Computers are being embedded in home appliances at a rapidly accelerating pace. As a result, devices, applications, and services in smart homes can be augmented with novel features and sensing capabilities that enhance users' interaction in everyday life. At the same time, such devices are capable of collecting potentially sensitive data (e.g., a smart thermostat knows whether a person is at home or not) and access to devices and services should be restricted to a certain group of users (e.g., users may occasionally rent out their apartment via AirBnB and want to prevent changes being made to the smart thermostats configured to save energy).

Traditionally, security and privacy mechanisms are tightly integrated with the device they protect and leverage the available sensing capabilities (e.g., touchscreen, fingerprint reader, or camera on a smart phone or keyboard and touchpad on a laptop). In smart homes, devices are typically configured remotely via smart phones today. Despite often being sold as a useful feature, using the smart phone rather seems to be a work around for an open research challenge. This approach creates a considerable authentication overhead (users need to take the phone out of their pocket and launch an app rather than directly interact with the appliance) and supports a trend towards requiring people to use more passwords than they can remember. For example, already today, people have problems remembering passwords for their routers, smart TVs, and similar devices.

Our research focuses on bringing usable authentication to smart homes. In particular, we investigate how people (will) interact with smart appliances to understand how (a) existing security mechanisms users are familiar with can be adapted (for example, by means of other modalities) or (b) how entirely novel security concepts need to be designed to blend with how users interact in smart homes to, hence, strike a balance between being secure while at the same time remaining usable as they are being applied to hundreds of devices. Particular challenges include but are not limited to shared use of device in smart homes, how authentication mechanisms can be built that scale (e.g., is it meaningful to use one authentication method / secret for all classes of devices?) and how to adapt to the current authentication context.

Publications

mecke2018mum.jpg Lukas Mecke, Ken Pfeuffer, Sarah Prange and Florian Alt. Open Sesame!: User Perception of Physical, Biometric, and Behavioural Authentication Concepts to Open Doors. In Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia. MUM'18. ACM, New York, NY, USA.  [Download Bibtex]