CHAI: Cyber Hygiene in AI enabled domestic life

Artificial Intelligence (AI) is rapidly becoming part of people's lives at home. Smart speakers, smart thermostats, security cameras with face recognition, and in the near future, brain-computer interfaces and elderly care companion robots can have considerable benefits to energy efficiency, comfort, and even health. However, AI also introduces new cyber security risks, which users are not prepared for. When a user faces a security threat such as receiving a phishing email or visiting a watering hole website, there are often visual and behavioural cues that can raise their suspicion, and there are known cyber hygiene measures they can follow. In contrast, for AI enabled devices, such as those found in a smart home, this is rarely the case, because they are designed to be minimalist and seamless. Also, there are no equivalent cyber hygiene measures for AI security risks to advise users given the emerging nature of this technology.

The aim of CHAI is to help the individual protect themselves against security risks in AI enabled environments. CHAI argues that in AI enabled domestic life, new cyber hygiene measures need supporting by diagnostic tools that allow users to identify security attacks and appropriate training. This will be achieved through the following goals: (i) to identify and demonstrate the novel security breaches introduced by AI in the home; and to assess the social, psychological and neuroscientific factors that may influence an individual's susceptibility in the context of these breaches; (ii) to employ and improve the use of methods already proposed in AI for improving the explainability of AI decisions in order to provide diagnostic information that allows users to identify AI security breaches; (iii) to develop new cyber hygiene measures, i.e. diagnostic and actionable steps that users may take to address a breach, optimised to the user and situation in terms of their cost (in usability, difficulty in implementing, mental effort, and even monetary if needing further software/hardware to be installed) using mathematical techniques; (iv) to co-design a novel cyber hygiene training programme with users of home technology that supports the use of Explainable AI while personalising and optimising the training to match each individual. Empirical research will be carried out in participating households to evaluate the effectiveness of this training approach.

CHAI focuses on the social housing sector, which is introducing several AI initiatives, such as housing management chatbots, building maintenance bots, and smart thermostats to tackle fuel poverty. While these initiatives can result in cost cuts and facilitate property management (e.g. temperature and humidity controllers), residents have no control over these changes and often do not have the digital literacy to respond to security risks and breaches. If an AI system's integrity or availability is breached this could affect the physical privacy of tenants (e.g. life patterns of behaviour), as well as their emotional and physical safety (e.g. temperature, electrical appliances' control). CHAI has chosen to focus on this population because of its heightened vulnerability with respect to security.

With a view to deeply integrating CHAI in real-life settings, we approached leading industrial partners: (i) Gas Tag, AI developers for gas supply smart appliances in social housing, will support the examination of realistic AI applications that are currently in place or expected to be introduced in the near future in the home; (ii) Security awareness training providers, Bob's Business, whose current clients include over 70,000 employees in the UK Government, will co-design cyber hygiene training programmes and webinars; and (iii) Housing technology sector representative, Housing Technology, will help recruit participant households and social housing associations for experiments and offer its dissemination channels in the housing sector.

CHAI has been designed specifically to prioritise the ``for all'' element in the call's scope, informed by the diverse needs of its three very different industrial partners. Gas Tag, AI developers for gas supply smart appliances in social housing; Bob's Business, security awareness training provider; and Housing Technology, housing technology sector representative. As such, its research outcomes will have significant benefits for society at large, as represented by (i) AI technology developers, who will benefit from the users' increased trust evaluation as a result of optimised choice of explainability measures; (ii) ordinary citizens of all backgrounds, who interact with AI enabled systems in their domestic life. (iii) The UK housing sector, as housing associations are currently rolling out AI technologies at large scale without awareness of the ensuing expansion of the attack surface or of the impact that AI misbehaviour will have on their tenants; and (iv) Academic researchers in the areas of AI, cybersecurity, neuroscience,
psychology and social sciences.

The primary post-project commercialisation avenue that will be pursued will be through the training programme, which will be developed in collaboration with Bob's business, for adoption in future training for users on AI security risks in domestic life. Impact at UK policy level will be pursued through Housing Technology's connections in the UK parliament's Housing, Communities and Local Government Committee. Impact on the AI technology sector will be pursued through adoption of CHAI results in Gas Tag's line of AI products for social housing, to serve as demonstrators of commercial value.

Through the broad dissemination activities throughout the project, the consortium will aim to raise public awareness of the project, ensure UK-wide or even global availability of exploitable results, establish links with other relevant actors and standardisation bodies and ensure a good scientific reputation for the project and a wider user base. We are planning to publish papers in top-ranked international conferences and journals. In addition, CHAI proposes an ambitious networking and community building plan, ranging from global engagement activities, such as a TEDx talk, making available an online game and a card game for the purpose of public engagement with the challenge of AI security. CHAI researchers will also organise several workshops, meetings and conferences related to their role in the project, including public engagements events, 6 webinars, participation in the ``Pint of Science'' world festival with local events in Reading and Greenwich, in 2020 and 2021, as well as a ``Data beers'' London event, and connection with the high technology sector of the ``M4 Corridor'' with 6 networking meetups at Reading. Bristol will run one workshop with a focus on explainable AI's role in security in collaboration with the other projects funded in this Call. Greenwich will organise a conference open to both academics and the public to be held on M35 in Central London, including also talks from the other projects, NCSC and EPSRC, and an AI hackathon session with prizes for the winners and using CHApp as the attack subject. Finally, in-kind contribution generously offered by Housing Technology includes their magazine, conferences and other dissemination channels. CHAI will organise a workshop for AI risks in housing as part of the annual Housing Technology conference, and produce a magazine issue and articles in the newsletter.