Risk Management in Smart Homes

Page 1 of 36 - Cover Page Submission ID trn:oid:::1:2777834343
Aisha Rehman
dd
Quick Submit
Quick Submit
Instituto Tecnológico Metropolitano
Document Details
Submission ID
trn:oid:::1:2777834343 34 Pages
Submission Date 6,395 Words
Dec 8, 2023, 2:40 PM GMT-5

38,770 Characters
Download Date
Dec 8, 2023, 2:43 PM GMT-5
File Name
RISK_MANAGEMENT_IN_SMART_HOMES_-_Copy.docx
File Size
2.1 MB
Page 1 of 36 - Cover Page Submission ID trn:oid:::1:2777834343

Page 2 of 36 - AI Writing Overview Submission ID trn:oid:::1:2777834343
How much of this submission has been generated by AI?
34%
Caution: Percentage may not indicate academic misconduct. Review required.
It is essential to understand the limitations of AI detection before making decisions

about a student's work. We encourage you to learn more about Turnitin's AI detection
capabilities before using the tool.
of qualifying text in this submission has been determined to be
generated by AI.
Frequently Asked Questions
What does the percentage mean?

The percentage shown in the AI writing detection indicator and in the AI writing report is the amount of qualifying text within the
submission that Turnitin's AI writing detection model determines was generated by AI.
Our testing has found that there is a higher incidence of false positives when the percentage is less than 20. In order to reduce the
likelihood of misinterpretation, the AI indicator will display an asterisk for percentages less than 20 to call attention to the fact that
the score is less reliable.
However, the final decision on whether any misconduct has occurred rests with the reviewer/instructor. They should use the
percentage as a means to start a formative conversation with their student and/or use it to examine the submitted assignment in
greater detail according to their school's policies.
How does Turnitin's indicator address false positives?

Our model only processes qualifying text in the form of long-form writing. Long-form writing means individual sentences contained in paragraphs that make up a
longer piece of written work, such as an essay, a dissertation, or an article, etc. Qualifying text that has been determined to be AI-generated will be highlighted blue
on the submission text.
Non-qualifying text, such as bullet points, annotated bibliographies, etc., will not be processed and can create disparity between the submission highlights and the
percentage shown.
What does 'qualifying text' mean?

Sometimes false positives (incorrectly flagging human-written text as AI-generated), can include lists without a lot of structural variation, text that literally repeats
itself, or text that has been paraphrased without developing new ideas. If our indicator shows a higher amount of AI writing in such text, we advise you to take that
into consideration when looking at the percentage indicated.
In a longer document with a mix of authentic writing and AI generated text, it can be difficult to exactly determine where the AI writing begins and original writing
ends, but our model should give you a reliable guide to start conversations with the submitting student.
Disclaimer
Our AI writing assessment is designed to help educators identify text that might be prepared by a generative AI tool. Our AI writing assessment may not always be accurate (it may misidentify
both human and AI-generated text) so it should not be used as the sole basis for adverse actions against a student. It takes further scrutiny and human judgment in conjunction with an
organization's application of its specific academic policies to determine whether any academic misconduct has occurred.
Page 2 of 36 - AI Writing Overview Submission ID trn:oid:::1:2777834343

Page 3 of 36 - AI Writing Submission Submission ID trn:oid:::1:2777834343
TITLE: RISK MANAGEMENT IN SMART HOMES
MODULE NAME: INFORMATION ASSURANCE
MODULE CODE: 7CS018
NAME: AFOLARIN AKANNI OLADEYISTUDENT
STUDENT NUMBER: 2356586
WORD COUNT: 4563 (EXCLUDING CONTENT PAGE, ABSTRACT AND REFERENCES)

Abstract
The widespread accessibility of smart home technology has completely transformed

how people live in their homes by improving their comfort, safety, and resource
efficiency. These developments, however, present serious cybersecurity threats that
could compromise users' privacy, functioning, and safety. This paper aims to assess
and mitigate risks in these environments, leveraging insights from contemporary
literature to identify potential threats and propose effective security strategies. The
primary objective of this initiative is to identify critical risks linked to a range of smart
home assets, including lighting, security systems, and thermostats. The research
reviews recent literature to determine common risks and threats associated with smart
home environments. Key aspects such as threats, vulnerabilities, and security
measures in these settings are critically analysed. It then proceeds to assess the
potential consequences of these risks and suggests practical options for their
minimisation. The research emphasises the significance of regular software updates,
effective encryption, and strong password policies, among other security measures.
This study offers a practical framework for enhancing the security and privacy of smart
home systems, contributing to the inclusive resilience of these increasingly popular
technologies.
Keywords: Smart Home System, Assets Identification, Risk Assessment, Risk

Management, Strategies, Smart Home Environment.
[1]
TABLE OF CONTENTS
Abstract __________________________________________________________ 1
List of Figures _____________________________________________________ 5
List of Table _______________________________________________________ 5
1. Introduction ____________________________________________________ 6
2. Problem Statement ______________________________________________ 7
3. Related Work ___________________________________________________ 8
4. Smart Home Environment ________________________________________ 8
5. Asset Identification and Classification _____________________________ 12
5.1 Categories of Assets in Smart Homes _____________________________ 12
5.1.1 Security _________________________________________________ 12
5.1.2 Health and Well-Being ______________________________________ 12
5.1.3 Smart Energy _____________________________________________ 12
5.1.4 Audio-visual (A/V) Systems __________________________________ 13
5.1.5 Smart Devices ____________________________________________ 13
5.1.6 Gateways ________________________________________________ 13
5.1.7 Interfaces ________________________________________________ 13
5.2 Methodology for Identifying and Classifying Smart Home Assets_________ 13
5.2.1 Continuous monitoring ______________________________________ 14
5.2.2 User interaction ___________________________________________ 14
5.2.3 Control parameters ________________________________________ 14
5.2.4 State parameters __________________________________________ 15
5.3 Smart Home Components ______________________________________ 17
6. Risks, Vulnerabilities, and Threats Identification ____________________ 18
6.1 User Risk Characteristics _______________________________________ 18
[2]
6.2 Product Risk Characteristics _____________________________________ 18
6.3 Environment Risk Characteristics _________________________________ 18
7. Risk Evaluation ________________________________________________ 20
7.1 Advanced Smart Home Risk Management Framework ________________ 20
7.1.1 Framework Analysis ________________________________________ 20
7.1.2 Integration with ISO 31000 __________________________________ 20
7.2 Industry Standards for Risk Analysis in Smart Homes _________________ 20
7.2.1 Overview of Standards _____________________________________ 20
7.2.2 ISO 27000 Series _________________________________________ 20
7.2.3 ISA/IEC 62443 Standards ___________________________________ 20
7.2.3 NIST Special Publications ___________________________________ 20
7.3 Methodological Approaches in Information Security ___________________ 21
7.3.1 Risk-Based, Security-Based, and Privacy-Based Approaches _______ 21
7.3.2 Common Methodologies ____________________________________ 21
7.3.3 Evolution of Risk Models ____________________________________ 21
7.3.4 The Character of Risk-Based Methods _________________________ 21
7.3.6 Spear vs. Shield Concept ___________________________________ 22
7.4 Integration of Security in Smart Home Design _______________________ 22
7.4.1 STPA for Risk Control ______________________________________ 22
7.4.2 NIST Cybersecurity Principles ________________________________ 23
7.4.3 CISA Cybersecurity Best Practices ____________________________ 23
8. Risk Control Techniques ________________________________________ 23
8.1 Updating the Software _________________________________________ 23
8.2 Utilising Effective Encryption _____________________________________ 23
8.3 Using Private Network _________________________________________ 24
[3]
8.4 Control and Feedback Loop _____________________________________ 24
8.5 Secure and updated Passwords __________________________________ 24
Risk Management Framework for Smart Home _________________________ 26
Risk Matrix for Smart Home Environment ______________________________ 27
9. Conclusion ___________________________________________________ 28
Reference list _____________________________________________________ 29
[4]
List of Figures
Figure 1 Projected global smart home market growth from 2017 to 2027. ________ 6
Figure 2 Smart Home System. Source: (Chakraborty et al., 2023) _____________ 10
Figure 3 Connection between Smart Home Components ____________________ 11
Figure 4 Methodology for Identifying and Classifying Smart Home Assets _______ 14
Figure 5 Smart Home Components. Source: (Wu and Fu, 2012) ______________ 17
Figure 6 Risk Management Framework for Smart Home ____________________ 26
List of Table
Table 1 Overview of Smart Home Assets ________________________________ 16
Table 2 Risk Assessment of Smart Home Systems ________________________ 19
Table 3 Risk Matrix for Smart Home Environment _________________________ 27
[5]
1. Introduction
Recently, the term "smart" has grown to include cutting-edge technologies that display
a certain level of artificial intelligence. The fundamental characteristic of intelligent
technology is the capacity to gather data from its immediate environment and act
appropriately (Marikyan, Papagiannidis, and Alamanos, 2019). Intelligent technology
has emerged as a foundational element of the "smart home" concept because its
ultimate goal is to enhance the well-being of individuals (Arunvivek, Srinath, and
Balamurugan, 2015; Dawid et al., 2016).
Smart homes, which are components of intelligent technology, gain advantages from
the advancement of interconnected services and devices. Functioning on the
principles of artificial intelligence, this technology endeavours to optimise home
administration by employing automation, control, and efficiency (Chakraborty et al.,
2023). The smart home market is anticipated to reach 222.9 billion US dollars in value
by 2027 (Yahoo Finance, 2023), reflecting its accelerated expansion. At first, perceived
as a casual convenience, smart homes have since progressed into providing security,
preference, and efficiency. Therefore, it substantially influences home security
systems and energy consumption (Chakraborty et al., 2023).
Figure 1 Projected global smart home market growth from 2017 to 2027.
Source: Oberlo (2023)
[6]
Using IoT, Smart house Systems (SHSs) could remotely monitor and control house
features. The data collecting, processing, and service delivery stages use sensors,
cameras, and microphones. Security, appliance control, and older comfort and care
are handled using this data (Hammi et al., 2022). Various technologies are utilised in
SHS, such as Wireless Sensor Networks (WSN) for environmental monitoring, Internet
of Things (IoT) for device interconnectivity, Artificial Intelligence (AI) for tasks like
object detection and decision-making, Machine Learning for pattern recognition and
security monitoring (Guo et al., 2019), Deep Learning for automation and healthcare
applications (Dawid et al., 2016), Neural Networks for smart decision-making
(Marikyan, Papagiannidis and Alamanos, 2019), Fuzzy Logic for handling ambiguous
data, GSM for communication via SMS and Bluetooth for short-range data transfer
(Arunvivek, Srinath and Balamurugan, 2015).
Smart technology has changed how we use our houses, making smart homes more
popular. However, this innovation presents several cybersecurity risks. The present
research analyses these risks and proposes a thorough risk management method.
The objective is to offer insights into effectively monitoring, controlling, and mitigating
risks in smart home environments, leveraging the knowledge accumulated in the field
of cybersecurity.
This research paper is structured as follows: Following the Literature Review (II), it
explores the Smart Home Environment (III), then progresses through Asset
Identification and Classification (IV), Risk Assessment Process (V), and a Threat
Mitigation Plan (VI) ending with a complete Conclusion (VIII).
2. Problem Statement
Smart home technology has completely changed the way people live in their homes
by enhancing their comfort, safety, and resource efficiency. However, these
developments pose serious cybersecurity threats, which could compromise user
privacy, functionality, and safety. Cybercriminals threaten smart homes with stringent
security protocols. But the widespread use of new technologies has not bridged the
gap between the need to implement these protocols and the widespread adoption of
new technologies.
[7]
3. Related Work
An analysis of recent academic articles that discuss smart homes and risk
management, is provided in this section.
Due to IoT's rapid development and adoption in SHSs, significant security concerns
have arisen, as these systems are extremely closely interconnected with people's daily
lives. In SHSs, security issues can pose serious threats to the health and safety of
individuals as well as damage to the information assets. The paper explores the
concept and architecture of SHSs, defining them as a hybrid of physical and cyber
platforms based on Information Technology (IT), IoT, and the Internet. SHSs integrate
technologies like AI, cloud computing, edge computing, multimedia processing,
automatic control, and more. This integrated nature demands a more complex
approach to security (Yang and Sun, 2022). Another study by Jacobsson, Boldt and
Carlsson (2016) recognises that smart home automation systems introduce significant
security and user privacy risks. A detailed risk analysis identified 32 risks, including
four severe and 19 moderate risks. The extreme risks are primarily associated with
software components and human behaviour, highlighting the critical nature of these
areas in smart home risk management.
Moreover, while rapidly growing, the smart home industry faces significant privacy
security risks. Traditional risk assessment methods struggle to meet these new
security requirements due to the complexity of systems involving multiple subjects like
user, environment, and smart home products. To address this, the study proposes a
privacy risk assessment method combining system theoretical process analysis
(STPA) with failure mode and effects analysis (FMEA), identifying 35 privacy risk
scenarios. Using this approach, the interaction and control among these subjects is
taken into account, resulting in a comprehensive assessment of privacy risks (Wang
et al., 2022).
4. Smart Home Environment
Smart Home Systems have experienced extraordinary growth over the last decade.
This research has been a success, and researchers are constantly improving it.With
IoT, home appliances and users may now communicate more easily. IoT-based SHSs
[8]
are now the most prevalent. Connecting all devices to the internet allows simultaneous
maintenance of all household equipment (Froiz-Míguez et al., 2018). With IoT-enabled
devices, homeowners can monitor and manage numerous home functions from
anywhere. Smart homes can recognise forms, sounds, and gestures through machine
learning and AI, improving the smart home experience. With powerful CPUs, complex
and processor-intensive smart home systems are possible (Hammi et al., 2022). To
deliver these services, every smart home system is constructed following the
fundamental framework illustrated in the Figure below (Chakraborty et al., 2023). The
procedure consists of the subsequent three phases:
(i) Information gathering through sensors, cameras, microphones, and

additional household appliances
(ii) Utilising the primary processing device to store and process the gathered
data
[9]
(iii) Producing outcomes and providing services following the processed data
Figure 2 Smart Home System. Source: (Chakraborty et al., 2023)
One of the most significant aspects of home automation systems is how simple it is to
monitor and operate from various devices, such as a smartphone, computer, tablet,
smartwatch, or voice assistant. There is a long list of advantages to installing a home
automation system, including increased security with the help of automated door locks,
better situational awareness with the help of surveillance cameras, greater comfort
with the support of climate control, more efficient use of time, and lower utility costs
(Stolojescu-Crisan, Crisan and Butunoi, 2021).
In the past decade, several IoT-based home automation solutions have been
presented by academic researchers. There are a variety of technologies utilised in
wireless home automation systems, and they all have advantages and disadvantages.
[10]
Bluetooth-based automation (Puri and Nayyar, 2016; Asadullah and Ullah, 2017;
Shinde et al., 2017) is one example; it is cheap, quick, and simple to set up but only
works over short distances. GSM and ZigBee are frequently used wireless
technologies as well. With a mobile package from a local service provider, GSM allows
for long-distance communication. The Zigbee (Baraka et al., 2013; Izquierdo, Santa
and Gomez-Skarmeta, 2010; Froiz-Míguez et al., 2018; Han and Lim, 2010) standard
for wireless mesh networks is intended for use in wireless control and monitoring
applications using battery-operated devices because of its cheap cost and low power
consumption. However, it requires frequent repairs, has a slow data transfer rate, and
has unstable connections. For example, Wi-Fi technology is used in research (Vivek
and Sunil, 2015; Huang and Tseng, 2016; Ahsan, 2019; Singh and Ansari, 2019;
Davidovic and Labus, 2016).
The connections between smart home administration system components are

illustrated in the Figure. In contrast to conventional homes, smart homes embody the
integration of energy-efficient appliances and offer instantaneous access to energy
consumption data through a network of sensors and processors. As cited in Balta-
Ozkan, Amerighi and Boteler (2014), Oksman and Egan (2010) indicate this. Smart
homes, as Balta-Ozkan et al. (2013) elaborate, increase the visibility of energy and
cost data, for instance, using interactive displays that enable occupants to monitor and
control energy consumption actively.
Figure 3 Connection between Smart Home Components
[11]
5. Asset Identification and Classification
5.1 Categories of Assets in Smart Homes
In the realm of smart homes, the assets and technologies involved can be categorised
into several distinct sectors, each playing a unique role in enhancing the functionality
and convenience of a home:
5.1.1 Security: This sector includes technologies

that enhance home security, such as smart locks,
surveillance cameras, and alarm systems. These
devices often integrate with other smart home
systems to provide a complete security solution
(Mocrii, Chen and Musilek, 2018). Examples: Pre-
crime cameras, Drainware, Laser microphones,
Rudder, and Driver's Little Helper (Ghanchi, 2021).
5.1.2 Health and Well-Being: Health and well-

being are increasingly being monitored and
improved with smart home technology. It includes
devices for monitoring vital signs and sleep patterns
as well as advanced systems for medical diagnosis
and routine monitoring at home (Ghayvat et al.,
2019). A few examples are Smart Pill Dispensers,
Health Monitoring Systems, Medical Robots, and
Sleep Technology (Phyxter Home Services, 2020).
5.1.3 Smart Energy: Energy-efficient technologies,

such as smart thermostats and lighting systems, fall
under this category. These devices can reduce energy
consumption and lower utility bills (Ford, 2017). For
example, smart home hubs, controllers, thermostats,
lighting, and switches.
[12]
5.1.4 Audio-visual (A/V) Systems: A/V and smart-

home theatre systems using touchscreens and voice
commands fall under this sector. In addition to smart
speakers and televisions, other connected devices can
be integrated into these systems, providing enhanced
entertainment experiences (Yuan et al., 2015).
5.1.5 Smart Devices: There are a number of gadgets and

appliances that make up a smart home ecosystem, such as
smart refrigerators, smart ovens, smart washing machines, and
smart toilets (Sovacool and Furszyfer Del Rio, 2020).
5.1.6 Gateways: The smart home network passes information between these
devices, which are often the main control points (Yan et al., 2020).
5.1.7 Interfaces: Various user interfaces and platforms are used to interact with
smart home systems, such as mobile apps and voice-controlled assistants (Sharif and
Tenbergen, 2020).
5.1.8 Servers: In smart homes, servers are typically cloud-based platforms that
process and store data from various smart devices, enabling remote access and
control (Mocrii, Chen, and Musilek, 2018).
5.2 Methodology for Identifying and Classifying Smart Home Assets
Considering the study's objectives, the suggested categorisation is acceptable.

Although this is not an exhaustive list, other categorisation criteria might also be
applicable.The following categories have been established for use in the proposed
technique.
[13]
Continuous User Control State

monitoring interaction parameters parameters
Figure 4 Methodology for Identifying and Classifying Smart Home Assets
5.2.1 Continuous monitoring: This category comprises all the data consistently
monitored while the appliances are operational. Certain data are transmitted routinely
to the utilities without being observable by the user. Conversely, user interfaces may
always display other data. They primarily comprise data on the consumption of
resources (e.g., water, energy, etc.) and are utilised for utility and customer-facing
services (Peter Michael Hart, 2011).
5.2.2 User interaction: It encompasses all content pertaining to the consumer and
product interaction. In general, statistical analysis is employed to aggregate data to
identify critical user profiles or recurring patterns of occurrence (e.g., incorrect actions,
selected options, and so forth). Manufacturers utilise them primarily for customer
service and marketing analysis investigations. Information is transmitted as needed
(Yu, Ouyang and Wang, 2022).
5.2.3 Control parameters: This category contains all information gathered to

monitor the security of the device or the user. Therefore, it primarily pertains to the
operational parameters of the device. By studying them and comparing them to the
objective parameters, it is possible to forecast a hypothetical problem or identify
[14]
hazardous conditions (Taiwo and Ezugwu, 2021). Typically, they are transferred to
service providers or organisations upon fulfilling a predetermined threshold.
5.2.4 State parameters: They pertain to data concerning the device's condition or a
specific pre-existing scenario that is retrieved before the execution of the remote
control. The system employs such information for remote control and device state
control (Altujjar and Mokhtar, 2018).
[15]
Smart Home Asset Continuous Monitoring User Interaction Control Parameters State Parameters
Security Systems (e.g., cameras, Yes (24/7 surveillance) Via app or voice Arm/disarm, sensitivity Operational status,
alarms) commands settings, alert recent activity
configurations
Smart Thermostats Yes (temperature, Via app, voice, or Temperature set points, Current temperature,
humidity) manual controls schedules, modes humidity levels,
(home/away) system status
Smart Lighting Optional (usage patterns) Via app, voice, Brightness, colour, Light status, energy
switches on/off, schedules consumption
Smart Locks Yes (access logs) Via app, keypad, voice Lock/unlock, access Lock status, battery
codes, guest access level, access history
Health Monitoring Devices (e.g., Yes (vital signs, activity) Through the device Alerts, thresholds for Heart rate, blood
wearables, medical monitors) interface or app vital signs pressure, activity
levels
Smart Appliances (e.g., Yes (operational status, Via app or physical Temperature settings, Current operation,
refrigerators, ovens) usage) controls timers, modes maintenance alerts
Energy Management Systems Yes (energy consumption) Via app or control Energy saving settings, Real-time energy
panel usage limits usage, historical data
Entertainment Systems (e.g., smart Optional (media Remote, app, voice Volume, channels, Current playback,
TVs, speakers) consumption) content selection volume level
Table 1 Overview of Smart Home Assets

5.3 Smart Home Components
The components of a smart home are both wired and wireless networks. A wide variety
of protocols and communication media are in use. In a smart home environment,
communication among smart home objects is possible through various transmission
media, including phone lines, radio communications, and wired connections. The
diagram illustrates a smart home network architecture, differentiating between outdoor
and indoor environments. The outdoor environment includes service and content
providers interfacing with core and access networks. The indoor environment
comprises a residential gateway connecting to various home devices like white
appliances, control devices, and user interfaces, all linked to an indoor control network.
This configuration supports multiple interaction methods, including voice, visual,
graphical inputs and physical actuators for device operation.
Figure 5 Smart Home Components. Source: (Wu and Fu, 2012)

6. Risks, Vulnerabilities, and Threats Identification
Smart home privacy threats come from people, goods, and the environment, according
to Miandashti et al. (2020). Product components represent secondary concerns. User
and environmental elements must be addressed when defining risk scenarios. The
hierarchical control framework of the 'user-environment-smart home' evaluates
privacy and security risk features from the user, product, and environment
perspectives to inform risk analysis.
6.1 User Risk Characteristics
Smart home systems are most susceptible to negative effects due to human conduct,
according to Jacobsson, Boldt and Carlsson (2016). User risk includes three factors:
(1) Due to personal preferences or bad recall, some users pick continuous or reversed
numbers as passwords in basic password settings, making it easy to bypass the
identity verification process and giving hackers direct entry into the system. (2)
Because unaware individuals accept online content easily, hackers may steal their
information and property. (3) Private security is poor; these users fail to protect their
private information while using the smart home app service platform, and social
engineering exploits the hints to leak information.
6.2 Product Risk Characteristics
According to Kulik et al. (2022), Smart home systems are at risk from component
failures and poor security control limitations at each level. Theft, damage, and
manipulation of system hardware are somewhat likely yet significant and
straightforward to manage. Unauthorised function changes and data leakage might
result from improper system server setup. Insufficient access control and
accountability procedures may lead to hacking and severe data and property loss.
6.3 Environment Risk Characteristics
One part of the environment's risk characteristics comes from the physical world, while
the other part comes from the virtual world of networks. There are regular incidents of
hostile workers, third-party suppliers, and others breaking authorisation and unlawfully
managing customers' personal information in the actual world. Denial of service,
[18]
phishing, and other forms of network-based assaults are all too common. Users are
the first target of certain assaults, while devices and networks are the initial target of
others (Wang et al., 2023).
Category Risk Factor Description Potential Impact Source

User Risk Weak Users choose Identity theft, Jacobsson
Characteristics Passwords
predictable passwords, unauthorised system et al.
making unauthorised access (2016)
access easier.
Content Trust Users too readily accept Information theft, Jacobsson
Issues online content, leading financial loss et al.
to potential phishing or (2016)
scams.
Poor Privacy Users fail to protect Data leakage, privacy Jacobsson
Practices private information on invasion et al.
smart home platforms. (2016)
Product Risk Component Failure or malfunction of Service disruption, Kulik et al.
Characteristics Failures smart home safety hazards (2022)
components.
Security Inadequate security Unauthorised control, Kulik et al.
Control measures at each level data breaches (2022)
Weaknesses of the smart home
system.
Inadequate Improper configuration Data leakage, system Kulik et al.
Server Setup can lead to unauthorised compromise (2022)
changes and data leaks.
Insufficient Lack of strong access Hacking, Kulik et al.
Access control and unauthorised access (2022)
Control accountability.
Environment Physical Incidents of Privacy violation, Wang et al.
Risk Security unauthorised physical identity theft (2023)
Characteristics Breaches access to personal
information.
Network Denial of service, Service disruption, Wang et al.
Attacks phishing, and other data loss (2023)
network-based attacks.
Table 2 Risk Assessment of Smart Home Systems
[19]
7. Risk Evaluation
7.1 Advanced Smart Home Risk Management Framework
7.1.1 Framework Analysis: Nurse et al. (2016) present an enhanced risk

management framework tailored for smart homes (SHs), expanding the ISO 31000
standard into five phases. Risk identification is emphasised in this framework,
constituting three out of the five phases, highlighting its critical role in the process.
7.1.2 Integration with ISO 31000: Recent work by James (2019) integrates
traditional information security risk analysis with risk management principles from ISO
31000. This hybrid approach not only considers the likelihood and impact of risks but
also introduces the concept of system attractiveness, assessing how appealing a
compromised system might be to potential attackers.
7.2 Industry Standards for Risk Analysis in Smart Homes
7.2.1 Overview of Standards: An array of industry standards beyond ISO 31000 is

employed for risk analysis in SHs. König et al. (2017) provides an inclusive review of
these standards as they apply to Internet of Things (IoT) systems, focusing on
objectives related to risk, cybersecurity, and privacy.
7.2.2 ISO 27000 Series: The ISO 27000 series compresses a collection of best
practices for information security management, offering guidance on establishing and
maintaining information security protocols.
7.2.3 ISA/IEC 62443 Standards: The ISA/IEC 62443 standards are designed to build
cyber-security robustness within industrial control systems, including those used in
SHs.
7.2.3 NIST Special Publications
 NIST SP800-53: Addresses cyber vulnerabilities, focusing on safeguarding

federal information systems.
 NIST SP800-160: Provides a complete approach to systems security
engineering.
[20]
 NIST SP800-183: Offers insights into the security considerations for networks
of interconnected devices.
7.3 Methodological Approaches in Information Security
7.3.1 Risk-Based, Security-Based, and Privacy-Based Approaches: The field of

information security in SHs is marked by three principal approaches. Ali and Awad
(2018), Park et al. (2019), and Schiefer (2015) concentrate on technological innovation
for risk identification and mitigation. In contrast, risk-based approaches, including
those by Jacobsson et al. (2016), tackle cyber risks completely, focusing on thorough
risk identification and assessment.
7.3.2 Common Methodologies: Standard methodologies such as information

security risk analysis, fuzzy set theory, and fault tree analysis are often implemented,
as detailed by Jacobsson et al. (2016), Li et al. (2018), and Wongvises et al. (2017),
respectively. These methods are unified by their goal to ensure the three fundamental
objectives of system security: confidentiality, integrity, and availability, assessing risks
based on the interplay of assets, vulnerabilities, and threats.
7.3.3 Evolution of Risk Models: These core methodologies have developed

sophisticated models. Jacobsson et al. (2016) utilises a matrix-like risk map to
categorise the analysis into components and subcomponents pertinent to information
systems architecture. Li et al. (2018) enhances their research by incorporating the
grey system theory, which analyses the interrelations among the probability of
occurrence, severity of impact, and detection of system failures.
7.3.4 The Character of Risk-Based Methods: Risk-based methods are generally

semi-qualitative, combining qualitative interview techniques with quantitative
assessments and validation metrics. The degree of sophistication varies, but as
Jacobsson et al. (2016) summarise, such mixed methods are well-suited to address
the diverse and complex nature of smart home environments, marked by
interconnected devices and their interactions.
[21]
7.3.5 Information Security Risk Analysis (ISRA): This method was applied to a
smart home automation system (SHAS), resulting in a comprehensive risk profile. This
method calculated risk values based on the mean probability and consequence
values, categorising risks into low, medium, and high severity classes. The analysis
showed that the average consequences of risks were classified as more severe than
the probability of occurrence, indicating a general agreement among experts about the
potential severity of these risks. Most risks were found in the software-related category
(13), followed by risks in the information, communication, and human categories (5
risks each). The hardware-related threats contained four risks. Notably, the most
severe risks were found in the human category, underscoring the importance of
addressing human factors in smart home security. The study critically analyses the
methodologies employed in SHS security, acknowledging the unique challenges
posed by integrating various technologies. It underlines the importance of contextual
understanding in deploying security measures, as traditional PC solutions may not
directly apply to IoT devices in SHSs.
7.3.6 Spear vs. Shield Concept: The study by Yang and Sun (2022) explores the
balance between offensive tools ("Spear") used by attackers and defensive security
measures ("Shield") in smart home systems (SHSs). The research indicates a need
for enhancement of Intrusion Detection Systems (IDS) to accommodate the unique
context of SHSs better, pointing out the inadequacy of current encryption techniques
for ensuring data privacy within these systems.
7.4 Integration of Security in Smart Home Design: Jacobsson et al. (2016)

emphasise the necessity of embedding security considerations into the architecture of
smart home automation systems from the outset. They argue that risk analysis should
be integral to the design and development process to effectively thwart IoT malware,
control access, and protect privacy.
7.4.1 STPA for Risk Control: Wang et al. (2023) critique Failure Modes and Effects
Analysis (FMEA) for overlooking user and environmental risks in SHSs. They advocate
for using Systems-Theoretic Process Analysis (STPA) to proactively identify hazards,
component flaws, and risky interactions, thereby enhancing privacy and reducing
risks.
[22]
7.4.2 NIST Cybersecurity Principles: The National Institute of Standards and

Technology (NIST) provides cybersecurity principles emphasising practical
information creation and long-term research. NIST's guidelines are informed by federal
mandates, industry needs, and public input, covering areas such as cryptography, risk
management, and identity and access management (NIST, 2016).
7.4.3 CISA Cybersecurity Best Practices: In collaboration with global and national
agencies, the Cybersecurity and Infrastructure Security Agency (CISA) has produced
a cybersecurity best practices handbook. It highlights proactive measures such as
supply chain risk management, secure system design, and operational resilience,
advocating for strategies like zero trust architecture and regular patching of systems
and applications (Security Magazine, 2023).
8. Risk Control Techniques
8.1 Updating the Software
The study by Prakash, Xie and Huang (2023) highlighted that using the most recent
software version is hugely advantageous from a security and cost standpoint. As a
result, the largest software companies have increased the frequency of their update
releases and taken steps to improve their update distribution procedures. However,
end users are urged to follow "Best Practices," which include applying software
updates as soon as they become available. The study discussed that geometric or
exponential distributions characterise the pattern of user update installs for crucial
software like operating systems (OS) and related applications. This implies that
although most users swiftly upgrade their software upon a new release, a portion
prefers to postpone the update installation.
8.2 Utilising Effective Encryption
Another study by Faishal (2020) discussed that in the IoT and Cloud Environment,
encryption techniques for data are implemented in response to Smart Home security
concerns to safeguard the privacy and data of home users. The data encryption
methods utilised on Internet of Things (IoT) components for smart homes adhere to
the OSI model for every IoT layer. The study stated that encryption significantly
[23]
reduces privacy risks and prevents unauthorised access, protecting data from
malicious attacks.
8.3 Using Private Network
In the paper by Baek, Kanampiu, and Kim (2021), a secure network design for the
Internet of Things (IoT) smart home networks is proposed. An IoT server is essential
for managing the network, ensuring it is effectively designed and configured. A protocol
is needed to exchange information between the IoT server and devices and provide
secure communication. The home gateway should monitor all safety aspects of both
inbound and outbound traffic, protecting the network from unauthorised access.
8.4 Control and Feedback Loop
As stated in the study by Wang et al. (2023), to ascertain the security of the smart
home system, it is imperative to examine the control and feedback Loop of the 'user-
environment-smart home' control structure as a whole to identify potentially hazardous
control behaviours.
8.5 Secure and updated Passwords
Wang et al. (2023) highlighted that it is essential to encourage users to change default
credentials to strong, unique ones upon first use of IoT devices. Additionally, regularly
change passwords and avoid using the same password across different devices.
Email addresses should not be used as usernames to prevent phishing.
8.6 Backup Significant Information
Risteska Stojkoska and Trivodaliev (2017) underlined the significance of routinely

backing up data in devices such as healthcare equipment. It is of the greatest
importance to adhere to protocols regarding the secure storage and backup of
sensitive data, whether in physical or digital form.
[24]
8.7 Monitoring the Network
Risteska Stojkoska and Trivodaliev (2017) highlighted the need for careful supervision
of device connections and message transfers in IoT device networks while examining
the need for ongoing monitoring. To find security flaws in IoT devices, they stressed
the necessity of using network monitoring tools like Microsoft Message Analyzer.
[25]
Risk Management Framework for Smart Home
Figure 6 Risk Management Framework for Smart Home

Risk Matrix for Smart Home Environment
Risk Risk
ID Category Smart Home Asset Identified Risk Impact Mitigation Technique Responsible Party Likelihood Impact Priority
Enforce strong password
1 User Risk Smart Locks Weak Passwords High policies IT Security Team High High High
Awareness programs on
2 User Risk Smart Home Platform Content Trust Issues Medium phishing scams User Training Coordinator Medium Medium Medium
Privacy-enhancing
3 User Risk Smart Home Apps Poor Privacy Practices High technologies Data Privacy Officer High High High
Regular maintenance and
4 Product Risk Smart Thermostats Component Failures High quality checks Product Management Team Medium High High
Security Control Frequent security audits and
5 Product Risk Security Systems Weaknesses High updates IT Security Team High High High
Home Network Secure configurations for
6 Product Risk Infrastructure Inadequate Server Setup High server setup IT Infrastructure Team Medium High High
Environment Strengthen physical security
7 Risk Home Network Physical Security Breaches High measures Facility Security Manager Medium High High
Environment Deploy advanced network
8 Risk Home Network Network Attacks High security solutions Network Security Team High High High
Table 3 Risk Matrix for Smart Home Environment

Likelihood: Estimates how probable it is that each risk will occur.
Impact: Assesses the potential severity of the consequences if the risk materialises.
Priority: Combines likelihood and impact to determine the urgency of addressing each risk.
[27]
9. Conclusion
In conclusion, the outcomes of this study provide light on the complicated landscape
of risk management in smart homes, highlighting the challenges posed by IoT
integration. It provides an excellent task of comparing the ease of today's high-tech
solutions with the dangerous circumstances of cyberspace. Reviewing recent
publications assists in identifying existing vulnerabilities and highlights new cyber risks
reinforcing the need for reactive and adaptable defense. The findings are combined
into a series of compact recommendations that promote a holistic approach to security
that includes encryption, regular upgrades, and strict network monitoring.

Reference list
Altujjar, Y. and Mokhtar, H. (2018) Classification of Smart Home Applications'

Requirements for the MAC Layer. International Journal of Engineering and Information
Systems (IJEAIS), 2(5), 13–21.
Arunvivek, J., Srinath, S. and Balamurugan, M.S. (2015) Framework Development in

Home Automation to Provide Control and Security for Home Automated
Devices. Indian Journal of Science and Technology, 8(19).
Asadullah, M. and Ullah, K. (2017) Smart home automation system using Bluetooth
technology. 2017 International Conference on Innovations in Electrical Engineering
and Computational Technologies (ICIEECT).
Baek, J., Kanampiu, M.W. and Kim, C. (2021) A Secure Internet of Things Smart Home
Network: Design and Configuration. Applied Sciences, 11(14), 6280.
Balta-Ozkan, N., Amerighi, O. and Boteler, B. (2014) A Comparison of Consumer

Perceptions Towards Smart Homes in the UK, Germany and Italy: Reflections for
Policy and Future Research. Technology Analysis & Strategic Management, 26(10),
1176–1195.
Baraka, K., Ghobril, M., Malek, S., Kanj, R. and Kayssi, A. (2013) Low Cost
Arduino/Android-Based Energy-Efficient Home Automation System with Smart Task
Scheduling. 2013 Fifth International Conference on Computational Intelligence,
Communication Systems and Networks.
Chakraborty, A., Islam, M., Shahriyar, F., Islam, S., Zaman, H.U. and Hasan, M. (2023)
Smart Home System: a Comprehensive Review. Journal of Electrical and Computer
Engineering, 2023, e7616683.
Davidovic, B. and Labus, A. (2016) A Smart Home System Based on Sensor

Technology. Facta universitatis - series: Electronics and Energetics, 29(3), 451–460.
Dawid, H., Decker, R., Hermann, T., Jahnke, H., Klat, W., König, R. and Stummer, C.
(2016) Management Science in the Era of Smart Consumer products: Challenges and
[29]
Research Perspectives. Central European Journal of Operations Research, 25(1),

203–230.
Faishal, I. (2020) Tugas Keamanan Informasi Smart Home Automation Security

Design Using Data Encryption 1 Smart Home Automation Security Design Using Data
Encryption.
Ford , R. (2017) Categories and Functionality of Smart Home Technology for Energy
Management. Building and Environment, 123, 543–554.
Froiz-Míguez, I., Fernández-Caramés, T., Fraga-Lamas, P. and Castedo, L. (2018)

Design, Implementation and Practical Evaluation of an IoT Home Automation System
for Fog Computing Applications Based on MQTT and ZigBee-WiFi Sensor
Nodes. Sensors, 18(8), 2660.
Ghanchi, J. (2021) Innovative Smart Security Technologies: Most Impressive

Examples. Best Company. Available online: https://bestcompany.com/home-
security/blog/smart-security-technology [Accessed 25 Nov. 2023].
Ghayvat, H., Awais, M., Pandya, S., Ren, H., Akbarzadeh, S., Chandra
Mukhopadhyay, S., Chen, C., Gope, P., Chouhan, A. and Chen, W. (2019) Smart Aging
System: Uncovering the Hidden Wellness Parameter for Well-Being Monitoring and
Anomaly Detection. Sensors, 19(4), 766.
Guo, X., Shen, Z., Zhang, Y. and Wu, T. (2019) Review on the Application of Artificial
Intelligence in Smart Homes. Smart Cities, 2(3), 402–420.
Hammi, B., Zeadally, S., Khatoun, R. and Nebhen, J. (2022) Survey on Smart Homes:
Vulnerabilities, Risks, and Countermeasures. Computers & Security, 117, 102677.
Han, D.-M. and Lim, J.-H. (2010) Design and implementation of smart home energy
management systems based on zigbee. IEEE Transactions on Consumer Electronics,
56(3), 1417–1425.
Huang, F.-L. and Tseng, S.-Y. (2016) Predictable smart home system integrated with
heterogeneous network and cloud computing. IEEE Xplore, 2, 649–653.
[30]
Jacobsson, A., Boldt, M. and Carlsson, B. (2016) A Risk Analysis of a Smart Home
Automation System. Future Generation Computer Systems, 56, 719–733.
Kulik, T., Dongol, B., Larsen, P.G., Macedo, H.D., Schneider, S., Tran-Jørgensen,
P.W.V. and Woodcock, J. (2022) A Survey of Practical Formal Methods for
Security. Formal Aspects of Computing, 34(1), 1–39.
Marikyan, D., Papagiannidis, S. and Alamanos, E. (2019) A Systematic Review of the

Smart Home literature: a User Perspective. Technological Forecasting and Social
Change, 138(138), 139–154.
Md. Rakib Ahsan (2019) Implementation of IOT based Smart Security and Home
Automation System. International Journal of Engineering Research and, V8(06).
Miandashti, F.J., Izadi, M., Shirehjini, A.A.N. and Shirmohammadi, S. (2020) An

Empirical Approach to Modeling User-System Interaction Conflicts in Smart
Homes. IEEE Transactions on Human-Machine Systems, 50(6), 573–583.
Mocrii, D., Chen, Y. and Musilek, P. (2018) IoT-based Smart homes: a Review of
System architecture, software, communications, Privacy and Security. Internet of
Things, 1-2, 81–98.
NIST (2016) Cybersecurity. NIST. Available online: https://www.nist.gov/cybersecurity

[Accessed 25 Nov. 2023].
Oberlo (2023) Smart Home Market Size Worldwide (2017–2026) | Oberlo.

www.oberlo.com. Available online: https://www.oberlo.com/statistics/smart-home-
market [Accessed 24 Nov. 2023].
Peter Michael Hart (2011) Continuous asset monitoring on the smart grid. IEEE
Innovative Smart Grid Technologies.
Phyxter Home Services (2020) Stay Healthy at Home: 11 Essential Pieces of Home
Wellness Technology | Phyxter Home Services. Phyxter Home Services. Available
online: https://phyxter.ai/blog/11-best-smart-home-devices-for-a-healthy-home
[Accessed 25 Nov. 2023].
[31]
Prakash, V., Xie, S. and Huang, D. (2023) Software Update Practices on Smart Home
IoT Devices. Available online: https://arxiv.org/pdf/2208.14367.pdf [Accessed 27 Nov.
2023].
Puri, V. and Nayyar, A. (2016) Real Time Smart Home Automation Based on PIC
microcontroller, Bluetooth and Android Technology. 1478–1484.
Risteska Stojkoska, B.L. and Trivodaliev, K.V. (2017) A review of Internet of Things for
smart home: Challenges and solutions. Journal of Cleaner Production, 140(3), 1454–
1464.
Security Magazine (2023) Cybersecurity best practices guide for smart cities released
| Security Magazine. www.securitymagazine.com. Available online:
https://www.securitymagazine.com/articles/99245-cybersecurity-best-practices-
guide-for-smart-cities-released [Accessed 25 Nov. 2023].
Sharif, K. and Tenbergen, B. (2020) Smart Home Voice Assistants: A Literature Survey
of User Privacy and Security Vulnerabilities. Complex Systems Informatics and
Modeling Quarterly, (24), 15–30.
Shinde, A., Kanade, S., Jugale, N., Gurav, A., Vatti, R.A. and Patwardhan, MM (2017)
Smart Home Automation System Using IR, bluetooth, GSM and Android. 2017 Fourth
International Conference on Image Information Processing (ICIIP).
Singh, U. and Ansari, M.A. (2019) Smart Home Automation System Using Internet of
Things. 2019 2nd International Conference on Power Energy, Environment and
Intelligent Control (PEEIC).
Sovacool, B.K. and Furszyfer Del Rio, DD (2020) Smart Home Technologies in
Europe: a Critical Review of concepts, benefits, Risks and Policies. Renewable and
Sustainable Energy Reviews, 120, 109663.
Stolojescu-Crisan, C., Crisan, C. and Butunoi, B.-P. (2021) An IoT-Based Smart Home
Automation System. Sensors, 21(11), 3784.
[32]
Taiwo, O. and Ezugwu, A.E. (2021) Internet of Things-Based Intelligent Smart Home
Control System. Security and Communication Networks, 2021, 1–17.
Vivek, G.V. and Sunil, M.P. (2015) Enabling IOT Services Using WIFI - ZigBee
Gateway for a Home Automation System. IEEE Xplore, 77–80.
Wang, Y., Zhang, R., Zhang, X. and Zhang, Y. (2023) Privacy Risk Assessment of
Smart Home System Based on a STPA–FMEA Method. Sensors, 23(10), 4664.
Wu, C.-L. and Fu, L.-C. (2012) Design and Realisation of a Framework for Human–
System Interaction in Smart Homes. IEEE transactions on systems, man, and
cybernetics, 42(1), 15–31.
Yahoo Finance (2023) United States Smart Homes Market Set to Reach $69.97 Billion
by 2030, Driven by Growing Adoption of Smart Domestic Devices. Yahoo Finance.
Available online: https://finance.yahoo.com/news/united-states-smart-homes-market-
094800318.html [Accessed 24 Nov. 2023].
Yan, W., Wang, Z., Wang, H., Wang, W., Li, J. and Gui, X. (2020) Survey on Recent
Smart Gateways for Smart home: Systems, technologies, and
Challenges. Transactions on Emerging Telecommunications Technologies.
Yang, J. and Sun, L. (2022) A Comprehensive Survey of Security Issues of Smart

Home System: 'Spear' and 'Shields,' Theory and Practice. IEEE Access, 10, 124167–
124192.
Yu, N., Ouyang, Z. and Wang, H. (2022) Study on Smart Home Interface Design
Characteristics considering the Influence of Age Difference: Focusing on
Sliders. Frontiers in Psychology, 13.
Yuan, Z., Bi, T., Muntean, G.-M. and Ghinea, G. (2015) Perceived Synchronisation of
Mulsemedia Services. IEEE Transactions on Multimedia, 17(7), 957–966.
Zamora-Izquierdo, M.A., Santa, J. and Gomez-Skarmeta, A.F. (2010) An Integral and

Networked Home Automation Solution for Indoor Ambient Intelligence. IEEE
Pervasive Computing, 9(4), 66–77.
[33]

Risk Management in Smart Homes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management in Smart Homes

Uploaded by

Copyright:

Available Formats

Page 1 of 36 - Cover Page Submission ID trn:oid:::1:2777834343

Instituto Tecnológico Metropolitano

Submission Date 6,395 Words

Dec 8, 2023, 2:40 PM GMT-5

Dec 8, 2023, 2:43 PM GMT-5

Page 1 of 36 - Cover Page Submission ID trn:oid:::1:2777834343

How much of this submission has been generated by AI?

It is essential to understand the limitations of AI detection before making decisions

Frequently Asked Questions

What does the percentage mean?

How does Turnitin's indicator address false positives?

What does 'qualifying text' mean?

Page 2 of 36 - AI Writing Overview Submission ID trn:oid:::1:2777834343

TITLE: RISK MANAGEMENT IN SMART HOMES

MODULE NAME: INFORMATION ASSURANCE

MODULE CODE: 7CS018

NAME: AFOLARIN AKANNI OLADEYISTUDENT

STUDENT NUMBER: 2356586

WORD COUNT: 4563 (EXCLUDING CONTENT PAGE, ABSTRACT AND REFERENCES)

Page 3 of 36 - AI Writing Submission Submission ID trn:oid:::1:2777834343

The widespread accessibility of smart home technology has completely transformed

Keywords: Smart Home System, Assets Identification, Risk Assessment, Risk

List of Figures _____________________________________________________ 5

List of Table _______________________________________________________ 5

2. Problem Statement ______________________________________________ 7

3. Related Work ___________________________________________________ 8

4. Smart Home Environment ________________________________________ 8

5. Asset Identification and Classification _____________________________ 12

5.1 Categories of Assets in Smart Homes _____________________________ 12

5.1.1 Security _________________________________________________ 12

5.1.2 Health and Well-Being ______________________________________ 12

5.1.3 Smart Energy _____________________________________________ 12

5.1.4 Audio-visual (A/V) Systems __________________________________ 13

5.1.5 Smart Devices ____________________________________________ 13

5.1.6 Gateways ________________________________________________ 13

5.1.7 Interfaces ________________________________________________ 13

5.2 Methodology for Identifying and Classifying Smart Home Assets_________ 13

5.2.1 Continuous monitoring ______________________________________ 14

5.2.2 User interaction ___________________________________________ 14

5.2.3 Control parameters ________________________________________ 14

5.2.4 State parameters __________________________________________ 15

5.3 Smart Home Components ______________________________________ 17

6. Risks, Vulnerabilities, and Threats Identification ____________________ 18

6.1 User Risk Characteristics _______________________________________ 18

6.2 Product Risk Characteristics _____________________________________ 18

6.3 Environment Risk Characteristics _________________________________ 18

7. Risk Evaluation ________________________________________________ 20

7.1 Advanced Smart Home Risk Management Framework ________________ 20

7.1.1 Framework Analysis ________________________________________ 20

7.1.2 Integration with ISO 31000 __________________________________ 20

7.2 Industry Standards for Risk Analysis in Smart Homes _________________ 20

7.2.1 Overview of Standards _____________________________________ 20

7.2.2 ISO 27000 Series _________________________________________ 20

7.2.3 ISA/IEC 62443 Standards ___________________________________ 20

7.2.3 NIST Special Publications ___________________________________ 20

7.3 Methodological Approaches in Information Security ___________________ 21

7.3.1 Risk-Based, Security-Based, and Privacy-Based Approaches _______ 21

7.3.2 Common Methodologies ____________________________________ 21

7.3.3 Evolution of Risk Models ____________________________________ 21

7.3.4 The Character of Risk-Based Methods _________________________ 21

7.3.6 Spear vs. Shield Concept ___________________________________ 22

7.4 Integration of Security in Smart Home Design _______________________ 22

7.4.1 STPA for Risk Control ______________________________________ 22