CHAI: Cyber Hygiene in AI enabled domestic life

Lead Research Organisation: University of Greenwich
Department Name: Computing & Information Systems, FACH

Abstract

Artificial Intelligence (AI) is rapidly becoming part of people's lives at home. Smart speakers, smart thermostats, security cameras with face recognition, and in the near future, brain-computer interfaces and elderly care companion robots can have considerable benefits to energy efficiency, comfort, and even health. However, AI also introduces new cyber security risks, which users are not prepared for. When a user faces a security threat such as receiving a phishing email or visiting a watering hole website, there are often visual and behavioural cues that can raise their suspicion, and there are known cyber hygiene measures they can follow. In contrast, for AI enabled devices, such as those found in a smart home, this is rarely the case, because they are designed to be minimalist and seamless. Also, there are no equivalent cyber hygiene measures for AI security risks to advise users given the emerging nature of this technology.

The aim of CHAI is to help the individual protect themselves against security risks in AI enabled environments. CHAI argues that in AI enabled domestic life, new cyber hygiene measures need supporting by diagnostic tools that allow users to identify security attacks and appropriate training. This will be achieved through the following goals: (i) to identify and demonstrate the novel security breaches introduced by AI in the home; and to assess the social, psychological and neuroscientific factors that may influence an individual's susceptibility in the context of these breaches; (ii) to employ and improve the use of methods already proposed in AI for improving the explainability of AI decisions in order to provide diagnostic information that allows users to identify AI security breaches; (iii) to develop new cyber hygiene measures, i.e. diagnostic and actionable steps that users may take to address a breach, optimised to the user and situation in terms of their cost (in usability, difficulty in implementing, mental effort, and even monetary if needing further software/hardware to be installed) using mathematical techniques; (iv) to co-design a novel cyber hygiene training programme with users of home technology that supports the use of Explainable AI while personalising and optimising the training to match each individual. Empirical research will be carried out in participating households to evaluate the effectiveness of this training approach.

CHAI focuses on the social housing sector, which is introducing several AI initiatives, such as housing management chatbots, building maintenance bots, and smart thermostats to tackle fuel poverty. While these initiatives can result in cost cuts and facilitate property management (e.g. temperature and humidity controllers), residents have no control over these changes and often do not have the digital literacy to respond to security risks and breaches. If an AI system's integrity or availability is breached this could affect the physical privacy of tenants (e.g. life patterns of behaviour), as well as their emotional and physical safety (e.g. temperature, electrical appliances' control). CHAI has chosen to focus on this population because of its heightened vulnerability with respect to security.

With a view to deeply integrating CHAI in real-life settings, we approached leading industrial partners: (i) Gas Tag, AI developers for gas supply smart appliances in social housing, will support the examination of realistic AI applications that are currently in place or expected to be introduced in the near future in the home; (ii) Security awareness training providers, Bob's Business, whose current clients include over 70,000 employees in the UK Government, will co-design cyber hygiene training programmes and webinars; and (iii) Housing technology sector representative, Housing Technology, will help recruit participant households and social housing associations for experiments and offer its dissemination channels in the housing sector.

Planned Impact

CHAI has been designed specifically to prioritise the ``for all'' element in the call's scope, informed by the diverse needs of its three very different industrial partners. Gas Tag, AI developers for gas supply smart appliances in social housing; Bob's Business, security awareness training provider; and Housing Technology, housing technology sector representative. As such, its research outcomes will have significant benefits for society at large, as represented by (i) AI technology developers, who will benefit from the users' increased trust evaluation as a result of optimised choice of explainability measures; (ii) ordinary citizens of all backgrounds, who interact with AI enabled systems in their domestic life. (iii) The UK housing sector, as housing associations are currently rolling out AI technologies at large scale without awareness of the ensuing expansion of the attack surface or of the impact that AI misbehaviour will have on their tenants; and (iv) Academic researchers in the areas of AI, cybersecurity, neuroscience,
psychology and social sciences.

The primary post-project commercialisation avenue that will be pursued will be through the training programme, which will be developed in collaboration with Bob's business, for adoption in future training for users on AI security risks in domestic life. Impact at UK policy level will be pursued through Housing Technology's connections in the UK parliament's Housing, Communities and Local Government Committee. Impact on the AI technology sector will be pursued through adoption of CHAI results in Gas Tag's line of AI products for social housing, to serve as demonstrators of commercial value.

Through the broad dissemination activities throughout the project, the consortium will aim to raise public awareness of the project, ensure UK-wide or even global availability of exploitable results, establish links with other relevant actors and standardisation bodies and ensure a good scientific reputation for the project and a wider user base. We are planning to publish papers in top-ranked international conferences and journals. In addition, CHAI proposes an ambitious networking and community building plan, ranging from global engagement activities, such as a TEDx talk, making available an online game and a card game for the purpose of public engagement with the challenge of AI security. CHAI researchers will also organise several workshops, meetings and conferences related to their role in the project, including public engagements events, 6 webinars, participation in the ``Pint of Science'' world festival with local events in Reading and Greenwich, in 2020 and 2021, as well as a ``Data beers'' London event, and connection with the high technology sector of the ``M4 Corridor'' with 6 networking meetups at Reading. Bristol will run one workshop with a focus on explainable AI's role in security in collaboration with the other projects funded in this Call. Greenwich will organise a conference open to both academics and the public to be held on M35 in Central London, including also talks from the other projects, NCSC and EPSRC, and an AI hackathon session with prizes for the winners and using CHApp as the attack subject. Finally, in-kind contribution generously offered by Housing Technology includes their magazine, conferences and other dissemination channels. CHAI will organise a workshop for AI risks in housing as part of the annual Housing Technology conference, and produce a magazine issue and articles in the newsletter.
 
Description Oral evidence on "Connected tech: smart or sinister?" provided by Professor George Loukas at DMCS Select Committee
Geographic Reach National 
Policy Influence Type Contribution to a national consultation/review
URL https://committees.parliament.uk/event/14671/formal-meeting-oral-evidence-session/
 
Description Written evidence on "Connected tech: smart or sinister?" submitted by Professor George Loukas, Professor Mina Vasalou and Dr Laura Benton
Geographic Reach National 
Policy Influence Type Contribution to a national consultation/review
URL https://committees.parliament.uk/writtenevidence/109459/pdf/
 
Title Squid 
Description This platform hosts a collection of packages and functions in the cloud that support the remote access of home energy management system and its associated explainable AI (XAI) interfaces. It is a part of the CHAI field trial enabling end-users to interact with the underlying AI-based IoT system for smart homes with functions of XAI and cyber attach identification. A comprehensive interactive interfaces and notification pages have been developed, allowing end-users to (i) enter their own schedules for their home energy devices, (ii) to see the actual cost/savings of such changes at real-time, and (iii) to be able to identify any potential cyber attacks to the IoT system or to the devices. 
Type Of Technology Webtool/Application 
Year Produced 2022 
Impact None yet. 
 
Title Squid Helper Tool 
Description This is a diagnostic tool that allows users to self-diagnose attacks on the AI of their Squid application. It is used to guide participants in smart home AI attack experiments. 
Type Of Technology Webtool/Application 
Year Produced 2022 
Impact None yet. This is still used in the experimentation phase. 
 
Description AI security and you 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact This is an invited keynote on AI security and the role of the human, which was part of the Cyber Security Month events of the SAP group, which is the world's third-largest publicly traded software company by revenue. It had close to 2000 attendees, all of which were SAP staff from their different officers across the world.
Year(s) Of Engagement Activity 2023
 
Description Creative Methods For Research in the Home 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Other audiences
Results and Impact Twenty academics from England, Wales and Scotland attended an event organised by UCL at the museum of the home. The purpose was to develop a methodological understanding of research in the home and learn about new cutting edge methods from social sciences, HCI and the humanities. There were presentations on key methods and participants were able to try these out in dedicated sessions. ECR were invited to share their work during a poster session. The event output was a booklet of creative methods for home research available online.
Year(s) Of Engagement Activity 2022
URL https://project-chai.org/?page_id=349
 
Description Cyber Hygiene in AI-enabled domestic life: A smart heating case study experiment 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Postgraduate students
Results and Impact Part of the "Security for all in an AI enabled society" workshop organised by the University of Manchester and involving also representatives from the industry (incl. Microsoft).
Year(s) Of Engagement Activity 2023
 
Description Housing Technology Conference talk "Cyber hygiene in AI-enabled domestic life" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact This was an invited talk at the premier conference for housing technologies (HTC22), where Dr. Etienne Roesch discussed cyber hygiene habits in the context of housing. It led to several enquiries for further discussions, which are currently in progress.
Year(s) Of Engagement Activity 2022
URL https://www.housing-technology.com/wp-content/uploads/HTC22_Conf_Agenda.pdf
 
Description Housing Technology magazine: Series of articles 
Form Of Engagement Activity A magazine, newsletter or online publication
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact The project has committed to be regularly updating the housing sector through magazine articles. These include the following articles up to now: "CYBER HYGIENE IN AI-ENABLED DOMESTIC LIFE" (July 2021) and "Cyber risk management originated from the AI-enabled domestic life" (due March 2022).
Year(s) Of Engagement Activity 2021,2022
 
Description London Tenants Conference 2021 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Public/other audiences
Results and Impact Our team led a workshop at the London Tenant Federation 2021 conference on 'Attaining net-zero in London' focused on the security and privacy of smart energy devices, which was aimed at social housing tenants.
Year(s) Of Engagement Activity 2021
URL https://londontenants.org/wp-content/uploads/2021/11/poster.pdf
 
Description Outreach in cyber security training for social housing 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Public/other audiences
Results and Impact Three workshops (June to September 2022) were run in two London based community centres to support social housing tenants in their understanding of cyber security. These were led by UCL (Professor A. Vasalou) with participation from the University of Greenwich (Dr. Hsueh-Ju Chen).
Year(s) Of Engagement Activity 2022
 
Description TEDx talk "Cyber security and you" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact A talk on the importance and means of user involvement in active cyber protection and how this is addressed in project CHAI. It sparked lively debates after the talk, but also will be released on YouTube in the address provided below. The intended audience was YouTube from the beginning, so the audience numbers are expected to increase considerably in the next months. Still, the talk has already attracted further interest including a talk on the human-as-a-sensor paradigm at NCSC and an invitation at a national conference.
Year(s) Of Engagement Activity 2021
URL https://www.youtube.com/playlist?list=PLdkhPQPrEAbKrQUxlO6dUF4LyNTQB9u5Z