SAM Smart: Prevent security gaps in smart homes
Project timeline: Dec. 2022 – Dec. 2025
Funding: €3,4 M through Germany’s federal ministry für Bildung und Forschung (BMBF). Funded by the European Union – Next Generation EU
Security vulnerabilities, such as the risk of surveillance, limit the safe use of smart home devices. Ensuring privacy in private home networks is the focus of the BMBF-supported project “Security Assistance Manager for the Smart Home”, SAM Smart for short (in German: “SicherheitsAssistenzManager für das Smart Home”). The interactive security assistant SAM is supposed to convey information, present cost-effective solutions, and actively involve users in their implementation.
Bigger scope of action with fault-prone devices
Smart home devices, especially language assistants, are usually easy to use and connected in many ways. Individual smart products are based on the black box principle, which means that private users cannot investigate their mechanics or understand how they work. Particularly in the case of quality and security deficiencies, this invisibility makes it difficult to consciously ensure data protection.
Regarding the Internet of Things (IoT), it is important to expand the possibilities to intervene. At this point, SAM Smart steps in to support consumers in recognizing the current device security of their product. It also supports them, if possible, in improving security without additional effort. The project wants to bring together technical service providers, smart home administrators and end-users. During the process, it shall combine new security solutions with AI-based methods.
Multimodal security assistance in daily life
SAM is a security assistant that operates alongside regular security checks. The individual data protection risk determines which tailor-made improvements the assistant recommends and applies according to the given consent. In fact, the IT measures should not only be triggered by voice command: A user-friendly control panel or Privacy Dashboard should provide insights into the current usage data at any time. Thanks to the use of artificial intelligence, it is possible to achieve a forward-looking assessment of security risks such as conspicuous behavior or software errors. Moreover, a machine learning method - an imitation of human knowledge acquisition based on data - is under development to help anonymize sensors in devices.
These and other approaches to raising awareness of data security are created with the help of valuable project partnerships. For example, Langlauf Security Automation contributes its expertise in the field of tool development. nuspace has already been involved in several smart home and smart building projects. It enriches the project with its knowledge of sensor technologies and their embedding in building management. Meanwhile, open.INC develops data analysis methods and simplifies data exchange in the future operating system. With automITe-Engineering, experts for IT security and security tests (so-called penetration tests or "pentests") participate in SAM Smart. The project further relies on the Universities of Siegen and Lübeck: In Siegen, the research results are conducive to project work and theses. Lübeck University plans to involve the Institute for Medical Informatics more closely to promote the security-conscious handling of patient data.
The extensive testing of SAM Smart takes place in a test scenario using penetration tests, whereby a specially set up smart home laboratory checks its stability to external threats. Major contributor to SAM Smart’s Privacy Dashboard is open.INC, while Fraunhofer FIT acts as minor associate. Its main tasks include analyses of the demand for knowledge, of current security practices and the security needs of selected test households. For the investigation of the 30 households that are organized in a living lab, the consortium can draw on experiences from the previous CheckmyVA project.
Precautionary and retrospective IoT security
Its cooperative concept and focus on private consumers make SAM Smart a novel and attractive solution for a growing market. The solutions SAM proposes shall also cover devices which have already been purchased, regardless of the manufacturer. Linked to this is the disclosure of any data that people's smart home structures collect and store. Hence, the decision-making power over measures to be carried out remains with the users. Aside from private use, new fields of application could arise: For example, a secure automation of certain processes in the care sector would make sense.
For latest updates as well as a description of the consortium, see https://samsmart.de/.