User experiences with simulated cyber-physical attacks on smart home IoT

Q1 Social Sciences

Personal and Ubiquitous Computing Pub Date : 2023-09-22 DOI:10.1007/s00779-023-01774-5

N. M. A. Huijts, A. Haans, S. Budimir, J. R. J. Fontaine, G. Loukas, A. Bezemskij, A. Oostveen, A. Filippoupolitis, I. Ras, W. A. IJsselsteijn, E. B. Roesch

{"title":"User experiences with simulated cyber-physical attacks on smart home IoT","authors":"N. M. A. Huijts, A. Haans, S. Budimir, J. R. J. Fontaine, G. Loukas, A. Bezemskij, A. Oostveen, A. Filippoupolitis, I. Ras, W. A. IJsselsteijn, E. B. Roesch","doi":"10.1007/s00779-023-01774-5","DOIUrl":null,"url":null,"abstract":"Abstract With the Internet of Things (IoT) becoming increasingly prevalent in people’s homes, new threats to residents are emerging such as the cyber-physical attack, i.e. a cyber-attack with physical consequences. In this study, we aimed to gain insights into how people experience and respond to cyber-physical attacks to their IoT devices. We conducted a naturalistic field experiment and provided 9 Dutch and 7 UK households, totalling 18 and 13 participants respectively, with a number of smart devices for use in their home. After a period of adaptation, simulated attacks were conducted, leading to events of varying noticeability (e.g., the light going on or off once or several times). After informing people simulated attacks had occurred, the attacks were repeated one more time. User experiences were collected through interviews and analysed with thematic analyses. Four relevant themes were identified, namely (1) the awareness of and concern about privacy and security risks was rather low, (2) the simulated attacks made little impression on the participants, (3) the participants had difficulties with correctly recognizing simulated attacks, and (4) when informed about simulated attacks taking place; participants noticed more simulated attacks and presented decision rules for them (but still were not able to identify and distinguish them well—see Theme 3). The findings emphasise the need for training interventions and an intrusion detection system to increase detection of cyber-physical attacks.","PeriodicalId":54628,"journal":{"name":"Personal and Ubiquitous Computing","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Personal and Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s00779-023-01774-5","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 0

Abstract

Abstract With the Internet of Things (IoT) becoming increasingly prevalent in people’s homes, new threats to residents are emerging such as the cyber-physical attack, i.e. a cyber-attack with physical consequences. In this study, we aimed to gain insights into how people experience and respond to cyber-physical attacks to their IoT devices. We conducted a naturalistic field experiment and provided 9 Dutch and 7 UK households, totalling 18 and 13 participants respectively, with a number of smart devices for use in their home. After a period of adaptation, simulated attacks were conducted, leading to events of varying noticeability (e.g., the light going on or off once or several times). After informing people simulated attacks had occurred, the attacks were repeated one more time. User experiences were collected through interviews and analysed with thematic analyses. Four relevant themes were identified, namely (1) the awareness of and concern about privacy and security risks was rather low, (2) the simulated attacks made little impression on the participants, (3) the participants had difficulties with correctly recognizing simulated attacks, and (4) when informed about simulated attacks taking place; participants noticed more simulated attacks and presented decision rules for them (but still were not able to identify and distinguish them well—see Theme 3). The findings emphasise the need for training interventions and an intrusion detection system to increase detection of cyber-physical attacks.

查看原文本刊更多论文

智能家居物联网模拟网络物理攻击的用户体验

随着物联网(IoT)在人们家庭中的日益普及，对居民的新的威胁也不断出现，例如网络物理攻击，即具有物理后果的网络攻击。在这项研究中，我们旨在深入了解人们如何体验和应对针对其物联网设备的网络物理攻击。我们进行了一个自然的实地实验，为9个荷兰家庭和7个英国家庭提供了一些智能设备，分别有18和13名参与者。经过一段时间的适应后，进行模拟攻击，导致不同的明显事件(例如，灯一次或多次亮起或熄灭)。在告知人们已经发生了模拟袭击之后，这些袭击又被重复了一次。通过访谈收集用户体验，并进行专题分析。研究发现了四个相关主题，即:(1)对隐私和安全风险的认识和关注程度较低;(2)模拟攻击对参与者的印象不深;(3)参与者在正确识别模拟攻击方面存在困难;参与者注意到更多的模拟攻击，并为他们提出决策规则(但仍然不能很好地识别和区分它们，参见主题3)。研究结果强调了培训干预和入侵检测系统的必要性，以增加对网络物理攻击的检测。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Personal and Ubiquitous Computing 工程技术-电信学

CiteScore

6.60

自引率

0.00%

发文量

审稿时长

6-12 weeks

期刊介绍： Personal and Ubiquitous Computing publishes peer-reviewed multidisciplinary research on personal and ubiquitous technologies and services. The journal provides a global perspective on new developments in research in areas including user experience for advanced digital technologies, the Internet of Things, big data, social technologies and mobile and wearable devices.