Communications of the ACM
Making IoT Configuration More Secure and Easy-to-Use
The researchers' prototype Wi-Fi device with the button includes a WiFly module, a window, status light, and power button.
Credit: University of Southampton
With an ever increasing number of everyday objects from users' homes, workplaces, and even their wardrobes, getting connected to the Internet to create the Internet of Things (IoT), researchers from the University of Southampton have identified easy-to-use techniques to configure IoT objects, to make them more secure and hence help protect them from online attacks.
This increased connectivity brings additional risk. Setting personalized and strong passwords when connecting new devices to the Internet, for example through a home's Wi-Fi network, can mitigate such risks. However, many IoT devices have limited interfaces: just a few buttons (if any at all) and light indicators, making it challenging for users to configure them. If secure configuration becomes complicated, users may choose easier, less secure options that leave their devices vulnerable.
Southampton researchers compared four interaction techniques for the configuration of IoT devices, looking for methods that allowed security, but were quick and easy to use. All four techniques used the smartphone touchscreen to let users enter secure passwords.
Two of the techniques used a more 'traditional' approach by connecting a smartphone and an IoT device through a USB or audio cable, via the smartphone's headphone socket. The third technique used a 'Wi-Fi-only' approach, where the smartphone creates a special temporary Wi-Fi network, or ad-hoc network, to which the IoT device automatically connects before being redirected to the correct permanent network. The final option was the smartphone and the IoT device exchanging information through light: the smartphone's screen flashed black and white to mean binary 'zero' or 'one'; the IoT device read this light/binary pattern to learn the password from the smartphone.
The results are described in "Connecting the Things to the Internet: An Evaluation of Four Configuration Strategies for Wi-Fi Devices with Minimal User Interfaces," to be presented in Japan this week at UbiComp 2015, the ACM International Joint Conference on Pervasive and Ubiquitous Computing. The study is co-authored by Michael O. Jewell, Enrico Costanza, and Jacob Kittley-Davies. The researchers found that two of the techniques were noticeably more usable than the others — the audio cable and the Wi-Fi-only interactions.
Study co-author Costanza, from the Agents, Interaction, Complexity Group in Electronics and Computer Science at the University of Southampton, says: "IoT objects can be attacked and possibly hijacked, putting our privacy, data, and safety in question. We believe that our results can help designers and researchers make IoT devices, and especially their configuration, more usable and therefore secure. Moreover, we believe that not enough attention has been placed on how to make the IoT easy to use and to configure, so we hope that our results will motivate others in researching this topic."
No entries found