The 18th Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC’07)
INTUISEC: A FRAMEWORK FOR INTUITIVE USER INTERACTION WITH
SMART HOME SECURITY USING MOBILE DEVICES
Dimitris N. Kalofonos
Pervasive Computing Group
Nokia Research Center Cambridge
Cambridge, MA 02142
dimitris.kalofonos@nokia.com
Saad Shakhshir
Computer Science and AI Lab (CSAIL)
Massachusetts Institute of Technology
Cambridge, MA 02142
saads@alum.mit.edu
ABSTRACT
This paper presents IntuiSec, a framework for intuitive user in-
teraction with smart home security using mobile devices. The
design approach of IntuiSec is to introduce a level of indirec-
tion between the user-level intent and the system-level secu-
rity infrastructure. This layer of indirection, implemented by
a collection of distributed middleware and user-level tools, ex-
poses only concepts and real-world metaphors that are intuitive
to non-expert users and translates their intent to the necessary
underlying security settings. The IntuiSec framework presents
the user with intuitive steps for setting up a secure home net-
work, establishing trusted relationships between devices, and
granting temporal, selective access for both home occupants
and visitors to devices within the smart home.
I. INTRODUCTION
As smart homes become part of our daily life [1], [2], so do the
network security threats. One of the main challenges in home
network security is that its users are non-expert consumers,
who have no background nor interest in understanding the rel-
evant technologies. This leads to a growing problem whereby,
no matter how sophisticated are the underlying security pro-
tocols, home networks remain vulnerable because users either
misconfigure or even do not use the security infrastructure at
all.
Recently, attempts have been made to improve the usability
of security. However, many such proposals involve improv-
ing the user interface to better present the security concepts to
the end-user, while still forcing him to interact directly with
low-level security parameters, such as crypto keys and access
control lists (ACL). We believe these attempts are inadequate
as they still directly expose non-expert users to the complicated
underlying security.
In this paper, we present our proposal to address this is-
sue called IntuiSec (Intuitive Security). IntuiSec places mo-
bile phones in the center of user interaction with smart home
security, because they are ubiquitous and personal, they are
reminiscent of ‘remote controls’, and they feature a multitude
of connectivity options, some of which resemble “touch”, a
very intuitive user interaction modality. Rather than making di-
rect interaction with security easier, IntuiSec introduces a level
of indirection between the user-level intent and existing smart
home security infrastructure, which exposes only concepts that
are intuitive to non-expert users and translates their intent to
the necessary security settings. IntuiSec is a comprehensive
framework that guides users to setup secure smart homes and
manage trust and access to their devices. IntuiSec does not in-
tend to design new security mechanisms or protect a household
against the most advanced adversary; instead, it aims at im-
proving real-world security by making it easy for non-experts
to take reasonable measures and use what already exists.
The rest of this paper is organized as follows: Section II.
presents an overview of related work; Section III. describes a
usage scenario that motivated our work; Section IV. gives de-
tails about the system design of IntuiSec; Section V. presents
our example implementation of the framework; finally, Section
VI. gives our conclusions.
II. RELATED WORK
Smart home security involves research from the fields of Hu-
man Computer Interaction with Security (HCI-SEC) and smart
space security. HCI-SEC research examines the security us-
ability of applications and technologies [3] and provides gen-
eral design guidelines [4]. Most of the research in this field
focuses on how to better present the security concepts to the
end-user. Security in smart spaces has also attracted intense
research interest (e.g. [5], [6]), although the focus is not neces-
sarily on usability.
IntuiSec is most related to research on smart space security
usability. In this area, the issue of 802.11 security usability has
attracted a lot of interest both in the industry (e.g. [7], Wi-Fi
Alliance EZ-Setup WG) and in the academia (e.g. [8]). One
approach is to leverage Location Limited Channels (LLC’s) to
setup security associations [9], [10]. Holmstro¨m in [11] uses
the metaphor of a business card to delegate permissions be-
tween individuals. In the area of smart home security [12], the
Universal Plug and Play (UPnP) Forum [13] has created speci-
fications, although the framework’s usability was out-of-scope.
IntuiSec takes a step further compared to the work above, by of-
fering a comprehensive framework that guides non-expert users
from easily setting up their secure smart homes, to intuitively
managing trust and access to their devices and services.
III. MOTIVATING USAGE SCENARIO
Bob and Alex are roommates. They want any new devices they
buy to gain permanent and secure connectivity to their smart
home. At the same time they want to protect their home from
being accessed by non-authorized users. Once their devices are
connected and can all communicate with each other securely,
Bob would like to prevent Alex from accessing services pro-
vided by his devices until he explicitly grants him access. He
could also opt to have his devices grant some default level of
1-4244-1144-0/07/$25.00 c©2007 IEEE