Communications - January 2013

assets at stake within the home and security goals for computational home devices. We then identified key features of devices that, in general, make them more vulnerable to attack or more attractive as attack targets. Together, these axes can be used to evaluate the level and type of security attention appropriate for different home technologies. We applied our approach to three example technologies: a wireless webcam toy, a wireless scale, and a home automation siren. With further research, we conjecture that our risk framework could be distilled into a decision tree-like structure with questions that would allow those without security expertise to deter-ministically assign a device to a risk category. By seeking to understand the risks posed by home technologies as a cohesive whole, our hope is that this work will strengthen the foundations for developing secure home technologies—with the ultimate goal of creating a more trustworthy home environment for users.

acknowledgments

We thank Intel and the Intel Trust Evidence Program for supporting this work. We thank Dan Halperin, Greg Piper, Jesse Walker, and Meiyuan Zhao for feedback on earlier versions of this article.

References

1. barbie Video Girl; http://www.barbie.com/videogirl/

2. bellissimo, a., burgess, j. and Fu, K. secure software updates: disappointments and new challenges. In Proceedings of USENIX Hot Topics in Security, (july 2006).

3. bojinov, H., bursztein, E. and boneh, d. Xcs: Cross channel scripting and its impact on Web applications. In CCs ‘09.

4. brush, a.j.b. and Inkpen, K. M. yours, mine and ours? sharing and use of technology in domestic environments. In Proceedings of UbiComp ‘07.

5. Checkoway, s., McCoy, d., Kantor, b., anderson, d., shacham, H., savage, s., Koscher, K., Czeskis, a., Roesner, F. and Kohno, t. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of USENIX Security ‘ 11.

6. Cisco naC; http://www.cisco.com/en/us/products/ ps6128/ index.html.

7. denning, t., Matuszek, C., Koscher, K., smith, j. R. and Kohno, t. a spotlight on security and privacy risks with future household robots: attacks and lessons. In Proceeding of Ubicomp ‘09.

8. dixon, C., Mahajan, R., agarwal, s., brush, a.j., lee, b., saroiu, s. and bahl, V. the home needs an operating system (and an app store). In Proceedings of Hotnets ‘ 10.

9. Edwards, C., Kharif, O. and Rile, M. Human Errors Fuel Hacking as test shows nothing stops Idiocy (june 27, 2011); http://www.bloomberg.com/news/2011-06-27/ human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html

10. Edwards, W. K., Grinter, R. E., Mahajan, R. and Wetherall, d. advancing the state of home networking. Commun. ACM 54, 6 (june 2011).

11. Fisher, d. samsung Handsets distributed With Malware-Infected Memory Cards (june 4, 2010); http://threatpost.com/en_us/blogs/samsung-handsets- distributed-malware-infected-memory-cards-060410

12. Friedman, b., Kahn jr., P.H. and borning, a. Value sensitive eesign and information systems: three case studies. In Human-Computer Interaction and Management Information Systems: Foundations.

13. GlowCaps; http://www.rxvitality.com/glowcaps.html.

14. Gourdin, b., soman, C., bojinov, H. and bursztein, E. toward secure embedded Web interfaces. In Proceedings of USENIX Security ‘ 11.

15. Greenberg, a. iPhone security bug lets Innocent-looking apps Go bad (nov. 7, 2011); http://www. forbes.com/sites/andygreenberg/2011/11/07/iphone- security-bug-lets-innocent-looking-apps-go-bad/

review articles

16. Halperin, d., Heydt-benjamin, t.s., Ransford, b., Clark, s.s., defend, b., Morgan, W., Fu, K., Kohno, t. and Maisel, W.H. Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. IEEE 2008.

17. Khurana, H., Hadley, M., lu, n. and Frincke, d.a. smart-grid security issues. IEEE Security and Privacy 8 (2010), 81–85.

18. Kim, t-H.j., bauer, l., newsome, j., Perrig, a. and Walker, j. Challenges in access right assignment for secure home networks. In Proceedings for HotSec’ 10.

19. Mazurek, M.l., arsenault, j.P., bresee, j., Gupta, n., Ion, I., johns, C., lee, d., liang, y., Olsen, j., salmon, b., shay, R., Vaniea, K., bauer, l., Cranor, l.F., Ganger, G.R. and Reiter, M.K. access control for home data sharing: attitudes, needs and practices. In Proceedings of CHI ‘ 10.

20. Microsoft naP; http://technet.microsoft.com/en-us/ network/bb545879.

21. Mills, E. More malware targeting android (july

11, 2011); http: // news.cnet.com/8301-27080_3-

20078606-245/more-malware-targeting-android/ 22. nest; http://www.nest.com/.

23. Patel, s.n., Reynolds, M.s. and abowd, G.d. detecting human movement by differential air pressure sensing in HVaC system ductwork: an exploration in infrastructure mediated sensing. In Proceedings of Pervasive ‘08.

24. Rock star in your kitchen; (aug. 29, 2008); http://www. gorenjegroup.com/en/news?aid=933

25. spykee; http://www.spykeeworld.com/.

26. Withings WiFi body scale; http://www.withings.com/ en/bodyscale.

27. XFInIty Home security; http://www.comcast.com/ homesecurity/.

28. yang, j., Edwards, W. K. and Haslem, d. Eden: supporting home network management through interactive visual tools. In Proceedings of UIST ‘ 10.

Tamara Denning ( tdenning@cs.washington.edu) is a Ph.d student at the university of Washington, seattle. Tadayoshi Kohno ( yoshi@cs.washington.edu) is an associate professor at the university of Washington, seattle. henry M. Levy ( levy@cs.washington.edu) is Wissner-slivka Chair of Computer science and Engineering at the university of Washington, seattle.

environment
integrity
toy can cause minor
physical property
damage (for example,
fragile objects)

activity Pattern Privacy Activities easily deduced from A/v feed

Presence
Privacy
occupant
identities
Could reveal whether
house is occupied
and the presence of
children
occupants easily
identifiable

sensed Data
Privacy
Home can
be very private

sensor
Validity
sensor
availability
Could add disturbing
images or sounds into
stream
non-essential
n/A
Weighing times
might indicate when
occupants wake up
Could potentially
reveal whether
occupants are on
vacation
Could reveal
profile information
(for example,
name, age)

Weights are private
inaccurate weights
could cause shame,
affect eating and
exercise
non-essential
Continuous alarm an
annoyance, user might
disable or ignore alarm
Siren may indicate
unauthorized entry
Siren may indicate
unauthorized entry
n/A
n/A
n/A
n/A
jAnuARY 2013 | voL. 56 | no. 1 | CoMMuNiCatioNs of tHe aCM 103