Security gaps, such as the risk of surveillance, limit the safe use of smart home devices. Ensuring privacy in one's own home network is the focus of the BMBF-funded project "Security Assistance Manager for the Smart Home", or SAM Smart for short. In the future, the interactive security assistant SAM will provide users with information, present cost-effective solutions and actively involve them in their implementation.

More leeway for action with fault-prone equipment

Smart home devices, especially voice assistants, are usually easy to operate and networked in many ways. Some smart products are based on the black box principle. This means that their mode of operation is not visible to private users or is difficult to understand. Especially in the case of quality and security deficiencies, this invisibility makes it difficult to act consciously towards data protection.

Therefore, it is necessary to counteract an acceptance problem against the internet of things (IoT): SAM Smart wants to support consumers in recognising the device security of their products and in increasing it without additional effort. The project intends to bring together technical service companies, smart home administrators and end users to combine new security solutions with AI-based methods of analysis.

Multimodal safety assistance for everyday life

SAM is a security assistant which operates in parallel to regular security checks. Depending on the data protection risk, it should determine, suggest and implement improvements according to individual consent. The customised IT measures can be triggered not only by voice command: An easy-to-use control panel or "privacy dashboard" should provide insights into the current usage data at any time. The use of artificial intelligence enables the anticipatory assessment of security risks, such as conspicuous behaviour or software errors. In addition, a machine learning method - an imitation of human knowledge acquisition based on data - is to be developed to improve sensors in devices with respect to user anonymity.

These and other approaches to raising awareness of data security are created with the help of valuable project partnerships from academia and business. For example, Langlauf Security Automation GmbH contributes its expertise in the area of tool development. nuspace GmbH has already been involved in several projects on the topics of smart home and smart building. It enriches the project with its knowledge of sensor technologies and their embedding in the management of buildings. open.INC GmbH develops data analysis procedures and takes over the simplification of data exchange in the future building operating system. With automITe-Engineering GmbH, experts for IT security and security tests (so-called penetration tests or "pentests") are participating in SAM Smart.

Another aspect of the project is the support of the Universities of Siegen and Lübeck: In Siegen, the research results are to be utilised in projects and dissertations. The University of Lübeck plans to involve the Institute for Medical Informatics more closely in order to promote the safety-conscious handling of patient data. The detailed testing of SAM Smart will take place in a test scenario consisting of penetration tests, whereby the resistance of the individual solutions to external threats will be tested in a specially set up smart home laboratory. Fraunhofer FIT is responsible for the privacy dashboard together with open.INC. In tandem with this, Fraunhofer FIT is undertaking analyses of the knowledge requirements, current security practices, and security needs of selected test households. For the study of the 30 households organised in a Living Lab, the project team can draw on experience from the CheckmyVA project.

Precautionary and retrospective IoT security

The cooperative concept of development and its focus on private consumers make SAM Smart a novel and attractive solution for the growing market. The solutions proposed by SAM are also intended to secure devices that have already been purchased, regardless of the manufacturer. Tied to that is disclosure of any data which smart home structures collect and store from individuals. However, the power to decide on the implementation of measures remains with the users. Criminal attacks on the home network can thus be individually prevented and the awareness of data in households advanced. Beyond private use, it could open up new fields of application like the secure automation of processes in the healthcare system.