Mazurek Joins National Effort to Build a Secure Smart Home

Published June 12, 2020

Michelle Mazurek, an assistant professor of computer science and core faculty member in the Maryland Cybersecurity Center, will join researchers from six other academic institutions on a national research project to increase the security and privacy of high-tech products used in smart homes.

The five-year program to develop trustworthy devices and systems in the home is funded by a $10 million award from the National Science Foundation (NSF).

The project—Security and Privacy in the Lifecycle of IoT for Consumer Environments (SPLICE)—comes as households expand their reliance on smart products ranging from refrigerators to baby monitors. These devices can share information with each other as well as communicate with services across the internet.

In addition to Mazurek, the SPLICE team includes researchers from Dartmouth College, Johns Hopkins University, Morgan State University, Tufts University, the University of Illinois at Urbana-Champaign and the University of Michigan.

“The technology in the average home today is radically different from even a decade ago and is likely to change even more rapidly in the coming years,” said David Kotz, a professor of computer science at Dartmouth and the lead principal investigator for the project. “Home is a place where people need to feel safe from prying eyes. SPLICE will address the challenges required for the vision of smart homes to be realized safely and successfully.”

The shift toward smart devices and systems in residences—such as houses, apartments, hotels, and assisted-living facilities—offers benefits that include increased energy efficiency and personalized services. Through faulty configuration or poor design, however, these items can also create unsafe conditions and increase risk of harm to people and property. Since many homes are complex environments in which residents, landlords, and guests have different privacy needs, researchers will consider the interests of all property owners and users.

The SPLICE team will develop technology and design principles related to smart homes. Mazurek, a principal investigator on the team, will be involved in developing tools that move away from the failed “notice and consent” model of privacy management, when a consumer is forced to ‘agree’ to an endless list of ‘terms and conditions’ written in legal language in order to gain access to a device or service. Mazurek and her collaborators want to shift the privacy burden away from consumers, who are ill-equipped to manage an increase in the number of devices and decisions.

“We don’t think people who buy smart devices should be asked to make more and more decisions about privacy on those devices,” said Mazurek, who also holds a joint appointment in the University of Maryland Institute for Advanced Computer Studies. “We’re looking at ways to provide tools to consumer advocacy organizations and journalists that will enable them to evaluate the privacy of devices and provide trustworthy information to the general public.”

For example, consumers should know what information is shared between their devices and the corporations that manufacture them, Mazurek said. They should also know how that information is collected, stored, aggregated and sold to data brokers.

“We want to make it easy for consumers to be smart about privacy and make informed decisions about which device to choose, but we also think our tools will motivate companies to make products that respect consumer privacy as well,” Mazurek added.

This new project will build on Mazurek’s previous research into privacy considerations for Android apps and devices and her investigations into how security experts perform their work.

The SPLICE team also plans to:
• Develop the first-ever toolkit to discover, identify, and locate cooperative and non-cooperative smart devices within a home’s wireless network—allowing residents to have a complete understanding of their home’s technological environment; and
• Identify privacy issues in smart homes that must be addressed to advance consumer trust—informing the development of best-practice principles for smart homes.

As the lead institution, Dartmouth organized the program team and will coordinate its research and educational activities. More than half of the principal investigators leading SPLICE are from groups underrepresented in computing.

The research team will develop prototypes that integrate new insights emerging from the project while allowing them to seek feedback from experts and everyday consumers. An advisory council composed of experts from government, industry and academia will provide guidance on current practice and future challenges.

“By working with a diverse group of leaders in the technology sector, we hope to influence the future of smart-home devices from design to disposal,” said Kotz. “This is a win for consumers and for companies who want to make more privacy-respectful choices but feel they cannot do so while remaining competitive in the current market.”

The group will also develop programs for students, junior researchers, and community members with the aim of encouraging more people from underrepresented groups to pursue careers in computing.

“Cybersecurity is one of the most significant economic and national security challenges facing our nation today,” said Nina Amla, lead program director of NSF’s Secure and Trustworthy Cyberspace program. “NSF's investments in foundational research will transform our capacity to secure personal privacy, financial assets, and national interests.”