ORIGINAL RESEARCH Submitted: 28.08.2022; Accepted: 19.09.2022; Published online: 20.11.
2022
Assessment of Smart Home:
Security and Privacy
1
Akshat Goyal, 2*Mugdha S Kulkarni
1,2
Symbiosis Centre for Information Technology, Symbiosis Inter-
national (Deemed University), Pune, Maharashtra, India
*
Corresponding author:
[email protected]
smart door doors, etc. Bluetooth or Wi-Fi is used to
Abstract
Home automation is now extremely common in Internet of
things services and devices with a range of assurances to im-
prove health, lifestyle, and customer wellbeing. In terms of
its success and apparent utility for humans, intelligent homes
possess various safety concerns resulting from the diversified,
vast-range, and nuanced nature of IoT. Previous studies have
talked about security and privacy issues. However, we observe
that they have not addressed the risk assessment of each smart
home component and corresponding security objective along
with additional factors that affect a smart home security pos-
ture. In this study, we have proposed a framework defining a
standard level of security and then analyzing each component
concerning it. There are so many vulnerabilities, but all cannot
be assessed due to the heterogeneity of devices and their con-
nection in a small network. IoT can support a wide range of
technologies and programs in various domains, including smart
cities and smart houses. For monitoring, data exchange, and
other operations in the given service, IoT smart objects com-
municate with other elements such as proxies, mobile devices,
and data collectors. While such components help solve various
social issues and provide consumers with modern advanced
services, their restricted computing capacities render them vul-
nerable to well-known protection and privacy risks.
Keywords
IoT, Security, Smart Home System, Home Automation, Data Ex-
change
Imprint
Akshat Goyal, Mugdha S Kulkarni. Assessment of Smart Home:
Security and Privacy. Cardiometry; Issue 24; November 2022;
p. 400-409; DOI: 10.18137/cardiometry.2022.24.400409; Avail-
able from: http://www.cardiometry.net/issues/no24-novem-
ber-2022/assessment-smart-home
400 | Cardiometry | Issue 24. November 2022
1. Introduction
Smart home technology also referred to as home
automation, provides house owners with safe, afford-
ability, power conservation, and comfort while en-
couraging them to monitor homes, usually through a
mobile application. In reality, a smart home is a sys-
tem that provides a mobile application to track it from
your smartphone or laptop. It can monitor home ap-
pliances such as lights, ventilation, air conditioning,
monitor devices remotely [1]. Smart home emphasizes
the automated regulation of home appliances such as
intelligent lighting, ventilation, and heating. Although
industry strives to manufacture specified goods, such
as the thermostat, smart lights, work has tried to un-
derstand the wide spectrum of solutions introduced at
home. The devices inside the system are configured to
the main hub that governs the movement of informa-
tion among them, controlled and operated by end-us-
er through mobile or web applications [2].
While it is evident that potentially numerous IoT
devices and applications seem to be currently active in
the smart home market, they usually come into one of
the following categories: Entertainment, Monitoring
and Safety, Household Maintenance, Lighting, Fitness,
and Power & Resource Management. Over the last few
years, rapid development or shift has witnessed voice
technology adaptation in many computing applica-
tions. One of the most significant innovations that use
voice technology is Smart Home Personal Assistants
(SPA), e.g., Amazon Echo, Google Home, etc. Con-
nected home systems can be categorized into two ma-
jor categories: remotely operated or locally controlled
systems [3]. The local system uses an in-house control-
ler to operatee. A smart home device is interconnected
via the Internet, enabling users to monitor operations
like home protection, temperature, lighting, etc. Users
can install anything in the home that uses electricity
on your home network and at your command [4]. It
includes various devices that have hit the market that
regulate and control all devices such as Zigbee, Z-wave,
Lutron, and Wink. So, the design of the Smart local sys-
tem, the reality is that it is still linked with the external
world through the back door by extracting data from
homeowners and the Internet, poses a range of security
issues. They are systems that integrate most users’ digi-
tal devices and offer them a portal to control anything.
However, generally, they come along with a mobile ap-
plication, and that you can access them from wherever
you want. Present Smart home systems include cloud-
based Samsung Smart Things and Amazon AWS, and
also several other IoTs. An example, in which a home
device sensitizes the surrounding atmosphere and sub-
mits the overall collected data directly to the cloud or
else from a central hub [5]. The smart house is packed
with hundreds of sensors that are doing measurements
in conjunction with several other evidence, including
smart devices that will be used for customization, auto-
matic services, and enhancing the quality and usability
of the occupants. Technically speaking, the smart home
model consists of five essential elements: device control,
sensors and actuators, network controllers, the control-
ler, and the remote-control devices. A smart home pro-
vides various security, childcare, healthcare, eldercare,
energy efficiency, and management [6]. However, this
smart home model has essential aspects of information
protection and privacy.
The unprecedented growth in the number of linked
devices has not only provided criminals new access
points it also allows more of our knowledge to be cap-
tured and eventually exchanged than ever before. Based
on many principles and criteria, lots of equipment
manufacturers provide a wide variety of devices (me-
ters, actuators, cameras, etc.) embedded in a household
setting. The device diversity increased security issues in
Smart Homes are directly impacted. Land and consum-
ers and the knowledge they produce are an important
portion of the smart house automation environment.
As the occupants gradually welcome them, these net-
work structures started attracting more attention from
several other business markets [7]. The growing need
for these kinds of technologies can be seen from the
fact that the worldwide smart home market has been
estimated to value nearly $24000 million in 2016. The
figure is expected to rise as more and more people be-
gin to adopt smart home technology to the extent of
$53500 million by 2020. The following are some key
safety criteria when working with protection in IOTs,
which are also steps to analyze the performance of mul-
tiple protected systems [8].
Confidentiality: This applies to preventing the
transmission of data to unauthorized individuals, or-
ganizations, and mechanisms.
Integrity: It applies to avoiding falsification and
manipulation of data transmitted through the network
by unauthorized individuals or devices.
Availability: It aims at ensuring that unauthorized
individuals or programs can not restrict authorized
users from accessing the network resources.
Authenticity: It involves the conservation of the
authentic self of a system user or organization and
linking the existing identity to the system-embedded
principal to make sure the system acknowledges this
user.
Authorization: Authorization is the role of defin-
ing access rights/resource privileges relevant to infor-
mation security and data security in general and ac-
cess control in particular.
The idea of the “Internet of Things” is no longer a
subject of science fiction but an integral part of our life.
One of the most common examples of IoT in action in-
cludes technologies and applications designed to sup-
port devices and Smart house systems [9]. However, the
fact that irrespective of smart home design, it will still
be linked with the external environment through an in-
ternet connection, also the accessible back door protec-
tion extracted by the family members, pose a range of
security issues, observes Mantas et al. Smart homes face
unique challenges in terms of security, safety, and us-
ability because they are multiple users, multiple devices
networks, which has an impact on the cognitive expe-
rience of most household occupants. Current Smart
home hardware is not well configured for many appli-
cations, often ignoring simple access control and other
ways of making the device intelligible and accessible to
all applications [10]. To promote the introduction and
acceptance of home automation technologies, it is in-
deed vital to explore the user’s view also, the current
smart home conditions. There is a significant necessity
to reassess the theories and concepts considering the
rapid growth rate of studies in this field.
The project discusses privacy and security issues
related to smart home systems and their components
and segregating them based on Confidentiality, In-
tegrity, Availability, Authenticity, and Authorization,
which are also the security objectives of a Smart Home
system. Lastly, we will give an overview of the mitiga-
tion options that can be implemented for developing a
more secure home network [11].
The rest of the paper is structured, as Section 2 will
be explaining the objective, Section 3 will be Litera-
ture Review. Section 4 is a conceptual model of how
a smart home system looks. Section 5 is a research
methodology, and Section 6 will be the analysis part,
which discusses the conclusion and limitations.
Issue 24. November 2022 | Cardiometry | 401
2. Conceptual Model
A smart home environment and its major compo-
nents are discussed in this section. These layers com-
municate with each other through signals to carry out
operations. The conceptual model reference is taken
from [12].
Smart Home Systems, shown in Figure 1, are usu-
ally hardware modules composed of cameras, smart
objects, gateways, and sensors. The separate one com-
ponent categories are:
• Devices
Smart Home Systems are usually hardware modules
composed of cameras, smart objects, gateways, and
sensors. The separate one component categories are:
Sensors: - Tests the electrical characteristics of the
atmosphere or the actual object. They may vary from
movable like wristbands to immovable, for example,
CCTV.
Actuators: - They perform acts like clicking ON/
Off, dimming lights, closing gates, warnings, etc.
Gateway: This is a home access point that usually
helps owners or other individuals remotely track, oper-
ate, and handle home electrical appliances and even de-
tectors. It serves as an integration node to transmit test
value with an outside system, like the service providers.
Smart devices: - are networks made up of sensors
and/or actuators. They are linked with the smart home
web. Examples here involve automated devices like a
smart speaker that reacts to the buzzer’s sound and de-
livers access control based on real-time [13].
• Communication
Classic smart, wired home uses several proto-
col connectivity solutions. They range from wired to
Figure 1: Smart home system elemental structure
402 | Cardiometry | Issue 24. November 2022
wireless communication protocols. Sensors typically
connect using home security protocols, such as Zig-
bee, Z-Wave, and WPA2, and networking procedures
that include Bluetooth, IEEE 802.15.4/.11ah, Wi-Fi,
low-WPAN, also option of mobile technologies. GPS
and RFID are also used for tracking purposes.
Smart Hub
Wiring (if applicable)
• Services
Services are mobile programs deployed in the cloud
or in the home setting responsible for scheduling sys-
tem services that are mobile programs deployed in the
cloud or the home setting responsible for scheduling,
system control, decision-making, etc. Usually, house-
holds run these applications over their smartphones
or tablets to communicate with the computer locally
or remotely [14].
Smart Apps
Web access
3. Objective
The core objective behind conducting research is
to give an overview of the privacy and security issues
in the IoT-based Smart home system. Due to vulner-
abilities of the existing smart home systems and the
multiple attacks on these systems, we have challenged
security [15]. Therefore, the security of these systems
is an important issue that requires analysis. The major
emphasis is on highlighting the security vulnerabil-
ity and risks distributed among major portions, like
human-related, network, hardware, software, and in-
formation. It is accompanied by finding out the most
and least vulnerable components installed within the
house setting based on types of attack, likelihood, and
risk score [16]. Also, keeping into consideration inter-
nal and external factors, The research would be useful
for manufacturers of home automation devices, com-
ponents, and reviewers and to develop a more secured
smart system based on the risk assessment carried out.
From the end-user and provider perspective, it will be
useful as they know what factors affect smart home
security and make them aware and, in turn, increase
overall security posture [17].
4. Literature Review
Research attempts have been made to analyze vul-
nerabilities in IoT products in a smart home setting,
where security issues are addressed and attack clas-
sifications are identified. Homes are the areas where
secrecy is supposed to be preserved. IoT (Internet of
things) has emerged as a reliable technology to en-
hance the lives in today’s digital homes by offering a
variety of automated, interactive, and convenient ser-
vices. However, maintaining safety and adequate pro-
tection for these necessary IOT offered services are key
problems within a smart home setting [18]. A study by
Bugeja et al. also speaks similarly that IoT services and
devices are becoming widely attractive among smart
homes, including many attempts to raise the standard
of living of individuals. However, the stratified, com-
plex, and web-related complexity for such space raises
additional issues since personal information is obtain-
able, often without the knowledge of the household-
er. However, the privacy and protection need of vital
technical infrastructure plus any important commer-
cial activities turn out to be somewhat distinct from
the demands of the domestic Smart Home commu-
nity, observed Lin & Bergmann [19]. Another study
states that homes are especially vulnerable to malware
and data breaches at the highest degree of smartness.
So, paradoxically, the better digital a house becomes,
the more defenseless you get to be. Recent technolo-
gy professionals speak on how only basic appliances,
e.g., coffee machines, can also be an intruder’s gateway
to the whole house, which provides vulnerable digital
underbelly, which criminals might manipulate. IoT’s
core deployment area is a home, an integrated place,
where many things connect through the Internet.
Hence, according to a study, this fast-technical devel-
opment of IoT poses ample threats [20]. For example,
in what way smart home users can get reliable utilities
to maintain their account and privacy and a way to
operate their houses effectively beneath managed con-
ditions and quite enough confidentiality and prevent
abuse of sensitive information.
The emergence of smart gadgets, which systemat-
ically gathers classified data, becomes evident most-
ly because of the expansion of everyday activities. In
addition to that, a study says that insufficient protec-
tion protocols and specialized outlier analysis mech-
anisms systems are sometimes present [21]. Such a
diverse system renders it susceptible to various threats
like information theft, unknown connection, service
disturbance, power wastage, and unsafe portals. An-
other study states that with a wide range of electron-
ic devices and sensors, smart homes can be installed,
controlled from remote areas, making it impossible
for the average person to uphold safety levels. Since
smart devices are connected to the Internet, the vec-
tors used by attackers are increasing significantly [22].
It also makes it more difficult for forensic analysts to
use the tool and appoint the person. The development
and implementation of complex, linked operating do-
mains, such as intelligent public transport, buildings,
and cities, are on the rise [23]. The complexity of the
threat area of automated homes is increasingly grow-
ing. Many vulnerable bugs got added, setting a stage
for a not so stable dangerous environment.
In a study, the author has attempted to present the
definition of smart home system, the term privacy
and security in perspective of smart home, security,
vulnerabilities area, and existing security initiatives
to counter these security and privacy threats [25].
The diversity of IoT devices has been the most critical
problem to discuss on a high-priority basis. The prod-
uct comes with various networking requirements, and
different app update features often come from differ-
ent manufacturers. A study describes and addresses
the threat that those might influence the organization
classifying them into an external threat as well as in-
ternal in order to address the issue that since home
automation is a section of everyday lives, many folks
wish they can keep a check on his/her residence by just
tapping on mobile but are afraid to risk anonymity or
personal details that may lead to a lack of protection or
even financial loss [26].
A further study says IOT is also perceived as a com-
mon issue area, accompanied by potential approaches
to be implemented through applications of a broad
variety. However, the online security requirements for
essential technical systems and important business ac-
Issue 24. November 2022 | Cardiometry | 403
tivities were somewhat distinct in the smart house of
a traditional setting. The first time IoT was created,
security was just an afterthought [27]. However, this
is no longer appropriate due to the high demand for
IoT devices in consumer homes. Attacks on IoT sys-
tems may occur with or without human intervention,
like the Mirai botnet. Ann effective IoT attack can also
result in significant financial, reputational, and, worse,
life-threatening losses to customers. A study states
that security is crucial to the proper development and
implementation of home automation systems. It also
gives the inhabitants of a home a sense of security and
puts their minds at ease. As it is now, much vulnerabil-
ity exploits the smart home network, but no strong de-
fensive mechanism has yet been developed [28]. One
more recent study states that multi-user smart homes
face particular protection and privacy issues, such as
supporting a wide variety of access control priorities
and handling consumer pressures and disputes. Smart
homes face particular problems in terms of protec-
tion, privacy, and accessibility, as they are multi-user,
multi-device networks, which have an impact on all
individuals in general experience living in the house,
but unfortunately, modern smart homes are not yet
intelligently built for connectivity with and use by sev-
eral users [29]. A similar study shows that risk quanti-
fication for smart homes is difficult because of its di-
verse environment with wired devices, appliances, and
networks. Its design poses multiple safety concerns as
well as vulnerabilities in a suburban neighborhood.
It is, therefore, necessary to control the risks to smart
homes. They also find out that many of the in-store
apps had an extra benefit or rights because of their
ability to behave as a complex system. Furthermore,
after the application has been enabled, complete ac-
cess to the device is given to the Smart App. It states
that only partial access to the device is necessary [30].
A further study states that cybercrime and infor-
mation security challenges are far closer to the real-
ity of wired home environments than has ever been
anticipated. Much of the work initiative focuses on
the protection systems of collaboration and essential
services. Failing to recognize a few out of several del-
icate ties within the system emerges because of smart
equipment wired today and the future. A study depicts
that because of the absence of a safety procedure for
smart components, most of which are easy preys; how-
ever, it is not in the subject’s experience about being
compromised. Considering the significance of protec-
404 | Cardiometry | Issue 24. November 2022
tion among smart devices, a prevention methodolo-
gy based on smart devices and wireless connections
is necessary. Also, while safeguarding against hackers
or network attacks, it is quite often advised that the
device’s original or out-of-box password should not be
used and read the device’s security specifications be-
fore using them for the first time. Another study states
that even if the Internet of Things delivers enormous
benefits, it is prone to various security threats in our
everyday lives. The bulk of vulnerabilities were linked
to the disclosure of data and disruption in businesses.
Cyber-attacks in IoT devices directly affect the risk of
general security. Applying IOT technologies to smart
homes creates both opportunities and security risks.
Homes integrated with the Internet of things smart
homes seem particularly unsafe for a range of security
hazards in and around the house. In case the protec-
tion of the home or device got breached. The securi-
ty, private details, in addition to the protection of the
user, will be at risk.
Necessary steps must be followed to move towards
safer homes and all the more acceptable for living in-
side. Supporting the research with a study that shows
why smart home security is the new challenge is quite
evident. In the current situation, the use of IoT & its
support technologies and strategies for deployment in
a smart home is one of several major fields, wherein a
lot of major corporations like Google, Amazon, etc.,
are spending a quite great deal of money also initiated
work for enhancing security and health at home. A re-
cent study shows that, up to date, the risk analyses of
IoT systems were not all-included. However, in certain
instances, include best-known products or vendors.
Recent tests have shown IoT devices are quite prone
to several cryptographic, system, network and phys-
ical, network attacks. At present, there are no health
standards for IoT devices. Therefore, the consequence
is that safety defects are found during usage, which
ensures IoT health hazards are not well understood
or investigated. Vulnerability checks are conducted to
assess if IoT applications can be abused. It is crucial for
security vulnerabilities experiments to be well-round-
ed across all areas of attack vectors.
5. Research Methodology
The research question identified for this paper is
an addition to the existing research. It adds to more
knowledge about the associated security issues related
to a smart home.
 Q1. Are the current smart home environment
security problems and privacy issues well ad-
dressed?
Q2. Do the smart home system components meet
or fulfill the proposed security standards?
Systematic Literature Review has been carried out
in conjunction with current exploration to address re-
search questions. The intention is to start by phases of
the organizing, implementation, and documentation
of the evaluation to support the execution of the liter-
ature review.
5.1. Selection of Primary Studies
Key findings have been outlined by entering tags
for a particular journal or web search service. Relevant
keywords are chosen along with conditional ‘and’ and
‘or’ operators to help find better results. So, the threads
in the sample were:
(“Smart home” or “Home automation”) AND (“Se-
curity” OR “Cybersecurity”)
5.2. Inclusion and Exclusion Criteria
Studies to be included in this SLR report empirical
findings and could be papers on Smart home security,
privacy and security issues of IoT-based smart home,
challenges implementing smart home. The inclusion
criteria were: English Paper, Paper having relevant
information related to smart home, smart home cy-
bersecurity. The exclusion criteria were: Non-English
paper, a paper that is unclear and duplicate, paper re-
lated to the connection between a smart home and a
smart city.
5.3. Selection Results
The original searches for the selected keyword for
the topic identified 90 articles, conference papers, and
chapters. Upon elimination of redundant findings,
this was limited to 70. From remaining, the articles
left to be read upon applying inclusion/exclusion cri-
teria were 50 with the review, a risk assessment/anal-
ysis is also going to be carried out that will contain
Risk, Vulnerability, Threat vector, Impact, risk score
under which security requirement (Confidentiality,
Integrity, Availability, Authenticity, Authorization)
the risk identified will fall in the defined security re-
quirements needed for the securing functioning of
a smart home are used later during risk assessment
part so that we can group which risks impact which
requirement.
6. Data Interpretation and Analysis
The smart home concept is modeled on conve-
nience by connectivity and the automation of efficien-
cy processes. When homeowners choose the idea of
clever home, they must also be aware of the threats
posed by the clever home as cybercriminals trawl the
Internet and build hacks directed at a clever property.
In response, the desired intelligent homeowner must
take a security measure. Smart home protection will
begin with understanding and take the appropriate
measures to protect your home network’s integrity.
Potential security risks include eavesdropping,
Distributed Denial of Service (DDoS) attack, data
spill, etc. Home automation is also under threat of un-
authorized access.
To fulfill the research question goals, we agreed to
develop a risk evaluation methodology to perform a
risk assessment for crucial components of smart home
systems probably to be the target of attacks. The below
risk evaluation reference table is created based on the
data acquired from an institute risk analysis and man-
agement framework. It is then customized according
to the project need. The scale selected here is a three-
scale factor for the ease of doing risk assessment is
shown in Table 1.
Table 1
Range of risk assessment factors
Risks Score Impact Likelihood
7.5 < Score < = 10 High > 65% - 100%
4 < Score < = 7.5 Medium > 25% - 65%
1 < Score < = 4 Low 0 - 25%
Along with the identified risks and vulnerabil-
ities of the components in Table 2, some factors are
unintentional or say, not technical/network-related,
that also affects smart home security. In Table 3, some
identified factors are listed out, followed by dividing
them into internal, related to the device, and external,
which are non-device related or actions happening
outside a smart home.
Talking about Internal Factors:
Constrained System Resources – It is still a chal-
lenge for IoT device manufacturers to design compre-
hensive security measures within a constraint avail-
able memory.
Failure of Home Device – It is a situation that is
unintentional and can make a device vulnerable to
Issue 24. November 2022 | Cardiometry | 405
Table 2
A risk assessment matrix describing component vulnerabilities/threat vector together with their likelihood, potential risk, risk score,
security objective, and impact
Smart Home Vulnerability/ Potential risks Risk Likelihood Impact Security
Component Threat vectors Score Objective
Hampered
Hardware
RFID Eavesdropping reading user tags and application 7 > 25% - 65% Medium Confidentiality,
requests, encrypt connection Availability
RFID Cloning password, and duplicate secret keys
Smart Lock Handshake key Unauthorized access to home 6.5 > 25% - 65% High Authorization
leakage
Smart Meter Man, in the Discover in house activity occupancy 4 < 0 - 25% Low to Confidentiality
Middle attack detection Medium
Sensors Wormhole Prevent sensors from detecting 5 > 25% - 65% Medium Authenticity,
attack fire and motion, give location integrity
information of the user to the
attacker
Smart Port scanning Leakage of personal information into 3.5 < 0 - 25% Low Confidentiality
Appliances Device hardware hands of attackers,
exploitation Malfunctioning results in fire or
monitoring.
Smart hub Man, in the Full access to central and peripheral 5 > 25% - 65% Medium Confidentiality,
middle attack devices, creation of SSH backdoor Authorization
Biometrics Sensor output Captured sample is replayed and 6.5 > 25% - 65% Medium Authenticity
interception falsely accepts by the individual.
Network High Integrity
Wi-Fi Duplicating Smart home devices password 9 > 65% -
access point leakage leading to a cyber-attack. 100%
Replay attack
Telnet Dictionary Credentials could be used to 5.5 > 25% - 65% Medium Authentication
attack connect and use smart devices as a
botnet.
Smart home Denial of User unable to use the home 8 > 65% - High Availability
server Service attack network service 100%
WSN Eavesdropping Access to sensitive information 3.5 < 0 - 25% Low Confidentiality
flowing between two devices
Gateway Inadequate Impersonation of the device 5.5 > 25% - 65% Medium Integrity
physical security can happen by using just its
compromised certificate,
Home network under attack
Software
Firmware Malicious code Alter, demolish information, permit 6.5 > 25% - 65% Medium Authorization
attack unauthorized access

Mobile Design flaw Leakage of hardcoded passwords 8 > 65% - High Authentication
Application Malicious code 100%
injection
API SQL injection A device can be made to pretend 7 > 25% - 65% Medium Availability
attack to perform correctly using its leaked
DOS attack credentials, device data leakage
Device Outdated Can create a smart device to behave 4 0 - 25% Low Authorization
software software inappropriately
Weak
credentials
Information
Cloud server Large amount Affects performance of IoT 3.5 0 - 25% Low Integrity,
of information Availability
received

406 | Cardiometry | Issue 24. November 2022

 Smart Home Vulnerability/ Potential risks Risk Likelihood Impact Security
Component Threat vectors Score Objective
Hampered
Denial of service Information collected by devices 6 > 25% - 65% Medium Availability
attack
Lack or absence Inadequate authentication, 4 0 - 25% Low Confidentiality
of access control Inadequate access control
policy
Human
User Account Weak Password Complete compromise of device and 9.5 > 65% - High Authorization,
management user account 100% Authenticity
Home Inexperienced Various degree of social engineering 8 > 65% - Medium Availability
security end users attacks 100%

NOTE: Smart lock is an exception; the impact is high because if attacked, the whole smart home system and users are compro-
mised.

Table 3
Internal and external factors affecting security posture of smart
home system
Internal factors External factors
7. Results and Discussion
Constrained System resourc- Lack of dedicated profes-
es sionals The serious challenges in a smart world are main-
Failure of home devices Moderate intake of quality ly security and privacy. Smart computers/devices are
standards quite vulnerable to attacks, resulting in data loss and
Power and internet malfunc- Time analysis identity breaches.
tion
Due to the lack of security mechanisms in IoT de-
vices, many become soft targets and even without be-
security attack. These happen either because of poor ing in victim’s knowledge of getting infected. We made
design flow or software failure. an effort in this paper to deliver a Risk evaluation for
Power and Internet Malfunction – A malfunction smart connected home surroundings constructed on
in power can also affect device security. Most IoT de- IoT. Major emphasis is on highlighting the privacy,
vices are low-powered ones; therefore, a surge could security vulnerability, risks distributed among ma-
damage the device. Also, an internet malfunction can jor portions like human-related, network, hardware,
create a barrier between consumers and their connect- software, and information. Issues discussed were in
ed devices. context with security and privacy objective, which is
CIA triad and authorization and authenticity. For risk
External Factors: assessment, a framework created with the help of ref-
Lack of Dedicated Professionals – It is noted that erence form is proposed, in which we have defined
there is a lack of professional assistance in the concept that the expected level of security for any component
or service phases of IoT implementation in the Smart is 60%, which is 6 in our case, as our risk score ranges
Home system. An improvement can greatly reduce se- from 0 to 10, which helped us in finding out which
curity vulnerabilities. are the least and most vulnerable components as risk
Slow Uptake of Standards – This problem is the score above 6 is more vulnerable and below is less vul-
lack of uniform standards and appropriate certifi- nerable. Here, the concept of risk appetite comes into
cates by manufacturers and providers, resulting in the picture, which we have integrated into our study
low-quality products. As a result, security is compro- based on the results are drawn. Coming to the hard-
mised. ware-related vulnerabilities, the least vulnerable are
Time Analysis – It is a side-channel attack that smart appliances, and one more is RFID. In network,
might not be active, but instead just watching and an- less vulnerable is WSN, and more vulnerable is Wi-
alyzing just how much time various computations take Fi. In software, the less vulnerable is Device software,
to perform. This factor is crucial because it happens and the more vulnerable one is Mobile application.
even if the data is encrypted. Coming to information, less vulnerable is cloud server
Issue 24. November 2022 | Cardiometry | 407
and more is data storage, including physical storage in
memory cards, etc. In human-related cases, most of
the security cases occur due to poor password man-
agement. The study helps in carefully addressing the
security issues of each home automation component;
also mentioning which security objective is breached
along with identified external and internal factors that
affect the smart home security. Through the proposed
framework, we learned that most of the components
meet the defined expected level of security. It is be-
cause of design flaws, low memory constraints, het-
erogeneity of sensors, appliances, and networks. It
shows that the proposed method can help the manu-
facturers and providers develop a more secure smart
home environment.
8. Conclusion
The topic of cybersecurity is much more closely
related to the Smart Home Environment than is com-
monly assumed. People have been producing a large
volume of personal data due to the increased use of
smart devices, posing a significant privacy danger,
particularly as this data is stored in small smart devic-
es that are more vulnerable to privacy, mostly achieved
without the user’s understanding. Third parties gath-
er and store any of this data, and in some situations,
this is achieved without the user’s permission. It is also
crucial to consider the data after it has been obtained
from the end-user. The result would remain the same
if the data were stolen from an unreliable machine or
computer. The user was duped into giving more data
than he wanted. The sourced data will be repurposed
or distributed to third parties by the organizations that
collected it. The customer has little influence of it, and
in some cases, no knowledge of it. Every safeguard
taken by the recipient will only restrict the amount of
data gathered. Smart device manufacturers and inter-
face designers must resolve these concerns in order to
ensure adequate protection and privacy.
9. Limitations and Future scope
When we transition into the next generation, more
and more devices will continue to connect. For future
scope in smart home security, we should seek to view
the local network as a whole and create a framework
that can quickly detect the intruder and his actions
during the attack. This paper presents opportunities
for potential research work in this area. There is also
the scope of examination of security of components
408 | Cardiometry | Issue 24. November 2022
with other devices, such as remote access from a far
location and social impact of smart home security.
Artificial intelligence can greatly improve smart home
security and also blockchain.
References
1. Abdur, M., Habib, S., Ali, M., & Ullah, S.
(2017). Security Issues in the Internet of Things (IoT):
A Comprehensive Study. International Journal of Ad-
vanced Computer Science and Applications, 8(6).
2. Alam, T., A. Salem, A., O. Alsharif, A., & M.
Alhejaili, A. (2020). Smart home automation towards
the development of smart cities. Computer Science
and Information Technologies, 1(1), 17–25. https://
doi.org/10.11591/csit.v1i1.p17-25
3. Ali, B., & Awad, A. I. (2018). Cyber and phys-
ical security vulnerability assessment for IoT-based
smart homes. Sensors (Switzerland), 18(3), 1–17.
4. Almusaylim, Z. A., & Zaman, N. (2019). A
review on smart home present state and challenges:
linked to context-awareness Internet of things (IoT).
Wireless Networks, 25(6), 3193–3204.
5. Anthi, E., Williams, L., Slowinska, M., Theo-
dorakopoulos, G., & Burnap, P. (2019). A Supervised
Intrusion Detection System for Smart Home IoT De-
vices. IEEE Internet of Things Journal, 6(5), 9042–9053.
6. Banham, R. (2017). Cyber Scorekeepers. Rm-
magazine. http://www.rmmagazine.com/2017/11/01/
cyber-scorekeepers/
7. Batalla, J. M., Vasilakos, A., & Gajewski, M.
(2017). Secure Smart Homes: Opportunities and chal-
lenges. ACM Computing Surveys, 50(5).
8. Bugeja, J., Jacobsson, A., & Davidsson, P.
(2016). On Privacy and Security in Smart Homes.
2016 European Intelligence and Security Informatics
Conference (EISIC), 172–175.
9. Davis, B. D., Mason, J. C., & Anwar, M. (2020).
Vulnerability Studies and Security Postures of IoT De-
vices: A Smart Home Case Study. IEEE Internet of
Things Journal, 4662(c), 1–1.
10. Desai, D., & Upadhyay, H. (2014). Security and
Privacy Consideration for Internet of Things in Smart
Home Environments. International Journal of Engi-
neering Research and Development, 10(11), 73–83.
11. Doan, T. T., Safavi-Naini, R., Li, S., Avizheh,
S., Muni Venkateswarlu, K., & Fong, P. W. L. (2018).
Towards a resilient smart home. IoT S and P 2018 -
Proceedings of the 2018 Workshop on IoT Security
and Privacy, Part of SIGCOMM 2018, 15–21.
 12. Edu, J. S., Such, J. M., & Suarez-Tangil, G.
(2019). Smart Home Personal Assistants: A Security
and Privacy Review. http://arxiv.org/abs/1903.05593
13. Gadiyar, H. M. T., Thyagaraju, G. S., Bhavya,
T. P., & Ahana, R. (2018). Privacy and Security issues
in IoT-based Smart Home Applications. 6(15), 6–8.
14. J. Sturgess, J. R. C. Nurse, and J. Z. (2018).
Kent Academic Repository Movement. A Capabili-
ty-Oriented Approach to Assessing Privacy Risk in
Smart Home Ecosystems, 47, 459–469. https://kar.
kent.ac.uk/69955/
15. Jacobsson, A., Boldt, M., & Carlsson, B.
(2016). A risk analysis of a smart home automation
system. Future Generation Computer Systems, 56,
719–733.
16. Karimi, K., & Krit, S. (2019). Smart
home-smartphone systems: Threats, security require-
ments and open research challenges. Proceedings of
2019 International Conference of Computer Science
and Renewable Energies, ICCSRE 2019, 1–5.
17. Kavallieratos, G., Chowdhury, N., Katsikas, S.,
Gkioulos, V., & Wolthusen, S. (2019). Threat Analysis
for Smart Homes. Future Internet, 11(10), 207.
18. Lamba, A., Singh, S., Dutta, N., & Muni, S. S.
R. (2019). Uses of Different Cyber Security Service to
Prevent Attack on Smart Home Infrastructure. SSRN
Electronic Journal, 1(11), 5809–5813.
19. Lavanya, N and Malarvizhi, T. (2008). Risk
analysis and management a vital key to effective proj-
ect management. PMI Global Congress Proceedings.
20. Lin, H., & Bergmann, N. W. (2016). IoT pri-
vacy and security challenges for smart home environ-
ments. Information (Switzerland), 7(3).
21. Mantas, G., Lymberopoulos, D., & Komninos,
N. (2010). Security in a smart home environment.
Wireless Technologies for Ambient Assisted Living
and Healthcare: Systems and Applications, 170–191.
https://doi.org/10.4018/978-1-61520-805-0.ch010
22. Nagarkar, S. (2019). Evaluating Privacy and
Security Threats in IoT- based Smart Home Environ-
ment. International Journal of Applied Engineering
Research, 14(7), 75–78.
23. Philomin, S., Singh, A., Ikuesan, A., & Venter,
H. (2020). Digital forensic readiness framework for
smart homes. Proceedings of the 15th International
Conference on Cyber Warfare and Security, ICCWS
2020, 627–636.
24. Ray, A. K., & Bagwari, A. (2018). Study of
smart home communication protocols and securi-
ty & privacy aspects. Proceedings - 7th International
Conference on Communication Systems and Network
Technologies, CSNT 2017, 240–245.
25. Saxena, U., Sodhi, J. S., & Singh, Y. (2017).
Analysis of security attacks in a smart home network.
Proceedings of the 7th International Conference Con-
fluence 2017 on Cloud Computing, Data Science and
Engineering, 431–436.
26. Shouran, Z., Ashari, A., & Kuntoro, T. (2019).
Internet of Things (IoT) of Smart Home: Privacy and
Security. International Journal of Computer Applica-
tions, 182(39), 3–8.
27. Sikder, A. K., Babun, L., Aksu, H., & Ulua-
gac, A. S. (2019). AEGIS: A Context-aware Security
Framework for Smart Home Systems. ACM Interna-
tional Conference Proceeding Series, 28–41.
28. Sovacool, B. K., & Furszyfer Del Rio, D. D.
(2020). Smart home technologies in Europe: A crit-
ical review of concepts, benefits, risks, and policies.
Renewable and Sustainable Energy Reviews, 120(May
2019), 109663.
29. Wongvises, C., Khurat, A., Fall, D., & Kashi-
hara, S. (2017). Fault tree analysis-based risk quanti-
fication of smart homes. Proceeding of 2017 2nd In-
ternational Conference on Information Technology,
INCIT 2017, 2018-Janua, 1–6.
30. Zeng, E., & Roesner, F. (2019). Understand-
ing and improving security and privacy in multi-user
smart homes: A design exploration and in-home user
study. Proceedings of the 28th USENIX Security Sym-
posium, 159–176.
Issue 24. November 2022 | Cardiometry | 409