Communications - January 2013

review articles

Doi: 10.1145/2398356.2398377

A framework for evaluating security risks
associated with technologies used at home.

By taMaRa DeNNiNG, taDayosHi koHNo, aND HeNRy M. LeVy Computer security and the Modern Home

CoMPutAtion is eMBeDDeD throughout our homes. Some devices are obvious: desktops, laptops, wireless routers, televisions, and gaming consoles. Increasingly, however, computational capabilities are appearing in our appliances, healthcare devices, children’s toys, and the home’s infrastructure. These devices are incorporating new sensors, actuators, and network capabilities: a Barbie with a video camera1; a lock for your front door controlled by your cell phone; or a bathroom scale that reports readings over your wireless network. 26 Many of these devices are also subject to control by servers external to the home, or are mobile technologies that regularly leave the home’s perimeter and interact with other networks. These trends, which we expect to accelerate in the coming

years, create emergent threats to people’s possessions, well-being, and privacy. We seek to survey the security and privacy landscape for devices in the home and provide a strategy for reasoning about their relative computer security needs.

Many human assets—whether electronic, physical, or nontangible items of value to end users—can be accessed or influenced from computing devices within the home; unsurprisingly, these assets are also potentially attractive targets to adversaries. The capabilities of new electronics and their presence in

key insights

Homes are becoming increasingly computerized, filled with devices ranging from the traditional (laptops and desktops) to tVs, toys, appliances, and home automation systems.

We survey potential computer security attacks against in-home technologies and their impact on residents; some of the attacks are familiar, but the new capabilities of home technologies enable novel attacks and allow some traditional attacks to have new consequences.

We present a framework for articulating key risks associated with particular devices in the home, which includes identifying human assets, security goals, and device features that may increase the risk posed by individual technologies.