Human Factors in the Privacy and Security of the Internet of Things
Abstract
The “Internet of things” (IoT) refers to Internet-enabled technologies designed to increase the efficiency of users’ lives by communicating with other objects and elements in a system. The growth in these interconnected devices has been matched with increases in the use and aggregation of data collected by vendors or third parties. The number of hackers attempting to access users’ private information also has grown. Although attempts have been made to increase IoT security, the role users can play in protecting their information has been overlooked. We illustrate the necessity of taking a user-centered approach to privacy and security when designing and developing IoT technologies.
Get full access to this article
View all access and purchase options for this article.
References
Aleisa N., Renaud K. (2017). Privacy of the Internet of things: A systematic literature review. In Proceedings of the 50th Hawaii International Conference on System Sciences. Retrieved from http://hdl.handle.net/10125/41881
Baenen J. (2017, August 2). Wisconsin company holds “chip party” to microchip workers. Chicago Tribune. Retrieved from http://www.chicagotribune.com/bluesky/technology/ct-wisconsin-company-microchips-workers-20170801-story.html
Beck R. (2014, January 18). Smart refrigerators hacked to send out spam. NBC News. Retrieved from http://www.nbcnews.com/tech/internet/smart-refrigerators-hacked-send-out-spam-report-n11946
Broenink G., Hoepman J. H., Hof C. V. T., Van Kranenburg R., Smits D., Wisman T. (2010, May). The privacy coach: Supporting customer privacy in the Internet of things. Paper presented at Pervasive 2010, Helsinki, Finland. Retrieved from https://arxiv.org/pdf/1001.4459.pdf
Cranor L. F. (2008). A framework for reasoning about the human in the loop. In UPSEC’08 Proceedings of the 1st Conference on Usability, Psychology, and Security (pp. 1–15). New York, NY: ACM.
Estes A. C. (2017, March 22). This Nest security flaw is remarkably dumb. Gizmodo. Retrieved from http://gizmodo.com/this-nest-security-flaw-is-remarkably-dumb-1793524264
Flannigan J. (2016). Parental warning: Baby monitors can be hacked. Healthline. Retrieved from http://www.healthline.com/health-news/baby-monitors-can-be-hacked#1
Forget A., Pearman S., Thomas J., Acquisti A., Christin N., Cranor L. F., . . .Telang R. (2016). Do or do not, there is no try: User engagement may not improve security outcomes. In Proceedings of Twelfth Symposium on Usable Privacy and Security (SOUPS) (pp. 97–111). Denver, CO: USENIX Association.
Furman S., Theofanos M. F., Choong Y. Y., Stanton B. (2012). Basing cybersecurity training on user perceptions. IEEE Security & Privacy, 10, 40–49.
Gubbi J., Buyya R., Marusic S., Palaniswami M. (2013). Internet of things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29, 1645–1660.
Harbach M., Fahl S., Smith M. (2014). Who’s afraid of which bad wolf? A survey of IT security risk awareness. In Proceedings of IEEE 27th Computer Security Foundations Symposium (CSF) (pp. 97–110). Piscataway, NJ: IEEE.
Hernandez G., Arias O., Buentello D., Jin Y. (2014, August). Smart Nest thermostat: A smart spy in your home. Paper presented at Black Hat, USA, Las Vegas, NV. Retrieved from https://pdfs.semanticscholar.org/f1aa/f326c8b2cb6a94fa105b9910125e61920714.pdf
Hoff K. A., Bashir M. (2015). Trust in automation: Integrating empirical evidence on factors that influence trust. Human Factors, 57, 407–434.
Jeske D., van Schaik P. (2017). Familiarity with Internet threats: Beyond awareness. Computers & Security, 66, 129–141.
Kang R., Dabbish L., Fruchter N., Kiesler S. (2015). “My data just goes everywhere:” User mental models of the Internet and implications for privacy and security. In Proceedings of Symposium on Usable Privacy and Security (pp. 39–52). Berkeley, CA: USENIX Association.
Kharpal A. (2014, February 24). Can your fridge be hacked in the “Internet of things”? CNBC. Retrieved from https://www.cnbc.com/2014/02/21/can-your-fridge-be-hacked-in-the-internet-of-things.html
King R. (2017, March 7). Nest is turning up the security on its thermostats. Fortune. Retrieved from http://fortune.com/2017/03/07/nest-thermostat-security/
Kumaraguru P., Rhee Y., Acquisti A., Cranor L. F., Hong J., Nunge E. (2007). Protecting people from phishing: The design and evaluation of an embedded training email system. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 905–914). New York, NY: ACM.
Lee I., Lee K. (2015). The Internet of things (IoT): Applications, investments, and challenges for enterprises. Business Horizons, 58, 431–440.
Mangold L. V. (2012). Using ontologies for adaptive information security training. In Proceedings of Seventh International Conference on Availability, Reliability and Security (ARES; pp. 522–524). Piscataway, NJ: IEEE.
Meyer J. (2001). Effects of warning validity and proximity on responses to warnings. Human Factors, 43, 563–572.
Meyer J. (2004). Conceptual issues in the study of dynamic hazard warnings. Human Factors, 46, 196–204.
Moskvich K. (2017). Securing the IoT in your smart home and your connected enterprise. Engineering and Technology. Retrieved from https://eandt.theiet.org/content/articles/2017/03/securing-the-iot-in-your-smart-home-and-your-connected-enterprise/
Noto La Diega G., Walden I. (2016). Contracting for the “Internet of things”: Looking into the Nest. European Journal of Law and Technology, 7, 1–38.
Notra S., Siddiqi M., Gharakheili H. H., Sivaraman V., Boreli R. (2014). An experimental study of security and privacy risks with emerging household appliances. In Proceedings of 2014 IEEE Conference on Communications and Network Security (CNS; pp. 79–84). Piscataway, NJ: IEEE.
Roman R., Najera P., Lopez J. (2011). Securing the Internet of things. Computer, 44, 51–58.
Sasse M. A., Brostoff S., Weirich D. (2001). Transforming the “weakest link”: A human/computer interaction approach to usable and effective security. BT Technology Journal, 19, 122–131.
Sivaraman V., Chan D., Earl D., Boreli R. (2016). Smart-phones attacking smart-homes. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (pp. 195–200). New York, NY: ACM.
Tilley A. (2017, August 31). Nest launches a cheaper thermostat to bring the smart home to the masses. Forbes. Retrieved from https://www.forbes.com/sites/aarontilley/2017/08/31/nest-cheap-thermostat-e/#7e9a0cfe2b48
Van Kleek M., Liccardi I., Binns R., Zhao J., Weitzner D. J., Shadbolt N. (2017). Better the devil you know: Exposing the data sharing practices of smartphone apps. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (pp. 5208–5220). New York, NY: ACM.
Veron M. (2017, August 30). E is for everyone. Retrieved from https://nest.com/ca/blog/2017/08/30/e-is-for-everyone/
Warner M. R. (2017, August 1). Senators introduce bipartisan legislation to improve cybersecurity of “Internet-of-things” (IoT) devices. Retrieved from https://www.warner.senate.gov/public/index.cfm/pressreleases?ID=06A5E941-FBC3-4A63-B9B4-523E18DADB36
Wilson C., Hargreaves T., Hauxwell-Baldwin R. (2017). Benefits and risks of smart home technologies. Energy Policy, 103, 72–83.
Zhao K., Ge L. (2013). A survey on the Internet of things security. In Proceedings of 9th International Conference on Computational Intelligence and Security (CIS; pp. 663–667). Piscataway, NJ: IEEE.
Ziegeldorf J. H., Garcia-Morchon O., Wehrle K. (2014). Privacy in the Internet of things: Threats and challenges. Security and Communication Networks, 7, 2728–2742.
Biographies
Isis Chong is a doctoral student at Purdue University in the Department of Psychological Sciences. She received her master’s degree in human factors psychology from California State University, Long Beach. Her research deals with investigating cybersecurity issues with a focus on human information processing. She is co-president of the Human Factors and Ergonomics Society Purdue University Student Chapter.
Aiping Xiong is a postdoctoral fellow in cognitive psychology and human factors at Purdue University. She received her master’s degree in industrial engineering in 2014 and PhD in cognitive psychology in 2017 at Purdue University. Her research focuses on applying basic cognitive principles and theories to understand human action selection and decision making within various cybersecurity and privacy settings.
Robert W. Proctor is Distinguished Professor of the Department of Psychological Sciences at Purdue University, with a courtesy appointment in the School of Industrial Engineering. He is a fellow of Purdue’s Center for Education and Research in Information Assurance and Security. He received his PhD from the University of Texas at Arlington in 1975 and specializes in basic and applied human performance. He may be reached at [email protected].
Cite article
Cite article
Cite article
OR
Download to reference manager
If you have citation software installed, you can download article citation data to the citation manager of your choice
Information, rights and permissions
Information
Published In
Article first published online: May 2, 2018
Issue published: July 2019
Keywords
Authors
Metrics and citations
Metrics
Journals metrics
This article was published in Ergonomics in Design: The Quarterly of Human Factors Applications.
View All Journal MetricsArticle usage*
Total views and downloads: 5249
*Article usage tracking started in December 2016
Altmetric
See the impact this article is making through the number of times it’s been read, and the Altmetric Score.
Learn more about the Altmetric Scores
Articles citing this one
Receive email alerts when this article is cited
Web of Science: 8 view articles Opens in new tab
Crossref: 10
- IOT CİHAZLARINDA İNSAN HATASINDAN KAYNAKLANAN GÜVENLİK AÇIKLARININ ANALİZİ
- “I mute my echo when I talk politics”: Connecting Smart Home Device Users’ Concerns to Privacy Harms Taxonomy
- Predicting individual differences to cyber attacks: Knowledge, arousal, emotional and trust responses
- Human-Centered Modeling Applications In Intelligent Manufacturing Systems
- 2021 International Conference on Engineering and Emerging Technologies (ICEET)
- Is Someone Listening?
- Surviving in the digital environment: Does survival processing provide an additional memory benefit to password generation strategies?
- Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems
- Intelligent Computing
- Human Factors in the Cybersecurity of Autonomous Vehicles: Trends in Current Research
Figures and tables
Figures & Media
Tables
View Options
Access options
If you have access to journal content via a personal subscription, university, library, employer or society, select from the options below:
I am signed in as:
View my profileSign out
I can access personal subscriptions, purchases, paired institutional access and free tools such as favourite journals, email alerts and saved searches.
loading institutional access options
HFES members can access this journal content using society membership credentials.
HFES members can access this journal content using society membership credentials.
Alternatively, view purchase options below:
Purchase 24 hour online access to view and download content.
Access journal content via a DeepDyve subscription or find out more about this option.
