The convenience offered by smart home devices such as Amazon Alexa, Google Home, and similar products has revolutionized how users interact with their living spaces. However, this convenience also raises significant challenges regarding data privacy and security. Since smart home devices are connected to the internet within the Internet of Things (IoT) environment, they become vulnerable to cyber-attacks and unauthorized access, potentially resulting in the theft of personal information or compromising users' physical security. In addition, smart home contexts often involve multiple potential users, including those of different ages such as children and older adults, whose needs, expectations, and abilities related to security, authentication, and access may vary greatly.

Continuous Authentication (CA) is an emerging security technology that intermittently verifies user identities based on passive observation and monitoring of user behaviors, without requiring users to explicitly authenticate themselves via, for example, passwords. CA allows for a more seamless user experience in the smart home and can significantly reduce the risk of unauthorized access. However, this continuous monitoring, which is required for the effective operation of smart home services, presents another layer of challenges to privacy and security. All of these concerns highlight the need for improved security measures and privacy protection in smart homes. Furthermore, developing a clear understanding of users' attitudes toward these challenges and CA in general is crucial for assessing its acceptance and potential for adoption.

In this two-year project, we conducted a series of research focus groups with over 30 participants (ages 18 to 35) to investigate how potential end-users of continuous authentication technology think about security, privacy, data, and CA. We created a conceptual video to illustrate usage scenarios for CA in lay language. These focus groups revealed key insights and a conceptual model of CA that will be informative for future design and research for this technology. Our team also conducted an exhaustive literature review to explore the state of the field in terms of understanding users' needs, expectations, and abilities regarding security and authentication, especially considering how these might vary across age groups including children and older adults.

Key findings from our focus groups research activities revealed that system transparency is a pivotal factor in mediating the relationship between users and systems for CA applications. Transparency means that the system will reveal to its users details of its operation, such as: why did it authenticate them, why didn't it authenticate them, why did it accidentally authenticate someone else, what access might it give to unauthorized users in case of errors, and so on. This concept has been explored in prior work, but the conceptual model our research generated establishes a concrete framework for thinking about design in the CA domain.

A second key finding revealed the underlying motivations users have and trade-offs that they are willing to make related to convenience of an application and security/privacy concerns of monitoring and data sharing. This willingness to compromise has been identified in cybersecurity research, but our work digs deeper into the reasons when and why users make these compromises. Our results showed that users make such trade-offs based on the context of use, the data involved, and the people/relationships involved. For example, the closer the relationship between users, the more likely they are to be willing to share or grant access to their personal data. Users also often mentioned they place more trust in large, well-known companies like Amazon and Google to safeguard their data.

Also, our literature review established a wide gap in the field's understanding of age-related differences in support of users in the security and privacy domain. The results of this research will motivate further investigation, design, and development of security and privacy technologies for security in general, and CA specifically.

Ultimately, the final outcomes of this project show that there is a clear and present need to design context-aware CA systems that provide explicit information on their security measures, privacy safeguards, and convenience features to help users of all ages make informed decisions about their adoption and use.

We have shared our research results with the public though journal publications, conference presentations, and local, national, and international events. The conceptual model we created, along with the illustrating video scenarios, can serve to inform the design and development of future CA systems for all age groups.

The broader impacts of this project at the University of Florida include the training and mentorship of eight students (seven graduate students and one undergraduate student), including four students who identify as female and one student who identifies as Latino. These students learned relevant research methods and procedures, including human-computer interaction research methods such as participant recruiting, focus groups, affinity diagramming, and quantitative data collection, as well as literature reviews, cybersecurity research, academic writing, and design methods.

Video images created with Storyboard That tool.

Last Modified: 06/02/2023
Modified by: Lisa Anthony