research-article

“Secure settings are quick and easy!” – Motivating End-Users to Choose Secure Smart Home Configurations

Authors:

Michael Fröhlich,

Florian AltAuthors Info & Claims

AVI '22: Proceedings of the 2022 International Conference on Advanced Visual Interfaces

Article No.: 20, Pages 1 - 9

https://doi.org/10.1145/3531073.3531089

Published: 06 June 2022 Publication History

Abstract

While offering many useful features, novel smart home devices also provide an attack surface to users’ allegedly secure place: their homes. Thus, it is essential to employ effective threat mitigation strategies, such as securely configuring devices. We investigate how users can be motivated to do so. To foster secure actions, we designed two types of nudges based on the Protection Motivation Theory (PMT): one with low and one with high level of detail. As such, our nudges particularly target users’ threat appraisal (including perceived severity and likelihood of threats) and self-efficacy to take action. In a randomized online experiment (N = 210), we simulated a smart home setup procedure. Participants chose significantly more secure configurations when being provided with detailed nudges, and indicated higher perceived threat and coping appraisal (i.e., higher protection motivation) after the experiment. Based on our results, we discuss the design and deployment of nudges for (future) smart home setup procedures. Our work can help to a) increase users’ threat awareness in general, and b) motivate users to take actions such as securely configuring their devices.

Supplemental Material

M4V File

This supplemental video is a screencast of our web-based simulation of a smart home setup, which we used during our experiment. Note that this video does not contain audio, but written text.

Download
6.99 MB

References

[1]

2008. Central Limit Theorem. In The Concise Encyclopedia of Statistics. Springer New York, New York, NY, 66–68. https://doi.org/10.1007/978-0-387-32833-1_50

[2]

Alessandro Acquisti, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Manya Sleeper, Yang Wang, and Shomir Wilson. 2017. Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online. ACM Comput. Surv. 50, 3, Article 44 (aug 2017), 41 pages. https://doi.org/10.1145/3054926

Digital Library

[3]

Bako Ali and Ali Ismail Awad. 2018. Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes. Sensors 18, 3 (2018). https://doi.org/10.3390/s18030817

[4]

Florian Alt and Emanuel von Zezschwitz. 2019. Emerging Trends in Usable Security and Privacy. i-com 18, 3 (2019), 189–195. https://doi.org/10.1515/icom-2019-0019

[5]

Malik Nadeem Anwar, Mohammad Nazir, and Khurram Mustafa. 2017. Security threats taxonomy: Smart-home perspective. In 2017 3rd International Conference on Advances in Computing,Communication Automation (ICACCA) (Fall). 1–4. https://doi.org/10.1109/ICACCAF.2017.8344666

[6]

Cristina Bicchieri and Eugen Dimant. 2019. Nudging with care: The risks and benefits of social information. Public choice (2019), 1–22.

[7]

Bernardo Breve, Giuseppe Desolda, Vincenzo Deufemia, Francesco Greco, and Maristella Matera. 2021. An End-User Development Approach to Secure Smart Environments. In End-User Development, Daniela Fogli, Daniel Tetteroo, Barbara Rita Barricelli, Simone Borsci, Panos Markopoulos, and George A. Papadopoulos (Eds.). Springer International Publishing, Cham, 36–52.

[8]

George Chalhoub, Martin J Kraemer, Norbert Nthala, and Ivan Flechais. 2021. “It Did Not Give Me an Option to Decline”: A Longitudinal Analysis of the User Experience of Security and Privacy in Smart Home Products. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 555, 16 pages. https://doi.org/10.1145/3411764.3445691

Digital Library

[9]

Marie Delacre, Christophe Leys, Youri L Mora, and Daniël Lakens. 2019. Taking parametric assumptions seriously: Arguments for the use of Welch’s F-test instead of the classical F-test in one-way ANOVA. International Review of Social Psychology 32, 1 (2019).

[10]

Reyhan Duezguen, Peter Mayer, Benjamin Berens, Christopher Beckmann, Lukas Aldag, Mattia Mossano, Melanie Volkamer, and Thorsten Strufe. 2021. How to Increase Smart Home Security and Privacy Risk Perception. In 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 18 - 20 Augus 2021, Shenyang, China. 46.23.01; LK 01.

[11]

M. Dupuis and Mercy Ebenezer. 2018. Help Wanted: Consumer Privacy Behavior and Smart Home Internet of Things (IoT) Devices. In Proceedings of the 19th Annual SIG Conference on Information Technology Education.

Digital Library

[12]

Serge Egelman, David Molnar, Nicolas Christin, Alessandro Acquisti, Cormac Herley, and Shriram Krishnamurthi. 2010. Please Continue to Hold: An Empirical Study on User Tolerance of Security Delays. In 9th Annual Workshop on the Economics of Information Security, WEIS 2010, Harvard University, Cambridge, MA, USA, June 7-8, 2010. http://weis2010.econinfosec.org/papers/session3/weis2010_egelman.pdf

[13]

Pardis Emami-Naeini, Sruti Bhagavatula, Hana Habib, Martin Degeling, Lujo Bauer, Lorrie Cranor, and Norman Sadeh. 2017. Privacy Expectations and Preferences in an IoT World. In Proceedings of the Symposium on Usable Privacy and Security(SOUPS ’17). USENIX Association, Berkeley, CA, USA, 399–412.

[14]

Julian James Faraway. 2002. Practical regression and ANOVA using R.Vol. 168. University of Bath.

[15]

D. L. Floyd, S. Prentice-Dunn, and R. W. Rogers. 2000. A meta-analysis of research on protection motivation theory.Journal of Applied Social Psychology 30 (2000), 407–429.

[16]

Paul A Games and John F Howell. 1976. Pairwise multiple comparison procedures with unequal n’s and/or variances: a Monte Carlo study. Journal of Educational Statistics 1, 2 (1976), 113–125.

[17]

Nina Gerber, Paul Gerber, and Melanie Volkamer. 2018. Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior. Computers & Security 77(2018), 226 – 261. https://doi.org/10.1016/j.cose.2018.04.002

Digital Library

[18]

Nina Gerber, Benjamin Reinheimer, and Melanie Volkamer. 2019. Investigating People’s Privacy Risk Perception. Proceedings on privacy enhancing technologies 2019, 3(2019), 267–288. https://doi.org/10.2478/popets-2019-0047

[19]

Marian Harbach, Markus Hettig, Susanne Weber, and Matthew Smith. 2014. Using Personal Examples to Improve Risk Communication for Security & Privacy Decisions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Toronto, Ontario, Canada) (CHI ’14). Association for Computing Machinery, New York, NY, USA, 2647–2656. https://doi.org/10.1145/2556288.2556978

Digital Library

[20]

Katrin Hartwig and Christian Reuter. 2021. Nudge or Restraint: How Do People Assess Nudging in Cybersecurity - A Representative Study in Germany. In European Symposium on Usable Security 2021(Karlsruhe, Germany) (EuroUSEC ’21). Association for Computing Machinery, New York, NY, USA, 141–150. https://doi.org/10.1145/3481357.3481514

Digital Library

[21]

Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking Access Control and Authentication for the Home Internet of Things (IoT). In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 255–272. https://www.usenix.org/conference/usenixsecurity18/presentation/he

Digital Library

[22]

Ryan Heartfield, George Loukas, Sanja Budimir, Anatolij Bezemskij, Johnny R.J. Fontaine, Avgoustinos Filippoupolitis, and Etienne Roesch. 2018. A taxonomy of cyber-physical threats and impact in the smart home. Computers & Security 78(2018), 398–428. https://doi.org/10.1016/j.cose.2018.07.011

[23]

Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as Part of the App Decision-Making Process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Paris, France) (CHI ’13). Association for Computing Machinery, New York, NY, USA, 3393–3402. https://doi.org/10.1145/2470654.2466466

Digital Library

[24]

Agnieszka Kitkowska, Mark Warner, Yefim Shulman, Erik Wästlund, and Leonardo A. Martucci. 2020. Enhancing Privacy through the Visual Design of Privacy Notices: Exploring the Interplay of Curiosity, Control and Affect. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 437–456. https://www.usenix.org/conference/soups2020/presentation/kitkowska

[25]

Tobias Kroll, Ute Paukstadt, Kseniya Kreidermann, and Milad Mirbabaie. 2019. Nudging People to Save Energy in Smart Homes with Social Norms and Self-Commitment. In Proceedings of the 27th European Conference on Information System.

[26]

Josephine Lau, Benjamin Zimmerman, and Florian Schaub. 2018. Alexa, Are You Listening? Privacy Perceptions, Concerns and Privacy-Seeking Behaviors with Smart Speakers. Proc. ACM Hum.-Comput. Interact. 2, CSCW, Article 102 (Nov. 2018), 31 pages. https://doi.org/10.1145/3274371

Digital Library

[27]

Jonathan Lazar. 2017. Research methods in human computer interaction (2nd edition ed.). Elsevier, Cambridge, MA.

[28]

Thomas C Leonard. 2008. Richard H. Thaler, Cass R. Sunstein, Nudge: Improving decisions about health, wealth, and happiness.

[29]

Howard Levene. 1961. Robust tests for equality of variances. Contributions to probability and statistics. Essays in honor of Harold Hotelling (1961), 279–292.

[30]

Karen MacDonell, Xinguang Chen, Yaqiong Yan, Fang Li, Jie Gong, Huiling Sun, Xiaoming Li, and Bonita Stanton. 2013. A Protection Motivation Theory-Based Scale for Tobacco Research among Chinese Youth. Journal of addiction research & therapy 4 (2013), 154.

[31]

Davit Marikyan, Savvas Papagiannidis, and Eleftherios Alamanos. 2019. A systematic review of the smart home literature: A user perspective. Technological Forecasting and Social Change 138 (2019), 139 – 154. https://doi.org/10.1016/j.techfore.2018.08.015

[32]

Stefan Palan and Christian Schitter. 2018. Prolific.ac — A subject pool for online experiments. Journal of Behavioral and Experimental Finance 17 (2018), 22–27.

[33]

Sarah Prange, Ceenu George, and Florian Alt. 2021. Design Considerations for Usable Authentication in Smart Homes. In Mensch Und Computer 2021(Ingolstadt, Germany) (MuC ’21). Association for Computing Machinery, New York, NY, USA, 311–324. https://doi.org/10.1145/3473856.3473878

Digital Library

[34]

Sarah Prange, Ahmed Shams, Robin Piening, Yomna Abdelrahman, and Florian Alt. 2021. PriView– Exploring Visualisations to Support Users’ Privacy Awareness. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 69, 18 pages. https://doi.org/10.1145/3411764.3445067

Digital Library

[35]

S. Prange, E. von Zezschwitz, and F. Alt. 2019. Vision: Exploring Challenges and Opportunities for Usable Authentication in the Smart Home. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). 154–158. https://doi.org/10.1109/EuroSPW.2019.00024

[36]

R Rogers, John Cacioppo, and Richard Petty. 1983. Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. 153–177.

[37]

Ronald W. Rogers. 1975. A Protection Motivation Theory of Fear Appeals and Attitude Change1. The Journal of Psychology 91, 1 (1975), 93–114. https://doi.org/10.1080/00223980.1975.9915803 28136248.

[38]

Graeme D Ruxton and Guy Beauchamp. 2008. Time for some a priori thinking about post hoc testing. Behavioral ecology 19, 3 (2008), 690–693.

[39]

Joseph Shams, N. A. Arachchilage, and J. Such. 2020. Vision: Why Johnny Can’t Configure Smart Home? A Behavioural Framework for Smart Home Privacy Configuration. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (2020), 184–189.

[40]

Peter Story, Daniel Smullen, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2020. From Intent to Action: Nudging Users Towards Secure Mobile Payments. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 379–415. https://www.usenix.org/conference/soups2020/presentation/story

[41]

Peter Story, Daniel Smullen, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2021. Awareness, Adoption, and Misconceptions of Web Privacy Tools. Proceedings on Privacy Enhancing Technologies 2021, 3(2021), 308–333. https://doi.org/

[42]

R. Van Bavel and N. Rodriguez Priego. 2016. Nudging Online Security Behaviour with Warning Messages: Results from an online experiment. Publications Office of the European Union,(2016). https://doi.org/10.2791/2476

[43]

René Van Bavel, Nuria Rodríguez-Priego, José Vila, and Pam Briggs. 2019. Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human-Computer Studies 123 (2019), 29–39.

[44]

Alexandra Voit, Sven Mayer, Valentin Schwind, and Niels Henze. 2019. Online, VR, AR, Lab, and In-Situ: Comparison of Research Methods to Evaluate Smart Artifacts. Association for Computing Machinery, New York, NY, USA, 1–12. https://doi.org/10.1145/3290605.3300737

Digital Library

[45]

Irene Woon, Gek-Woo Tan, and R Low. 2005. A protection motivation theory approach to home wireless security. (2005).

[46]

W. Zhou, Y. Jia, A. Peng, Y. Zhang, and P. Liu. 2019. The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved. IEEE Internet of Things Journal 6, 2 (2019), 1606–1616. https://doi.org/10.1109/JIOT.2018.2847733

[47]

Verena Zimmermann and Karen Renaud. 2021. The Nudge Puzzle: Matching Nudge Interventions to Cybersecurity Decisions. ACM Trans. Comput.-Hum. Interact. 28, 1, Article 7 (Jan. 2021), 45 pages. https://doi.org/10.1145/3429888

Digital Library

Cited By

Lu YZhang CYang YYao YLi T(2024)From Awareness to Action: Exploring End-User Empowerment Interventions for Dark Patterns in UXProceedings of the ACM on Human-Computer Interaction10.1145/36373368:CSCW1(1-41)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637336
Stokes JAugust TMarver RCzeskis ARoesner FKohno TReinecke K(2023)How Language Formality in Security and Privacy Interfaces Impacts Intended ComplianceProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581275(1-12)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581275
Yao YHuang LHe YMa ZXu XMi H(2023)Reviewing and Reflecting on Smart Home Research from the Human-Centered PerspectiveProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580842(1-21)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3580842

Recommendations

Secure Smart Homes: Opportunities and Challenges

The Smart Home concept integrates smart applications in the daily human life. In recent years, Smart Homes have increased security and management challenges due to the low capacity of small sensors, multiple connectivity to the Internet for efficient ...
User experiences with simulated cyber-physical attacks on smart home IoT
Abstract
With the Internet of Things (IoT) becoming increasingly prevalent in people’s homes, new threats to residents are emerging such as the cyber-physical attack, i.e. a cyber-attack with physical consequences. In this study, we aimed to gain insights ...
Exploring End Users' Perceptions of Smart Lock Automation Within the Smart Home Environment
EuroUSEC '24: Proceedings of the 2024 European Symposium on Usable Security
Unlike their conventional counterparts, smart locks have the ability to communicate with other smart home devices which enables a level of integration and automation previously unimaginable. For instance, smart locks can exchange information with video ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

AVI '22: Proceedings of the 2022 International Conference on Advanced Visual Interfaces

June 2022

414 pages

ISBN:9781450397193

DOI:10.1145/3531073

General Chair:
Paolo Bottoni
Sapienza University of Rome, Italy
,
Program Chair:
Emanuele Panizzi
Sapienza University of Rome, Italy

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Data Availability

This supplemental video is a screencast of our web-based simulation of a smart home setup, which we used during our experiment. Note that this video does not contain audio, but written text. https://dl.acm.org/doi/10.1145/3531073.3531089#prange22avi_video_figure.m4v

Funding Sources

dtec.bw - Digitalization and Technology Research Center of the Bundeswehr

Conference

AVI 2022

AVI 2022: International Conference on Advanced Visual Interfaces

June 6 - 10, 2022

Frascati, Rome, Italy

Acceptance Rates

Overall Acceptance Rate 128 of 490 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
207
Total Downloads

Downloads (Last 12 months)63
Downloads (Last 6 weeks)7

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lu YZhang CYang YYao YLi T(2024)From Awareness to Action: Exploring End-User Empowerment Interventions for Dark Patterns in UXProceedings of the ACM on Human-Computer Interaction10.1145/36373368:CSCW1(1-41)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637336
Stokes JAugust TMarver RCzeskis ARoesner FKohno TReinecke K(2023)How Language Formality in Security and Privacy Interfaces Impacts Intended ComplianceProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581275(1-12)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581275
Yao YHuang LHe YMa ZXu XMi H(2023)Reviewing and Reflecting on Smart Home Research from the Human-Centered PerspectiveProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580842(1-21)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3580842

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents