A framework for evaluating security risks
associated with technologies used at home.
By taMaRa DeNNiNG, taDayosHi koHNo, aND HeNRy M. LeVy
CoMPutAtion is eMBeDDeD throughout our homes.
Some devices are obvious: desktops, laptops,
wireless routers, televisions, and gaming consoles.
Increasingly, however, computational capabilities
are appearing in our appliances, healthcare devices,
children’s toys, and the home’s infrastructure. These
devices are incorporating new sensors, actuators, and
network capabilities: a Barbie with a video camera1; a
lock for your front door controlled by your cell phone;
or a bathroom scale that reports readings over your
wireless network. 26 Many of these devices are also
subject to control by servers external to the home, or
are mobile technologies that regularly leave the home’s
perimeter and interact with other networks. These
trends, which we expect to accelerate in the coming
years, create emergent threats to people’s possessions, well-being, and privacy. We seek to survey the security and
privacy landscape for devices in the
home and provide a strategy for reasoning about their relative computer security needs.
Many human assets—whether electronic, physical, or nontangible items
of value to end users—can be accessed
or influenced from computing devices
within the home; unsurprisingly, these
assets are also potentially attractive targets to adversaries. The capabilities of
new electronics and their presence in
Homes are becoming increasingly
computerized, filled with devices
ranging from the traditional (laptops and
desktops) to tVs, toys, appliances, and
home automation systems.
We survey potential computer security
attacks against in-home technologies
and their impact on residents; some of
the attacks are familiar, but the new
capabilities of home technologies enable
novel attacks and allow some traditional
attacks to have new consequences.
We present a framework for articulating
key risks associated with particular
devices in the home, which includes
identifying human assets, security goals,
and device features that may increase
the risk posed by individual technologies.