IoT Hub usable and scalable security for the smart home

IoT Hub logo

The problem worth solving:

With more connected devices coming online in the smart home, homeowners face the Sisyphean task of managing dozens of devices simultaneously, each with a different mode of interaction and each representing a potential security vulnerability. Can we create an IoT ecosystem for the home that is more secure AND easier to manage?

Our solution:

This project focused on finding an effective and scalable way to ensure the security and privacy of consumer IoT devices by off-loading the burden of security from the user onto the manufacturer. Using a resource-full router as a “hub" of the system, we have one location from which to manage every device, and it stores and processes the data it collects from each device in order to facilitate usable security.

house filling up with IoT devices
Clients:

Federal Trade Commission
HCII (Carnegie Mellon University)

Users:

Homeowners
Device manufacturers

My roles:

Research Strategist
UX Designer
Author

Tools & Skills:

Comparative research
Paper prototyping
InVision
Sketch
Adobe Premiere
UX Writing

insecure browsing session

Insights from our research:

Most consumers do not go to their devices to “do security” just as they do not go to their internet settings or web browser settings to “do security.” Studies have shown that the average consumer pays little heed to and dismisses many of the security and privacy warnings presented to them in web browsers without reading them. This problem is exaggerated with IoT products which are already designed to exist in the periphery of our attention - the user is prone to forget about the device’s existence, let alone its security and privacy settings.

Reframing security:

Instead of relying on the consumer to secure their devices, we rely here on device manufacturers to set limitations on the functionality of their products. This idea is known as the Manufacturer’s Usage Description (MUD) by the IETF, and is gaining traction in the IoT community. Therefore, my job was to sketch a prototype of an interface to the Hub which takes advantage of the MUD.

MUD example
Treemap of CA drug trafficking effects

How would you add a device?
How would you troubleshoot a device?
How would you monitor a device’s activity?

After designing a set of screens demonstrating some of the key interactions of the Hub, I put them into Invision to make a testable interactive prototype to test the usability and understandability of the interface's design...

IoT Hub screenflow gif

A summary of our solution:

This hub acts as a centralized device for adding, managing, monitoring, and securing devices in a home. In some ways, this hub is like a network firewall, in that we intend that IoT devices go through our hub rather than connecting directly to the Internet. The hub also facilitates the deployment of IoT devices by offering a common platform and a suite of useful services important for mid- and low-end IoT devices, assists with the rapid deployment and evolution of new kinds of services, and presents new ways of connecting devices together in a seamless manner.

Read our white paper here.

A video demostration of the concept:

This project was submitted to the FTC’s “Home Inspector Challenge” which is a competition aimed at generating new ideas for building more secure home IoT networks. Below is the video demonstrating the functionality of our IoT Hub that was submitted as part of the materials for our entry to the competition.

Lessons learned:

  • It’s important to print your designs at the proper scale, because it’s too easy to get used to your digital playground and start using text that’s too small, for example.

  • Always consider scalability as a heuristic, because things can get very complicated very quickly. In this project, designing for scalability meant allowing users more than one way to organize their device list, including ways to quickly see which devices need their attention without having to scan the entire list for alert badges.

  • Objects in the real world can have the same properties and functions as objects in a programming environment.

Evaluating current solutions:

competitive analysis
In order to find current design paradigms for managing in-home IoT devices, I did a quick competitive analysis of some of the major companies with mobile apps for controlling home IoT devices.

References:

This project was part of the CHIMPS Lab, led by Jason Hong at Carnegie Mellon's Human Computer Interaction Institute. Also helping with this project were Dhruva Kaushal, Aayush Bhutani, and Sheng-Hao Huang.