Deducing User Presence from Inter-Message Intervals in Home Automation Systems

Part 10: PrivacyInternational audiencePrivacy in Home Automation Systems is a topic of increasing importance, as the number of installed systems constantly grows. In this paper we investigate the ability of an outside observer to link sets of message timestamps together to predict user presence and absence. The question we try to answer is: If attacker Eve has captured 1 hour of traffic from victim Alice’s HAS and knows whether Alice was present at that time, can Eve deduce Alice’s state by capturing another hour of traffic? We apply different statistical tests and show that in certain situations, the attacker can infer the user’s presence state with absolute confidence

Design of an Online Optimisation Tool for Smart Home Heating Control

The performance of model predictive smart home heating control (SHHC) heavily depends on the accuracy of the initial setup for individual building characteristics. Since owners or renters of residential buildings are predominantly not experts, users’ acceptance of SHHC requires ease of use in the setup and minimal user intervention (e.g. only declaration of preferences), but at the same time high reliability of the initial parameter settings and flexibility to handle different preferences. In contrast, the training time of self-learning SHHC (e.g. based on artificial neural networks) to reach a reliable control status could conflict with the users’ request for comfortable heating from the very beginning. Dealing with this trade-off, this paper follows the tradition of design science research and presents a prototype of an online optimisation tool (OOT) for SHHC. The OOT is multi objective (e.g. minimising lifecycle energy (cost) or carbon emissions) under constraints such as thermal comfort. While the OOT is based on a discrete dynamic model, its self-adaptation is accelerated by a database of physically simulated characteristic buildings, which allows parameter setting at the beginning by a similarity measurement. The OOT artefact provides a base for empirically testing advantages of different SHHC design alternatives

On privacy in home automation systems

Home Automation Systems (HASs) are becoming increasingly popular in newly built as well as existing properties. While offering increased living comfort, resource saving features and other commodities, most current commercial systems do not protect sufficiently against passive attacks. In this thesis we investigate privacy aspects of Home Automation Systems. We analyse the threats of eavesdropping and traffic analysis attacks, demonstrating the risks of virtually undetectable privacy violations. By taking aspects of criminal and data protection law into account, we give an interdisciplinary overview of privacy risks and challenges in the context of HASs. We present the first framework to formally model privacy guarantees of Home Automation Systems and apply it to two different dummy traffic generation schemes. In a qualitative and quantitative study of these two algorithms, we show how provable privacy protection can be achieved and how privacy and energy efficiency are interdependent. This allows manufacturers to design and build secure Home Automation Systems which protect the users' privacy and which can be arbitrarily tuned to strike a compromise between privacy protection and energy efficiency.Hausautomationssysteme (HAS) gewinnen sowohl im Bereich der Neubauten als auch bei Bestandsimmobilien stetig an Beliebtheit. Während sie den Wohnkomfort erhöhen, Einsparpotential für Strom und Wasser sowie weitere Vorzüge bieten, schützen aktuelle Systeme nicht ausreichend vor passiven Angriffen. In dieser Arbeit untersuchen wir Aspekte des Datenschutzes von Hausautomationssystemen. Wir betrachten die Gefahr des Abfangens von Daten sowie der Verkehrsanalyse und zeigen die Risiken auf, welche sich durch praktisch unsichtbare Angriffe für Nutzende ergeben. Die Betrachtung straf- und datenschutzrechtlicher Aspekte ermöglicht einen interdisziplinären Überblick über Datenschutzrisiken im Kontext von HAS. Wir stellen das erste Rahmenwerk zur formellen Modellierung von Datenschutzgarantien in Hausautomationssystemen vor und demonstrieren die Anwendung an zwei konkreten Verfahren zur Generierung von Dummy-Verkehr. In einer qualitativen und quantitativen Studie der zwei Algorithmen zeigen wir, wie Datenschutzgarantien erreicht werden können und wie sie mit der Energieeffizienz von HAS zusammenhängen. Dies erlaubt Herstellern die Konzeption und Umsetzung von Hausautomationssystemen, welche die Privatsphäre der Nutzenden schützen und die eine freie Parametrisierung ermöglichen, um einen Kompromiss zwischen Datenschutz und Energieeffizienz zu erreichen