'They're all about pushing the products and shiny things rather than fundamental security' Mapping Socio-technical Challenges in Securing the Smart Home

• URL: http://arxiv.org/abs/2105.11751v1
• Date: Tue, 25 May 2021 08:38:36 GMT
• Title: 'They're all about pushing the products and shiny things rather than fundamental security' Mapping Socio-technical Challenges in Securing the Smart Home
• Authors: Jiahong Chen and Lachlan Urquhart
• Abstract summary: Insecure connected devices can cause serious threats not just to smart home owners, but also the underlying infrastructural network as well. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of Internet of Things (IoT) vendors and that of end-users. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products usably secure.
• Score: 1.52292571922932
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Insecure connected devices can cause serious threats not just to smart home owners, but also the underlying infrastructural network as well. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of Internet of Things (IoT) vendors and that of end-users. In addition to the current data protection and network security legal frameworks, for example, the UK government has initiated the 'Secure by Design' campaign. While there has been work on how organisations and individuals manage their own cybersecurity risks, it remains unclear to what extent IoT vendors are supporting end-users to perform day-to-day management of such risks in a usable way, and what is stopping the vendors from improving such support. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products usably secure: technical, legal and organisational. In this paper we further discuss the policymaking implications of these findings and make some recommendations.

Related papers

• S3C2 Summit 2023-11: Industry Secure Supply Chain Summit [60.025314516749205]
  This paper summarizes the Industry Secure Supply Chain Summit held on November 16, 2023. The goal of this summit was to enable open discussions, mutual sharing, and shedding light on common challenges that industry practitioners with practical experience face when securing their software supply chain.
  arXiv  Detail & Related papers  (2024-08-29T13:40:06Z)
• Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
  We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
  arXiv  Detail & Related papers  (2024-03-04T09:27:11Z)
• IoT in the Cloud: Exploring Security Challenges and Mitigations for a Connected World [18.36339203254509]
  The Internet of Things (IoT) has seen remarkable advancements in recent years, leading to a paradigm shift in the digital landscape. IoT devices, inherently connected to the internet, are susceptible to various forms of attacks. IoT services often handle sensitive user data, which could be exploited by malicious actors or unauthorized service providers.
  arXiv  Detail & Related papers  (2024-02-01T05:55:43Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• Trust-based Approaches Towards Enhancing IoT Security: A Systematic Literature Review [3.0969632359049473]
  This research paper presents a systematic literature review on the Trust-based cybersecurity security approaches for IoT. We highlighted the common trust-based mitigation techniques in existence for dealing with these threats. Several open issues were highlighted, and future research directions presented.
  arXiv  Detail & Related papers  (2023-11-20T12:21:35Z)
• The risks of risk-based AI regulation: taking liability seriously [46.90451304069951]
  The development and regulation of AI seems to have reached a critical stage. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. This paper analyses the most advanced legal proposal, the European Union's AI Act.
  arXiv  Detail & Related papers  (2023-11-03T12:51:37Z)
• Demand-Side Threats to Power Grid Operations from IoT-Enabled Edge [6.437501851914223]
  Growing adoption of Internet-of-Things (IoT)-enabled energy smart appliances (ESAs) at the consumer end, is seen as key to enabling demand-side response (DSR) services. These smart appliances are often poorly engineered from a security point of view and present a new threat to power grid operations. Unlike utility-side and SCADA assets, ESAs are not monitored continuously due to their large numbers and the lack of extensive monitoring infrastructure at consumer sites.
  arXiv  Detail & Related papers  (2023-10-28T20:56:43Z)
• Navigating the IoT landscape: Unraveling forensics, security issues, applications, research challenges, and future [6.422895251217666]
  This paper reviews forensic and security issues associated with IoT in different fields. Most IoT devices are vulnerable to attacks due to a lack of standardized security measures. To fulfil the security-conscious needs of consumers, IoT can be used to develop a smart home system.
  arXiv  Detail & Related papers  (2023-09-06T04:41:48Z)
• Smart Home, security concerns of IoT [91.3755431537592]
  The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
  arXiv  Detail & Related papers  (2020-07-06T10:36:11Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.