Abstract
Manufacturers of smart home consumer devices like home theatres, music players, voice-based assistants, smart lighting, and security cameras have widely adopted the Internet of Things (IoT). These devices pose a significant security risk to consumers because the devices are exposed to mobile applications and cloud-based services with known security vulnerabilities. Most current home consumer devices provide little or no information about the level of security they afford. Since most consumers are not tech-savvy, it is currently difficult for a consumer to make an informed decision about which consumer device model (e.g., smart television model) has the best security. Hence, consumers need an objective security ranking of each type (e.g., security cameras) of home consumer devices. This paper proposes a novel methodology to systematically build such security rankings for home consumer devices. The proposed methodology can be applied by utilizing data from any security assessment study. The paper discusses previous efforts in applying Analytic Hierarchy Process (AHP) to rank security risks in general. The paper also presents a systematic survey of security vulnerabilities of smart home consumer devices when viewed from an IoT lens. Using the proposed methodology, a case study, employing an AHP model for ranking commonly used home consumer devices including home theatres, security cameras, smart lighting, smart speakers, video surveillance, smart switches, home automation systems, home security systems, smart routers, wireless doorbell cameras, and home audio systems, was developed. Relative security rankings for each type of consumer device were derived from the AHP model. According to the AHP model, network security was the primary driver of smart home device security with a priority of 0.6893 while application security had the least priority of 0.0591. Critical Vulnerabilities were the most important for device security (priority=0.4397), Man-in-The-Middle attacks for network security (priority=0.2019), exploitable services for cloud security (priority=0.26), and sensitive data for application security (0.7626). The AHP model was internally consistent (Consistency Ratio < 0.1). Sensitivity analysis showed that the AHP model was robust against pairing assumptions.
Highlights
Smart home automation goes back to at least 1985 [1]
This paper presented a systematic survey, a methodology and a case study to rank the security of home consumer devices
An Internet of Things (IoT) lens based on the current state-of-the-art research in security of smart home devices was used to propose a novel methodology
Summary
Smart home automation goes back to at least 1985 [1]. Recently, many smart home automation systems and associated devices like surveillance cameras, home voice assistants (e.g., Alexa), and appliances (e.g., fridge) have embraced the Internet of Things (IoT) [2]. Efforts are underway to broadly characterize security risks and vulnerabilities of smart home consumer devices [14]. Security labels for IoT consumer devices clearly indicating security mechanisms (e.g., security updates, access control, encryption), data practices (e.g., whether the data is stored on the device or on the cloud), and additional information (e.g., physical actuation) have been proposed [22]. This paper proposes a methodology of how to develop a simplified security ranking for various types of consumer devices (e.g., smart televisions). The ranking developed can be used by consumers to assess the relative security of competing device choices. When selecting which smart television set to buy, a consumer can refer to the relative security rankings of smart television sets available, and make an informed choice.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
