Smart home assistants such as Amazon Alexa and Google Home are primarily used for day-to-day tasks like checking the weather or controlling other IoT devices. Security-sensitive use cases such as online banking and voice-controlled door locks are already available and are expected to become more popular in the future.
However, the current state-of-the-art authentication for smart home assistants consists of users saying low-security PINs aloud, which does not meet the security requirements of security-sensitive tasks. Therefore, we explore the design space for future authentication mechanisms.
We conducted semi-structured interviews with N = 16 Alexa-users incorporating four high-risk scenarios. Using these scenarios, we explored perceived risks, mitigation strategies, and design-aspects to create secure experiences. Among other things, we found that participants are primarily concerned about eavesdropping bystanders, do not trust voice-based PINs, and would prefer trustworthy voice recognition. Our results also suggest that they have context-dependent (location and bystanders) requirements for smart home assistant authentication. Based on our findings, we construct design recommendations to inform the design of future authentication mechanisms.
History
Preferred Citation
Alexander Ponticello, Matthias Fassl and Katharina Krombholz. Exploring Authentication for Security-Sensitive Tasks on Smart Home Voice Assistants. In: Symposium on Usable Privacy and Security (SOUPS). 2021.
Primary Research Area
Empirical and Behavioral Security
Name of Conference
Symposium on Usable Privacy and Security (SOUPS)
Legacy Posted Date
2021-06-10
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3433,
title = "Exploring Authentication for Security-Sensitive Tasks on Smart Home Voice Assistants",
author = "Ponticello, Alexander and Fassl, Matthias and Krombholz, Katharina",
booktitle="{Symposium on Usable Privacy and Security (SOUPS)}",
year="2021",
}