Alexa, Who Am I Speaking To?: Understanding Users’ Ability to Identify Third-Party Apps on Amazon Alexa

Many Internet of Things devices have voice user interfaces. One of the most popular voice user interfaces is Amazon’s Alexa, which supports more than 50,000 third-party applications (“skills”). We study how Alexa’s integration of these skills may confuse users. Our survey of 237 participants found that users do not understand that skills are often operated by third parties, that they often confuse third-party skills with native Alexa functions, and that they are unaware of the functions that the native Alexa system supports. Surprisingly, users who interact with Alexa more frequently are more likely to conclude that a third-party skill is a native Alexa function. The potential for misunderstanding creates new security and privacy risks: attackers can develop third-party skills that operate without users’ knowledge or masquerade as native Alexa functions. To mitigate this threat, we make design recommendations to help users better distinguish native functionality and third-party skills, including audio and visual indicators of native and third-party contexts, as well as a consistent design standard to help users learn what functions are and are not possible on Alexa.

Download Full-text

Research of long radius technology for implementation of solutions of the Іnternet of things

Connectivity ◽

10.31673/2412-9070.2020.063941 ◽

2020 ◽

Vol 148 (6) ◽

Author(s):

S. A. Zhezhkun ◽

◽

L. B. Veksler ◽

S. M. Brezitsʹkyy ◽

B. O. Tarasyuk

Keyword(s):

Internet Of Things ◽

Third Party ◽

Security And Privacy ◽

The Internet ◽

Daily Lives ◽

Advantages And Disadvantages ◽

Iot Applications ◽

Security Properties ◽

Technical Features ◽

The Internet Of Things

This article focuses on the analysis of promising technologies for long-range traffic transmission for the implementation of the Internet of Things. The result of the review of technical features of technologies, their advantages and disadvantages is given. A comparative analysis was performed. An analysis is made that in the future heterogeneous structures based on the integration of many used radio technologies will play a crucial role in the implementation of fifth generation networks and systems. The Internet of Things (IoT) is heavily affecting our daily lives in many domains, ranging from tiny wearable devices to large industrial systems. Consequently, a wide variety of IoT applications have been developed and deployed using different IoT frameworks. An IoT framework is a set of guiding rules, protocols, and standards which simplify the implementation of IoT applications. The success of these applications mainly depends on the ecosystem characteristics of the IoT framework, with the emphasis on the security mechanisms employed in it, where issues related to security and privacy are pivotal. In this paper, we survey the security of the main IoT frameworks, a total of 8 frameworks are considered. For each framework, we clarify the proposed architecture, the essentials of developing third-party smart apps, the compatible hardware, and the security features. Comparing security architectures shows that the same standards used for securing communications, whereas different methodologies followed for providing other security properties.

Download Full-text

A WSN-Oriented Key Agreement Protocol in Internet of Things

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.401-403.1792 ◽

2013 ◽

Vol 401-403 ◽

pp. 1792-1795 ◽

Cited By ~ 5

Author(s):

Tao Liu ◽

Ya Wen Guan ◽

Yi Qun Yan ◽

Li Liu ◽

Qi Chao Deng

Keyword(s):

Internet Of Things ◽

Trust Management ◽

Key Agreement ◽

Bilinear Pairing ◽

Negotiation Process ◽

Third Party ◽

Security And Privacy ◽

The Internet ◽

Key Agreement Protocol ◽

The Internet Of Things

Aimed to the security and privacy issues which restrict the construction and development of the Internet of Things, a WSN-oriented key agreement protocol in the Internet of Things ( IOT) has been proposed . Trust management was introduced the security mechanism of IOT, the use of bilinear pairing technology, the identity-based key agreement was realized. Using the protocol not only can effectively prevent attacks from outside the network and can recognize the abnormal nodes which were captured or lapsed efficacy. Thus it can reduce communication with abnormal nodes to improve network security, extending the lifetime of the network. The distributed self-organizing key negotiation process without credible third-party management can enhance the survivability of IOT, and the network has a good scalability.

Download Full-text

Culture and Consumer Trust in Online Businesses

Electronic Services ◽

10.4018/978-1-61520-967-5.ch087 ◽

2010 ◽

pp. 1402-1421

Author(s):

Robert Greenberg ◽

Bernard Wong-On-Wing ◽

Gladie Lui

Keyword(s):

Hong Kong ◽

Third Party ◽

Security And Privacy ◽

Consumer Trust ◽

Online Transactions ◽

Trust Formation ◽

Assurance Services ◽

Online Business ◽

Global Nature ◽

Privacy Risks

The importance of consumer trust to the success of online businesses is well documented in the literature. Given the global nature of online transactions, an important question is whether trust and trust formation differ across cultures. This study compared Hong Kong and U.S. consumer trust in online businesses. Specifically, the study examined security and privacy risks related to the purchase of products as well as services. The results show that significant differences exist between consumers from the two countries regarding the perceived level of online business risks and the formation of trust via the transference process. These findings reiterate and underscore the significance of including national culture in studies of trust in e-commerce. The results also have potential implications for online businesses as well as third party certification and assurance services.

Download Full-text

Influencing User’s Behavior Concerning Android Privacy Policy: An Overview

Mobile Information Systems ◽

10.1155/2021/3452700 ◽

2021 ◽

Vol 2021 ◽

pp. 1-19

Author(s):

Ming Di ◽

Shah Nazir ◽

Fucheng Deng

Keyword(s):

User Behavior ◽

Third Party ◽

Security And Privacy ◽

Sensitive Data ◽

Privacy And Security ◽

Android Apps ◽

Search Results ◽

Privacy Risks ◽

Work Done

The wide-ranging implementation of Android applications used in various devices, from smartphones to intelligent television, has made it thought-provoking for developers. The permission granting mechanism is one of the defects imposed by the developers. Such assessing of defects does not allow the user to comprehend the implication of privacy for granting permission. Mobile applications are speedily easily reachable to typical users of mobile. Despite possible applications for improving the affordability, availability, and effectiveness of delivering various services, it handles sensitive data and information. Such data and information carry considerable security and privacy risks. Users are usually unaware of how the data can be managed and used. Reusable resources are available in the form of third-party libraries, which are broadly active in android apps. It provides a diversity of functions that deliver privacy and security concerns. Host applications and third-party libraries are run in the same process and share similar permissions. The current study has presented an overview of the existing approaches, methods, and tools used for influencing user behavior concerning android privacy policy. Various prominent libraries were searched, and their search results were analyzed briefly. The search results were presented in diverse perspectives for showing the details of the work done in the area. This will help researchers to offer new solutions in the area of the research.

Download Full-text

Multi-Tier Stack of Block Chain with Proxy Re-Encryption Method Scheme on the Internet of Things Platform

ACM Transactions on Internet Technology ◽

10.1145/3421508 ◽

2022 ◽

Vol 22 (2) ◽

pp. 1-20

Author(s):

Bharat S. Rawal ◽

Poongodi M. ◽

Gunasekaran Manogaran ◽

Mounir Hamdi

Keyword(s):

Internet Of Things ◽

Smart Grids ◽

Information Storage ◽

Third Party ◽

Security And Privacy ◽

The Internet ◽

Smart Contracts ◽

Block Chain ◽

Encryption Method ◽

The Internet Of Things

Block chain provides an innovative solution to information storage, transaction execution, security, and trust building in an open environment. The block chain is technological progress for cyber security and cryptography, with efficiency-related cases varying in smart grids, smart contracts, over the IoT, etc. The movement to exchange data on a server has massively increased with the introduction of the Internet of Things. Hence, in this research, Splitting of proxy re-encryption method (Split-PRE) has been suggested based on the IoT to improve security and privacy in a private block chain. This study proposes a block chain-based proxy re-encryption program to resolve both the trust and scalability problems and to simplify the transactions. After encryption, the system saves the Internet of Things data in a distributed cloud. The framework offers dynamic, smart contracts between the sensor and the device user without the intervention of a trustworthy third party to exchange the captured IoT data. It uses an efficient proxy re-encryption system, which provides the owner and the person existing in the smart contract to see the data. The experimental outcomes show that the proposed approach enhances the efficiency, security, privacy, and feasibility of the system when compared to other existing methods.

Download Full-text

Internet of Things (IoT): Data Security and Privacy Concerns under the General Data Protection Regulation (GDPR)

10.5121/csit.2021.112324 ◽

2021 ◽

Author(s):

Olumide Babalola

Keyword(s):

Information Security ◽

Internet Of Things ◽

Personal Data ◽

Security And Privacy ◽

Privacy Concerns ◽

General Data Protection Regulation ◽

Multiple Devices ◽

General Data ◽

Privacy Risks ◽

The Eu

Internet of Things (IoT) refers to the seamless communication and interconnectivity of multiple devices within a certain network enabled by sensors and other technologies facilitating unusual processing of personal data for the performance of a certain goal. This article examines the various definitions of the IoT from technical and socio-technical perspectives and goes ahead to describe some practical examples of IoT by demonstrating their functionalities vis a vis the anticipated privacy and information security implications. Predominantly, the article discusses the information security and privacy risks posed by the operationality of IoT as envisaged under the EU GDPR and makes a few recommendations on how to address the risks.

Download Full-text

Culture and Consumer Trust in Online Businesses

Technological Advancement in Developed and Developing Countries - Advances in Global Information Management ◽

10.4018/978-1-60566-920-5.ch008 ◽

2011 ◽

pp. 154-173

Author(s):

Robert Greenberg ◽

Bernard Wong-On-Wing ◽

Gladie Lui

Keyword(s):

Hong Kong ◽

Third Party ◽

Security And Privacy ◽

Consumer Trust ◽

Online Transactions ◽

Trust Formation ◽

Assurance Services ◽

Online Business ◽

Global Nature ◽

Privacy Risks

Download Full-text

Privacy and Security Challenges in the Internet of Things

Encyclopedia of Criminal Activities and the Deep Web ◽

10.4018/978-1-5225-9715-5.ch051 ◽

2020 ◽

pp. 749-762

Author(s):

Fernando Almeida ◽

Justino Lourenço

Keyword(s):

Internet Of Things ◽

Qualitative Study ◽

Security And Privacy ◽

The Internet ◽

Privacy And Security ◽

Security Challenges ◽

Iot Devices ◽

Privacy Risks ◽

The Internet Of Things ◽

Security Of Iot

Internet of things (IoT) is increasingly present in our lives. As a consequence of connecting devices, IoT can make people's lives more convenient and comfortable. However, despite unquestionable benefits offered by IoT, there is still a great deal of concern from users and companies about the security and privacy of their data. In this sense, this study conducts a qualitative study based on three case studies of companies in the IoT field, which aims to characterize how these IoT companies look at the security and privacy challenges posed by IoT. The findings allowed the authors to identify the main challenges faced by IoT companies during the past years, the main privacy risks exposed by IoT devices, and the countermeasures that companies and users can adopt to increase the security of IoT.

Download Full-text

Reflections on U-PriSM 2

International Journal of Mobile Human Computer Interaction ◽

10.4018/ijmhci.2014040106 ◽

2014 ◽

Vol 6 (2) ◽

pp. 73-78

Author(s):

Sonia Chiasson ◽

Heather Crawford ◽

Serge Egelman ◽

Pourang Irani

Keyword(s):

Mobile Devices ◽

User Interfaces ◽

Personal Information ◽

Third Party ◽

Security And Privacy ◽

Sensor Data ◽

Usable Security ◽

Security Risks ◽

Privacy And Security ◽

Novice Users

The Second Usable Privacy and Security for Mobile Devices Workshop (U-PriSM 2) was co-located with MobileHCI'13 in Munich, Germany. The U-PriSM 2 was an opportunity for researchers and practitioners to discuss research challenges and experiences around the usable privacy and security of mobile devices (smartphones and tablets). Security and privacy often involve having non-security experts, or even novice users, regularly making important decisions while their main focus is on other primary tasks. This is especially true for mobile devices where users can quickly and easily install apps, where user interfaces are minimal due to space constraints, and where users are often distracted by their environment. Likewise, mobile devices present unique privacy and security risks because they allow third-party applications access to personal information and sensor data. The amount and sensitivity of such personally identifying information is likely to increase as device functionality increases. The convergence of these factors means that improvements to security and privacy provisions on mobile devices are becoming increasingly important. Workshop participants had a chance to explore mobile device usage and the unique usable security and privacy challenges that arise, discuss proposed systems and ideas that address these needs, and work towards the development of design principles to inform future development in the area.

Download Full-text

D-waste: Data disposal as challenge for waste management in the Internet of Things

The International Review of Information Ethics ◽

10.29173/irie131 ◽

2014 ◽

Vol 22 ◽

pp. 101-107 ◽

Cited By ~ 1

Author(s):

Burkhard Schafer

Keyword(s):

Internet Of Things ◽

Data Storage ◽

Data Protection ◽

Security And Privacy ◽

The Internet ◽

Storage Devices ◽

Desktop Computers ◽

Data Controller ◽

Privacy Risks ◽

The Internet Of Things

Proliferation of data processing and data storage devices in the Internet of Things poses significant privacy risks. At the same time, faster and faster use-cycles and obsolescence of devices with electronic components causes environmental problems. Some of the solutions to the environmental challenges of e-waste include mandatory recycling schemes as well as informal second hand markets. However, the data security and privacy implications of these green policies are as yet badly understood. This paper argues that based on the experience with second hand markets in desktop computers, it is very likely that data that was legitimately collected under the household exception of the Data Protection Directive will “leak” into public spheres. Operators of large recycling schemes may find themselves inadvertently and unknowingly to be data controller for the purpose of Data Protection law, private resale of electronic devices can expose the prior owner to significant privacy risks.

Download Full-text