Cocoon: Emotion psychology meets cyber security in IoT smart homes
Lead Research Organisation:
University of Reading
Department Name: Sch of Psychology and Clinical Lang Sci
Abstract
In Cocoon, we interweave innovations in two distinctly different disciplines to understand and improve security of home IoT technology: emotion psychology and cyber security. We produce an understanding of the psychology of IoT users, assess risks in current and future IoT systems, and formulate provisions for the design and integration of user-centric IoT in tomorrow's homes. Home is a safe haven to experience privacy and control, personal autonomy and integrity. IoT technology is expected to merge physical and virtual worlds, creating smart home environments that enhance wellbeing. As the physical and the virtual grow closer, concerns for security, privacy and trust grow in similar measures. Addressing these concerns requires technological dispositions and interventions aligned with the individuals. Our objectives are twofold: 1) To examine the emotional investment of IoT users in the comfort of their home, which will condition their usage technology, drive their reactions when security is breached, and will determine their ability to recover. Large-scale qualitative and quantitative studies, and a four-month experiment conducted in 20 volunteering households will not only yield the first comprehensive theoretical framework of the emotional status of IoT users in cases of both normal usage and when their smart home is compromised, but will also inform the development of a novel intrusion detection system (IDS) by recasting the user as an integral part of the system. 2) To put mainstream off-the- shelf IoT technology to the test, and derive empirical opportunities for creating IDS and data security visualization that are appropriate for given occupants' profiles, based on real-time analytics of data from such a heterogeneous set of technologies. Intrusion experiments in self-contained laboratory environments will permit the examination of the effects in a typical smart home. The IDS will be based on real-time big data stream mining classification techniques tailored for resource-constrained IoT environments.
Planned Impact
See Section "Impact", on page 30-31 of the attached project proposal.
Organisations
Publications
Budimir S
(2020)
Emotions, personality, and psychopathology of cybersecurity breach victims
in Journal of Psychosomatic Research
Budimir S
(2021)
Emotional Reactions to Cybersecurity Breach Situations: Scenario-Based Survey Study.
in Journal of medical Internet research
Dubuc T
(2021)
Mapping the Big Data Landscape: Technologies, Platforms and Paradigms for Real-Time Analytics of Data Streams
in IEEE Access
Heartfield R
(2018)
A taxonomy of cyber-physical threats and impact in the smart home
in Computers & Security
Heartfield R
(2021)
Self-Configurable Cyber-Physical Intrusion Detection for Smart Homes Using Reinforcement Learning
in IEEE Transactions on Information Forensics and Security
Huijts N
(2023)
User experiences with simulated cyber-physical attacks on smart home IoT
in Personal and Ubiquitous Computing
Description | In Cocoon, our interdisciplinary Consortium comprised psychologists, cyber security analysts, network engineers and data scientists. In five Work Packages, we interweaved two innovative approaches in emotion psychology and cyber security, to understand and improve security of home IoT technology, in an attempt to recast the user as an integral part of the entire security system. Our objectives were twofold: 1. To examine the user's emotional investment and their psychology in the context of the smart home, during both periods of normal use and, importantly, in periods when they experienced what they perceived as sporadic attack of their home IoT network. 2. To put mainstream IoT technology to the test, and prototype a network-wide intrusion detection system that leveraged the heterogeneity of protocols and traces of behaviour in the network. We combined several analytical techniques to detect characteristic features in network data. IoT technology is expected to merge physical and virtual worlds, creating smart home environments that enhance wellbeing. As the physical and the virtual worlds grow closer, concerns for security, privacy and trust grow in similar measures. Addressing these concerns requires technological dispositions and interventions aligned with individuals. How do we know what users want, though? How do we know how they feel? How do they feel now, and how they will feel when things go wrong? Can we predict how they will behave then? Can this understanding help us be proactive? Can we identify types of users, who will need different levels of support? These are some of the questions that Cocoon addressed. Of course, there is no textbook or theoretical framework about how IoT users behave that one can use to formulate provisions for a real-world project deploying IoT devices in real homes. A first step for Cocoon has therefore been to approach actual users, potential users and layperson communities. We aimed to go beyond the frameworks typical to market penetration studies, and therefore turned to empirical psychology to investigate the emotional engagement of users with IoT technology, and tried to measure components of their emotional response and their perception of risks of an attack. We interviewed and gathered data from close to 2000 participants. A second step has been the first ever study on the experience of cyber attacks as it happened. Of course, we couldn't really hack anyone, and we instead provided selected households, in the United Kingdom and the Netherlands, with a complete set of IoT devices, comprising a scale, a smart speaker, a set of sensors and actuators, a light bulb, a tablet and the Cocoon node, a router we designed to gather data for our experiment. In the course of 3 months, each household integrated the devices into their daily lives, and we subsequently made it look like the devices had been compromised by remotely making them behave unpredictably. We first aimed to see whether users would notice anything at all, and if they did, how they would react to the devices exhibiting a mind of their own. When the participants were told the aims of the study, they were trained to become active components to the security of their home network. This package of work yielded unique and extremely data about the psychology of users when things go wrong. A third and final step consisted in the design of hardware and software solutions, to enable a network-wide intrusion detection system that is capable of capturing and analysing network data from the very heterogeneous communication protocols employed by the manufacturers of IoT devices. IoT technology is still in its infancy, and lack standards and regulations. Each manufacturer interprets communication protocols in particular way, which yields inconsistencies. As part of this work, we discovered two zero-day exploits, which are undocumented vulnerabilities, in two mainstream IoT devices. We also design a full pipeline of analysis that leverages the heterogeneity of the network data to detect and identify irregular behaviour of devices. |
Exploitation Route | The project's output will comprise explicit tools for stakeholders to characterise the experience of victims of cyber-attack. It will also include technical provisions for the design of network-wide intrusion detection systems. |
Sectors | Digital/Communication/Information Technologies (including Software),Financial Services, and Management Consultancy,Healthcare,Government, Democracy and Justice |
Description | Oral evidence on "Connected tech: smart or sinister?" provided by Professor George Loukas at DMCS Select Committee |
Geographic Reach | National |
Policy Influence Type | Contribution to a national consultation/review |
URL | https://committees.parliament.uk/event/14671/formal-meeting-oral-evidence-session/ |
Description | CERE Symposium on Technology and Emotions |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Other audiences |
Results and Impact | We are organising a whole symposium at the yearly Consortium of European Research on Emotion (CERE), which is an academic event showcasing the latest research on emotion across Europe and beyond. The symposium will gather 5 talks focused on the topic of Emotion and Future & Emerging Technologies. |
Year(s) Of Engagement Activity | 2018 |
URL | http://www.cere-emotionconferences.org/ |
Description | Housing Technology 2017 |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Housing Technology is the main networking even in the sector of technology for the housing sector, including social housing professionals. The event typically gathers about 200-300 people, spanning from lenders to tailored software companies. We announced the launch of the project in a keynote starting one of the two day events. |
Year(s) Of Engagement Activity | 2017 |
URL | https://www.housing-technology.com/iot17_ppts/ |
Description | Housing Technology IoT conference |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | This one-day event was dedicated to the topic of Internet of Things devices, including security, in the housing sector. This event followed from the more general event in March 2017. We were one of the five keynotes. |
Year(s) Of Engagement Activity | 2017 |
URL | https://www.housing-technology.com/ht17brochure/ |
Description | Housing Technology IoT report |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | This report was produced in collaboration with several of the main stakeholders in the housing sector, to provide the sector with information and targeted analysis of the impact of Internet of Things for the sector. In this report, Cocoon produced two full features, reporting various results from the first year of the project. We also contributed to the elaboration of a nation-wide survey of practices. |
Year(s) Of Engagement Activity | 2017 |
URL | https://www.housing-technology.com/iot2017report/ |
Description | Interview by Thomson Reuters, taken up by MSN, Yahoo, Sydney Morning Herald, Malay Mail Online, WA Today and others, including Polish national news report. |
Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Public/other audiences |
Results and Impact | This interview followed a general report about a particular IoT device (Amazon Alexa), which surprised/bothered the general public. |
Year(s) Of Engagement Activity | 2018 |
URL | https://www.reuters.com/video/2018/03/09/alexa-just-wants-to-have-fun?videoId=407543218&videoChannel... |
Description | Talk at the 5th European Conference on Psychological Assessment |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Report on results from the Cocoon scenario study about emotional experiences when being hacked. |
Year(s) Of Engagement Activity | 2019 |
Description | Talk at the Society for Risks Analysis-Benelux |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Policymakers/politicians |
Results and Impact | Talk presenting relevant results of the Cocoon Home Experiment on "Users' perceptions and responses to cyber-physical assaults to IoT devices in the home environment". |
Year(s) Of Engagement Activity | 2019 |