Sicherheitslücken, wie z.B. das Risiko der Überwachung, schränken den sicheren Gebrauch von Smart Home-Geräten ein. Die Privatsphäre im eigenen Heimnetz zu gewährleisten, steht im Fokus des BMBF-geförderten Projekts „SicherheitsAssistenzManager für das Smart Home”, kurz SAM Smart. Der interaktive Sicherheitsassistent SAM soll Nutzer*innen in Zukunft Informationen liefern, kostengünstige Lösungen präsentieren und sie aktiv in die Umsetzung dieser einbeziehen.
More leeway for action with fault-prone equipment
Smart home devices, especially voice assistants, are usually easy to operate and networked in many ways. Some smart products are based on the black box principle. This means that their mode of operation is not visible to private users or is difficult to understand. Especially in the case of quality and security deficiencies, this invisibility makes it difficult to act consciously towards data protection.
Therefore, it is necessary to counteract an acceptance problem against the internet of things (IoT): SAM Smart wants to support consumers in recognising the device security of their products and in increasing it without additional effort. The project intends to bring together technical service companies, smart home administrators and end users to combine new security solutions with AI-based methods of analysis.
Multimodal safety assistance for everyday life
SAM is a security assistant which operates in parallel to regular security checks. Depending on the data protection risk, it should determine, suggest and implement improvements according to individual consent. The customised IT measures can be triggered not only by voice command: An easy-to-use control panel or "privacy dashboard" should provide insights into the current usage data at any time. The use of artificial intelligence enables the anticipatory assessment of security risks, such as conspicuous behaviour or software errors. In addition, a machine learning method - an imitation of human knowledge acquisition based on data - is to be developed to improve sensors in devices with respect to user anonymity.
These and other approaches to raising awareness of data security are created with the help of valuable project partnerships from academia and business. For example, Langlauf Security Automation GmbH contributes its expertise in the area of tool development. nuspace GmbH has already been involved in several projects on the topics of smart home and smart building. It enriches the project with its knowledge of sensor technologies and their embedding in the management of buildings. open.INC GmbH develops data analysis procedures and takes over the simplification of data exchange in the future building operating system. With automITe-Engineering GmbH, experts for IT security and security tests (so-called penetration tests or "pentests") are participating in SAM Smart.
Außerdem setzt das Projekt auf die Unterstützung der Universitäten Siegen und zu Lübeck: In Siegen sollen die Forschungsergebnisse in Projekt- und Abschlussarbeiten verwertet werden. Die Universität zu Lübeck plant eine stärkere Involvierung des Instituts für Medizinische Informatik, um den sicherheitsbewussten Umgang mit Patientendaten zu fördern. Die ausführliche Erprobung von SAM Smart erfolgt in einem Testszenario aus Penetrationstests, wobei die Standfestigkeit der individuellen Lösungen auf externe Bedrohungen in einem eigens aufgesetzten Smart Home-Labor überprüft wird. Dabei ist das Fraunhofer FIT zusammen mit open.INC für das Privacy-Dashboard verantwortlich. Außerdem unternimmt Fraunhofer FIT Analysen des Wissensbedarfs, aktueller Sicherheitspraktiken und der Sicherheitsbedürfnisse von ausgewählten Testhaushalten. Für die Untersuchung der 30 Haushalte, die in einem Living Lab organisiert sind, kann das Projektteam auf Erfahrungen aus dem Projekt CheckmyVA zurückgreifen.
Precautionary and retrospective IoT security
The cooperative concept of development and its focus on private consumers make SAM Smart a novel and attractive solution for the growing market. The solutions proposed by SAM are also intended to secure devices that have already been purchased, regardless of the manufacturer. Tied to that is disclosure of any data which smart home structures collect and store from individuals. However, the power to decide on the implementation of measures remains with the users. Criminal attacks on the home network can thus be individually prevented and the awareness of data in households advanced. Beyond private use, it could open up new fields of application like the secure automation of processes in the healthcare system.