Skip navigation

User experiences with simulated cyber-physical attacks on smart home IoT

User experiences with simulated cyber-physical attacks on smart home IoT

Huijts, N. M. A. ORCID: 0000-0003-3729-8392 , Haans, A., Budimir, S., Fontaine, J. R. J., Loukas, George ORCID: 0000-0003-3559-5182 , Bezemskij, Anatolij ORCID: 0000-0002-6211-1609 , Oostveen, A., Filippoupolitis, Avgoustinos, Ras, I., IJsselsteijn, W. A. and Roesch, E. B. (2023) User experiences with simulated cyber-physical attacks on smart home IoT. Personal and Ubiquitous Computing. ISSN 1617-4909 (Print), 1617-4917 (Online) (doi:https://doi.org/10.1007/s00779-023-01774-5)

[img]
Preview
PDF (Publisher VoR)
44350_LOUKAS_ User_experiences_with_simulated_cyber_physical_attacks_on_smart_home_IoT.pdf - Published Version
Available under License Creative Commons Attribution.

Download (747kB) | Preview

Abstract

With the Internet of Things (IoT) becoming increasingly prevalent in people’s homes, new threats to residents are emerging such as the cyber-physical attack, i.e. a cyber-attack with physical consequences. In this study, we aimed to gain insights into how people experience and respond to cyber-physical attacks to their IoT devices. We conducted a naturalistic field experiment and provided 9 Dutch and 7 UK households, totalling 18 and 13 participants respectively, with a number of smart devices for use in their home. After a period of adaptation, simulated attacks were conducted, leading to events of varying noticeability (e.g., the light going on or off once or several times). After informing people simulated attacks had occurred, the attacks were repeated one more time. User experiences were collected through interviews and analysed with thematic analyses. Four relevant themes were identified, namely (1) the awareness of and concern about privacy and security risks was rather low, (2) the simulated attacks made little impression on the participants, (3) the participants had difficulties with correctly recognizing simulated attacks, and (4) when informed about simulated attacks taking place; participants noticed more simulated attacks and presented decision rules for them (but still were not able to identify and distinguish them well—see Theme 3). The findings emphasise the need for training interventions and an intrusion detection system to increase detection of cyber-physical attacks.

Item Type: Article
Uncontrolled Keywords: Cyber security, smart home security, cyber-physical security, cyber-physical attacks, cyber psychology
Subjects: B Philosophy. Psychology. Religion > BF Psychology
H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified: 29 Sep 2023 11:41
URI: http://gala.gre.ac.uk/id/eprint/44350

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics