced Information Networking and Applications. IEEE (2007)Google Scholar
  9. 9.
    BBC: Fridge sends spam emails as attack hits smart gadgets (2014).
  10. 10.
    Michéle, B., Karpow, A.: Watch and be watched: compromising all smart TV generations. In: Consumer Communications and Networking Conference (2014)Google Scholar
  11. 11.
    Brush, A., Lee, B., Mahajan, R., Agarwal, S., Saroiu, S., Dixon, C.: Home automation in the wild: challenges and opportunities. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2115–2124. ACM (2011)Google Scholar
  12. 12.
    Kaspersky Lab: Surviving in the IoT world: Kaspersky Lab Experts Discover the Risks of Smart Home Devices (2015).
  13. 13.
    Busnel, P., Giroux, S.: Security, privacy, and dependability in smart homes: a pattern catalog approach. In: Lee, Y., Bien, Z.Z., Mokhtari, M., Kim, J.T., Park, M., Kim, J., Lee, H., Khalil, I. (eds.) ICOST 2010. LNCS, vol. 6159, pp. 24–31. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Kotz, D., Avancha, S., Baxi, A.: A privacy framework for mobile health and home-care systems. In: Proceedings of the First ACM Workshop on Security and Privacy in Medical and Home-care Systems, pp. 1–12. ACM (2009)Google Scholar
  15. 15.
    Kirkham, T., Armstrong, D., Djemame, K., Jiang, M.: Risk driven smart home resource management using cloud services. Future Gener. Comput. Syst. 38, 13–22 (2014)CrossRefGoogle Scholar
  16. 16.
    Kalofonos, D.N., Shakhshir, S.: Intuisec: a framework for intuitive user interaction with smart home security using mobile devices. In: IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications. IEEE (2007)Google Scholar
  17. 17.
    Kumar, P., Subramanian, N., Zhang, K.: SaViT: technique for visualization of digital home safety. In: 8th IEEE/ACIS International Conference on Computer and Information Science, pp. 1120–1125. IEEE (2009)Google Scholar
  18. 18.
    NIST: Special Publication 800–37: Guide for Applying the Risk Management Framework to Federal Information Systems (2010)Google Scholar
  19. 19.
    Nurse, J.R.C., Creese, S., Goldsmith, M., Lamberts, K.: Trustworthy and effective communication of cybersecurity risks: a review. In: Socio-Technical Aspects in Security and Trust Workshop at the Network and System Security (NSS) Conference, pp. 60–68. IEEE (2011)Google Scholar
  20. 20.
    Hosmer, H.H.: Visualizing risks: Icons for information attack scenarios. Technical report, DTIC Document (2000)Google Scholar
  21. 21.
    OWASP: Consumer IoT Security Guidance (2015).
  22. 22.
    Nurse, J.R.C., Creese, S., Goldsmith, M., Lamberts, K.: Guidelines for usable cybersecurity: past and present. In: Cyberspace Safety and Security Workshop at the Network and System Security (NSS) Conference, pp. 21–26. IEEE (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Jason R. C. Nurse
    • 1
    Email author
  • Ahmad Atamli
    • 1
  • Andrew Martin
    • 1
  1. 1.Department of Computer ScienceUniversity of OxfordOxfordUK

Personalised recommendations