An Englishman’s home is his castle. To what extent an Englishman’s smart home is his smart castle, we don’t yet know. Where tentative IoT devices are already available, promises and expectations paint a future where technology “merges physical and virtual worlds, creating smart environments to improve lives and enhance wellbeing” (European Commission H2020 Digital Agenda). As the distance between our physical and virtual worlds shrinks, concerns for security, privacy and trust in these technologies grow in similar measures. Successfully addressing these concerns not only demands specific technological dispositions but also targeted interventions at the level of the individual, the user, at the heart of this system.
A phishing email or a piece of malware may cause the inconvenience of having to change one’s passwords or restore lost data. However, recent events depict a much bleaker and intimate picture; one such example has been the hijacking of baby monitors that allowed cyber-attackers to watch and verbally abuse toddlers in what is meant to be their safest place. Most wireless technologies used to control smart locks, sensors, smart meters, smart appliances and other smart home components have been shown to be vulnerable to abuse via cyber means. Some more than others, especially where the home wi-fi router and the occupants’ insecure smartphones are part of the equation. Yet, as cyber incidents are still relatively uncommon in this context, manufacturers of smart home devices don’t typically deploy security measures beyond the bare minimum (usually lightweight encryption). Nor do they evaluate the impact that a cyber breach could have on the occupants, or even empower users to take charge of their own security.
Foreseeing the growing prevalence of IoT technology, the European Commission is taking these issues seriously, and has allocated funding to inform tomorrow’s standards and legislations. One such funded project is the Cocoon project, “emotion psychology meets cyber-physical security in IoT smart homes”, led by the University of Reading, which is a Euro1.2m project gathering researchers from the University of Greenwich, Ghent University (Belgium), ETH Zürich (Switzerland) and Eindhoven Technical University (The Netherlands). Starting in January 2017, we interweave innovations in two distinctly different disciplines to understand and improve the security of home IoT technology: emotional psychology and cyber security. We aim to produce an understanding of the psychology of IoT users, assess risks in current and future IoT systems, and formulate provisions for the design and integration of user-centric IoT in tomorrow’s homes. We put the user at the centre of the IoT landscape of technology; by combining expertise in emotional psychology, value-sensitive design, cyber security, network communication and real-time big data analytics, we will create a framework that adapts to user profiles, empowering them to make the right decisions for a safe IoT environment.
Broadly, IoT technology empowers both housing providers and tenants, and there is no doubt it will very soon play a central role in the housing sector. Housing providers will be able to monitor the status of their properties in real time, predict demand and repair needs, as well as forecast their financial commitments and those of their tenants. Ultimately, IoT technology increases flexibility and supports agile practices in social housing. Core to the sustainability of this multi-faceted and dynamic system are the tenants, who provide the drive and support the entire system. They are guardians of the entire system’s integrity, because their own knowledge and trouble-shooting skills will determine their resilience in the event of cyber-attacks. They will be the first in line to suffer the consequences of such attacks, and the first to be able to respond appropriately. To secure the integrity of such a complex network of technology, it is thus very important to understand how users behave and how best to empower them to take ownership of their smart homes. New tools need to be developed, new procedures put in place, and users need to be more in tune with the technology.
The objectives of the Cocoon project are twofold:
- To examine the emotional investment of IoT users who are in the comfort of their own home, which will not only condition their usage of the technology but also drive their reactions when security is breached, and will determine their ability to recover.
- To put mainstream IoT technology to the test, and explore the opportunity to create a network-wide intrusion detection system (IDS), based on real-time analytics of data from such a heterogeneous set of technologies, and which users can actually use.
Throughout the duration of the project, our consortium, in partnership with Housing Technology, will provide the community of housing providers with opportunities to influence this research agenda, take part and be in the front line of the field. We will also publish dedicated reports to help the housing sector understand this fast-moving field, and make the right decisions.
Doctor Etienne Roesch is associate professor of cognitive science at the University of Reading.