Computers are being embedded in home appliances at a rapidly accelerating pace. As a result, devices, applications, and services in smart homes can be augmented with novel features and sensing capabilities that enhance users' interaction in everyday life. At the same time, such devices are capable of collecting potentially sensitive data (e.g., a smart thermostat knows whether a person is at home or not) and access to devices and services should be restricted to a certain group of users (e.g., users may occasionally rent out their apartment via AirBnB and want to prevent changes being made to the smart thermostats configured to save energy).

Traditionally, security and privacy mechanisms are tightly integrated with the device they protect and leverage the available sensing capabilities (e.g., touchscreen, fingerprint reader, or camera on a smart phone or keyboard and touchpad on a laptop). In smart homes, devices are typically configured remotely via smart phones today. Despite often being sold as a useful feature, using the smart phone rather seems to be a work around for an open research challenge. This approach creates a considerable authentication overhead (users need to take the phone out of their pocket and launch an app rather than directly interact with the appliance) and supports a trend towards requiring people to use more passwords than they can remember. For example, already today, people have problems remembering passwords for their routers, smart TVs, and similar devices.

Our research focuses on bringing usable authentication to smart homes. In particular, we investigate how people (will) interact with smart appliances to understand how (a) existing security mechanisms users are familiar with can be adapted (for example, by means of other modalities) or (b) how entirely novel security concepts need to be designed to blend with how users interact in smart homes to, hence, strike a balance between being secure while at the same time remaining usable as they are being applied to hundreds of devices. Particular challenges include but are not limited to shared use of devices in smart homes, how authentication mechanisms can be built that scale (e.g., is it meaningful to use one authentication method / secret for all classes of devices?) and how to adapt to the current authentication context.

Publications

prange2021chi.jpg Sarah Prange, Ahmed Shams, Robin Piening, Yomna Abdelrahman and Florian Alt. PriView – Exploring Visualisations Supporting Users' Privacy Awareness. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. CHI'21. Association for Computing Machinery, New York, NY, USA. [Download Bibtex]
prange2020chiea.jpg Sarah Prange and Florian Alt. I Wish You Were Smart(er): Investigating Users' Desires and Needs Towards Home Appliances. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems. CHI '20. Association for Computing Machinery, New York, NY, USA. [Download Bibtex] [Video]
marky2020mum.jpg Karola Marky, Sarah Prange, Florian Krell, Max Mühlhäuser and Florian Alt. 'You just can't know about everything': Privacy Perceptions of Smart Home Visitors. In Proceedings of the 19th International Conference on Mobile and Ubiquitous Multimedia. MUM'20. ACM, New York, NY, USA. [Download Bibtex]