Purpose: Past research shows that users of smart home devices have privacy concerns. These concerns have been validated from technical re- search that shows smart home devices introduce a lot of privacy risks. However, there is limited research in addressing these concerns and risks. Design/methodology/approach: In this paper, we follow a user- centered design approach to design data-related privacy controls from de- sign requirements backed by literature. We test the design for usability and perceived information control using psychometrically validated scales. For this purpose, we created two variations of the prototype (My- Cam1 with a listing of data-related privacy controls and MyCam2 with three privacy presets) and tested them in a between-subjects experimental setting. Study participants (n=207) were recruited via Mechanical Turk and asked to use the prototype app. An online survey was distributed to the participants to measure some usability and privacy-related constructs. Findings: Findings show that the presented prototype design were usable and met the privacy control needs of users. The prototype design with privacy presets was found to be significantly more usable than the list of privacy controls. Originality: The findings of this article are original and build on the findings presented in our HAISA paper. This paper contributes better and usable designs of privacy controls for smart home applications.

@article{chhetri2022enhancing, author = {Chhetri, Chola and Motti, Vivian G.}, title = {User Centric Privacy Controls for Smart Home}, year = {2022}, issue_date = {Mar 2023}, publisher = {Emerald Publishing}, address = {UK}, volume = {31}, number = {EarlyCite}, url = {https://doi.org/10.1108/ICS-11-2022-0173}, doi = {10.1108/ICS-11-2022-0173}, journal = {Information and Computer Security}, month = {Mar}, articleno = {}, numpages = {20}, keywords = {} }

The widespread adoption of smart home devices (SHD) has increased privacy concerns among users, yet user-friendly controls are lacking. While there is a large body of research focused on understanding privacy concerns and threat models of SHD users, there is limited research so far aimed at informing the development of privacy controls in SHDs. This paper presents the results of 25 interviews focused on characterizing the users’ needs for privacy controls. Through qualitative analysis of interview data, we present 7 design factors and 32 sub-factors for the design of privacy controls in SHDs. The interview findings informed the design of a survey that was deployed to 440 adult SHD users to gain quantitative insights on privacy control requirements and to complement the interview findings. Based on the findings, we discuss a privacy control framework that guides designers towards user-centric privacy controls.

@article{chhetri2022user, author = {Chhetri, Chola and Motti, Vivian G.}, title = {User Centric Privacy Controls for Smart Home}, year = {2022}, issue_date = {November 2022}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {6}, number = {CSCW2}, url = {https://dl.acm.org/doi/10.1145/3555769}, doi = {10.1145/3555769}, journal = {Proc. ACM Hum.-Comput. Interact.}, month = {Nov}, articleno = {349}, numpages = {36}, keywords = {} }

@phdthesis{chhetri2022thesis, author = {Chola Chhetri}, title = {Designing for Privacy in Smart Home Devices: Vulnerabilities, Concerns and User-Centric Privacy Controls}, school = {George Mason University}, type = {{PhD} dissertation}, year = {2022} }

The privacy concerns of home Internet of Things (IoT) device users and experts have been widely studied, but the designs of privacy controls addressing those concerns are sparse. Literature shows a significant body of research uncovering design factors for privacy controls in smart home devices, but fewer studies have translated those design recommendations into design and evaluated the designs. To fill this gap, we designed a prototype user interface implementing the design recommendations of data-related privacy controls based on prior work and evaluated the prototype for user experience, usability, perceived information control, user satisfaction, and intention to use. The results of interviews (n=10) critique the proposed design and the survey results (n=105) show that the prototype design provides positive evaluation for perceived information control, user satisfaction and intention to use. Based on findings, we discuss design recommendations for further improvements. Thus, this paper contributes to the design of data-related privacy controls for user interfaces of home IoT devices and applications.

@incollection{chhetri2022designing, booktitle={IFIP AICT 658}, doi={10.1007/978-3-031-12172-2\_19}, publisher={Springer Nature}, address={Switzerland AG}, title={Designing and Evaluating a Prototype for Data-related Privacy Controls in a Smart Home}, author={Chhetri, Chola and Motti, Vivian Genaro}, editor={Clarke, N. and Furnell, S.}, pages={1--11}, date=2022, year=2022, }

With the proliferation of Internet of Things devices, smart home devices are expected to increase in use. However, experts have raised privacy concerns regarding to these devices. As the body of literature on understanding privacy concerns continues to emerge, we realize the need for a privacy concerns taxonomy to standardize and facilitate common understanding of privacy concerns. To address this gap, we conducted 25 interviews of smart home device users and analyzed their privacy concerns qualitatively. This paper contributes analysis of user privacy concerns from the angle of privacy taxonomy theory. It examines whether privacy concerns could be characterized by Solove’s taxonomy of privacy, which is a well-recognized privacy taxonomy for informational privacy. We further discuss results and their implications.

@inproceedings{chhetri2022mute, title={"I mute my echo when I talk politics": Connecting Smart Home Device Users Concerns to Privacy Harms Taxonomy}, author={Chhetri, Chola and Motti, Vivian}, booktitle={Proceedings of HFES Annual Meeting 2022}, pages={}, year={2022}, organization={Sage} }

Privacy concerns of smart home device (SHD) users have been largely explored but those of non-users are under-explored. Understanding of non-user concerns is essential to inform the design of user-centric privacy-preserving SHDs and facilitate acceptance. To address this gap, we conducted a survey of SHD non-users and analyzed their privacy concerns. We followed a mixed-methods approach to analyze and compare privacy concerns, explore non-use reasons, and provide design suggestions. We make recommendations based on our study findings. This paper contributes to improve privacy controls of SHD considering non-user privacy concerns.

@inproceedings{chhetri2022non-user, title={Privacy Concerns about Smart Home Devices: A Comparative Analysis between Non-Users and Users}, author={Chhetri, Chola and Motti, Vivian}, booktitle={Human Factors in Cybersecurity}, volume={53}, pages={1-9}, year={2022}, organization={AHFE International} }

Smart Home Devices (SHDs) offer convenience that comes at the cost of security and privacy. SHDs can be subject to attacks and they can be used to conduct attacks on businesses or governments providing services to individuals. In this paper, we report vulnerabilities that have been published in research papers in IEEE Xplore digital library and ACM digital library. We followed a systematic approach to search for vulnerabilities in the literature, analyzed them and placed them in common categories. The study resulted in 153 vulnerabilities. The categories are based on the place of occurrence or component of smart home architecture, such as device, protocol, gateway, network, and software architecture. We also identified areas of research and development that have been underexplored in the past and need further efforts. Researchers, developers and users will benefit from this comprehensive analysis and systematic categorization of smart home vulnerabilities.

@inproceedings{DBLP:conf/ncs/ChhetriM20, author = {Chola Chhetri and Vivian Motti}, editor = {Kim{-}Kwang Raymond Choo and Tommy Morris and Gilbert L. Peterson and Eric Imsand}, title = {Identifying Vulnerabilities in Security and Privacy of Smart Home Devices}, booktitle = {National Cyber Summit {(NCS)} Research Track 2020, Huntsville, AL, USA, June 2-4, 2020}, series = {Advances in Intelligent Systems and Computing}, volume = {1271}, pages = {211--231}, publisher = {Springer}, year = {2020}, url = {https://doi.org/10.1007/978-3-030-58703-1\_13}, doi = {10.1007/978-3-030-58703-1\_13}, timestamp = {Fri, 18 Sep 2020 18:35:06 +0200}, biburl = {https://dblp.org/rec/conf/ncs/ChhetriM20.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} }

In today’s world, technology is ubiquitous. Today’s children grow up with a lot of technology, such as phones, gaming systems, tablets and computers. Even ‘things’ are connected to the Internet. Such things include door locks, coffee makers, refrigerators, thermostats, and speakers to name a few. There are more Internet of Things devices than there are people worldwide. Connected things have changed lives of people and the world in a lot of positive ways, but they also come with numerous security and privacy issues. Thus, cybersecurity education has become crucial in providing security awareness, secure behavior and cybersecurity expertise. This paper discusses TWOPD, a novel approach to teaching cybersecurity in a college classroom and evaluates the effectiveness of the proposed approach.

@inproceedings{chhetri2020twopd, title={TWOPD: A Novel Approach to Teaching an Introductory Cybersecurity Course}, author={Chhetri, Chola}, booktitle={National Cyber Summit}, pages={92--99}, year={2020}, organization={Springer} }

The world was hit by the Covid-19 pandemic in the beginning of 2020, which forced many educational institutions to shift their classroom-based or face-to-face courses to remote or online mode. Students, instructors and institutions had little time to prepare for this sudden, unanticipated shift. Students who prefer learning face-to-face with instructor in a classroom are more likely to face challenges in learning remotely. To understand the experiences of such students, the author conducted a pilot survey of students whose face-to-face courses were moved to remote learning. This paper reports on the results of the analysis of participant responses. Participants experienced a mix of benefits and challenges due to the unanticipated move to remote learning. Based on the findings, this paper makes some suggestions on the design of remote learning.

@inproceedings{chhetri2020ilost, title={"I Lost Track of Things": Student Experiences of Remote Learning in the Covid-19 Pandemic}, author={Chhetri, Chola}, booktitle={SIGITE '20: Proceedings of the 21st Annual Conference on Information Technology Education}, pages={314--319}, year={2020}, organization={ACM} }

Privacy controls in smart home devices are largely lacking. To identify what privacy controls users need, we conducted a focus group study with 5 older adults. To understand the study participants’ expectations of privacy controls in smart home devices, we analyzed the responses of the study participants. This paper reports the results of the study, including the design expectations that the study participants have. Participants expected smart home devices that provide privacy controls. In addition to limited sharing of information, the devices should be designed for visibility and anonymity. Lastly, a verification mechanism for privacy controls should be made available.

@inproceedings{chhetri2019identifying, title={Identifying Older Adults’ Expectations of Privacy-Preserving Controls for Smart Home Devices}, author={Chhetri, Chola and Motti, Vivian}, booktitle = {CSCW Workshop on Networked Privacy, “Ubiquitous Privacy: Research and Design for Mobile and IoT Platforms”}, place={TX, USA}, year={2019}, month={Nov}, }

Smart home devices have gained widespread adoption and are expected to grow rapidly in usage. However, they introduce new challenges to the privacy of the user and the security of the smart society. This paper provides an overview of ongoing dissertation research towards understanding the privacy concerns of smart home device (SHD) users and non-users, a comprehensive analysis of vulnerabilities of SHDs, and the development of smart home usable privacy (SHUP) framework.

@inproceedings{Chhetri:2019:TSH:3311957.3361849, author = {Chhetri, Chola}, title = {Towards a Smart Home Usable Privacy Framework}, booktitle = {Conference Companion Publication of the 2019 on Computer Supported Cooperative Work and Social Computing}, series = {CSCW '19}, year = {2019}, isbn = {978-1-4503-6692-2}, location = {Austin, TX, USA}, pages = {43--46}, numpages = {4}, url = {http://doi.acm.org/10.1145/3311957.3361849}, doi = {10.1145/3311957.3361849}, acmid = {3361849}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {framework, smart home privacy, privacy concerns, usable privacy}, }

Smart homes are equipped with an ecosystem of devices that support humans in their everyday activities, ranging from entertainment, lighting and security systems. Although smart devices provide home automation features that are convenient, comfortable, and easy to control, they also pose critical privacy risks for users, especially considering their continuous ability to sense users’ information and connect to web services. To elicit privacy concerns from a user-centric perspective, the authors performed a thorough analysis of 128 online reviews of consumers of smart home hubs – including Amazon Echo, Google Home, Wink and Insteon. The reviews expressed users’ concerns about privacy. The reviews were coded and classified according to four information security principles and temporal dimensions ranging from data collection to information sharing. A discussion on how to improve the design of smart home devices with privacy-enhanced solutions is provided.

@InProceedings{10.1007/978-3-030-15742-5_8, author="Chhetri, Chola and Motti, Vivian Genaro", editor="Taylor, Natalie Greene and Christian-Lamb, Caitlin and Martin, Michelle H. and Nardi, Bonnie", title="Eliciting Privacy Concerns for Smart Home Devices from a User Centered Perspective", booktitle="Information in Contemporary Society", year="2019", publisher="Springer International Publishing", address="Cham", pages="91--101", abstract="Smart homes are equipped with an ecosystem of devices that support humans in their everyday activities, ranging from entertainment, lighting and security systems. Although smart devices provide home automation features that are convenient, comfortable, and easy to control, they also pose critical privacy risks for users, especially considering their continuous ability to sense users' information and connect to web services. To elicit privacy concerns from a user-centric perspective, the authors performed a thorough analysis of 128 online reviews of consumers of smart home hubs -- including Amazon Echo, Google Home, Wink and Insteon. The reviews expressed users' concerns about privacy. The reviews were coded and classified according to four information security principles and temporal dimensions ranging from data collection to information sharing. A discussion on how to improve the design of smart home devices with privacy-enhanced solutions is provided.", isbn="978-3-030-15742-5" }

Legacy paper book passports have problems like forgery and look-alike fraud. In order to overcome these fallacies and to achieve “global interoperability, reliability, durability, and practicality”, International Civil Aviation Organization has mandated its member countries to issue electronic passports, which utilize three technologies, viz., radio frequency identification, biometrics and public key infrastructure. While these technologies help speed the border control process and ease identification of travelers, they also raise new security and privacy risks. By converging scattered information from a dozen scholarly publications on electronic passports, the author analyzes and assesses the benefits and drawbacks of electronic passports in this paper. Such passports need to be strengthened by utilizing authentication, access control and cryptography. Passport deployments need to mitigate the threats discovered by adopting secure implementation techniques. Since the failure to address risks arising from the radio frequency identification chip embedded in passports will put security and privacy of users in jeopardy, countries implementing electronic passports must adopt the best security mechanisms in creating infrastructure and technological domains to support electronic passports.

bib

CAN 07 abstract!

bib

SEARCC 06 abstract.

bib

bib

bib

bib

Abstract.

bib

Abstract.

bib