A Survey of User Perspectives on Security and Privacy in a Home Networking Environment

Abstract

The security and privacy of smart home systems, particularly from a home user’s perspective, have been a very active research area in recent years. However, via a meta-review of 52 review papers covering related topics (published between 2000 and 2021), this paper shows a lack of a more recent literature review on user perspectives of smart home security and privacy since the 2010s. This identified gap motivated us to conduct a systematic literature review (SLR) covering 126 relevant research papers published from 2010 to 2021. Our SLR led to the discovery of a number of important areas where further research is needed; these include holistic methods that consider a more diverse and heterogeneous range of home devices, interactions between multiple home users, complicated data flow between multiple home devices and home users, some less-studied demographic factors, and advanced conceptual frameworks. Based on these findings, we recommended key future research directions, e.g., research for a better understanding of security and privacy aspects in different multi-device and multi-user contexts, and a more comprehensive ontology on the security and privacy of the smart home covering varying types of home devices and behaviors of different types of home users.

Full text

A Survey of User Perspectives on Security and Privacy in a Home
Networking Environment
NANDITA PATTNAIK, SHUJUN LI, and JASON R.C. NURSE, University of Kent, UK
The security and privacy of smart home systems, particularly from a home user’s perspective, have been a very active research
area in recent years. However, via a meta-review of 52 review papers covering related topics (published between 2000 and
2021), this paper shows a lack of a more recent literature review on user perspectives of smart home security and privacy since
the 2010s. This identied gap motivated us to conduct a systematic literature review (SLR) covering 126 relevant research
papers published from 2010 to 2021. Our SLR led to the discovery of a number of important areas where further research is
needed; these include holistic methods that consider a more diverse and heterogeneous range of home devices, interactions
between multiple home users, complicated data ow between multiple home devices and home users, some less-studied
demographic factors, and advanced conceptual frameworks. Based on these ndings, we recommended key future research
directions, e.g., research for a better understanding of security and privacy aspects in dierent multi-device and multi-user
contexts, and a more comprehensive ontology on the security and privacy of the smart home covering varying types of home
devices and behaviors of dierent types of home users.
CCS Concepts: • Security and privacy →Human and societal aspects of security and privacy.
Additional Key Words and Phrases: Security, privacy, systematic literature review, user perspectives, home, networking, IoT,
smart devices
1 INTRODUCTION
Modern information and telecommunication technologies (ICT) have made today’s homes more connected and
digitized. With the rapid advancement of articial intelligence (AI) technologies and their use in modern homes,
the more traditional term “home network” is increasingly replaced by more recent one “smart home", which
often covers the use of IoT (Internet of Things) home devices with “smart” functionalities and relying on data
exchanges with the Internet. Today’s smart homes are equipped with many computing/networking and smart
devices, sensors, systems, and software applications. According to a 2020 report [
101
], the average number of
connected devices in a household in most Western countries is over 7. All home devices communicate with each
other and the network/Internet following a range of dierent protocols, while interacting with internal and
external entities including home users and other individuals [
19
]. This continuously evolving home networking
environment oers a multitude of benets and opportunities to home users, but also simultaneously presents
many challenges, including varied security threats and privacy issues.
Current research in this area has a signicant focus on understanding the home users’ perspectives, reecting on
their awareness [
58
,
95
,
188
,
202
], behavior [
8
,
57
,
77
,
106
,
179
], actions [
18
,
31
,
53
,
138
] and concerns [
13
,
104
,
203
].
In order to understand the scope and nature of these studies and ascertain the direction of future research, it is
important to collate, review and analyze the relevant research in this eld. Past reviews on related topics are more
Authors’ address: Nandita Pattnaik, np407@kent.ac.uk; Shujun Li, S.J.Li@kent.ac.uk; Jason R.C. Nurse, J.R.C.Nurse@kent.ac.uk, Institute of
Cyber Security for Society (iCSS) & School of Computing, University of Kent, Canterbury, UK, CT2 7NP.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that
copies are not made or distributed for prot or commercial advantage and that copies bear this notice and the full citation on the rst page.
Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy
otherwise, or republish, to post on servers or to redistribute to lists, requires prior specic permission and/or a fee. Request permissions from
permissions@acm.org.
© 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM.
0360-0300/2022/8-ART $15.00
https://doi.org/10.1145/3558095
ACM Comput. Surv.

2 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
focused on product-centric analyses [
79
,
160
,
161
,
188
], are technical and security related [
17
,
78
,
151
], consider
the smart home in general [
54
,
184
,
194
] or are purely privacy oriented [
96
]. Reviews that covered related user
perspectives studies, are either too dated [80, 191], or have a narrower scope, e.g., privacy only [96], or focused
on a particular segment of home users (older users’ privacy attitude) [142, 180].
Hence, our goal in this paper is to review the current research in this eld and determine the areas where further
research is necessary. With this in view, we need to explain two important terms, which are used throughout this
paper. Firstly, we consider the term “home” as a relatively broader concept, covering traditional family residences,
shared student accommodations, shared ats/houses, residential care homes, and nursing homes. We use the
term “home network” to signify a network of all computing and connected devices in a home that may or may
not be considered smart devices. When we use the term “smart home” or “smart home network”, we refer to a
slightly narrower concept, i.e., a home network that includes at least one or more smart devices, which can be
controlled from a smart device or a personal computer.
1
Note that smart mobile devices and wearables may not
be considered as smart devices by some home users and vendors, so the term “smart device” and “smart home”
can have dierent meanings for dierent people. Secondly, “user perspectives” in our paper will incorporate a
broad range of topics including mainly the following:
UP1:
home users’ behaviors, awareness, perceptions, attitudes, practices and concerns relating to security and
privacy of the home network;
UP2: the relevant contexts in which UP1 occur or change;
UP3: eects of dierent demographic factors such as age, gender on UP1; and
UP4: theoretical frameworks that can help explain UP1.
According to the systematic meta-review we conducted as part of the research reported in this paper, covering
52 literature reviews published between 2000 – 2021 (Table 2), only 10 papers cover some (mostly an incomplete
set of) topics related to ‘user perspectives’ and only one paper [
80
] published in 2012, covers a more complete
discussion of related topics. The results of our meta-review indicate a gap of more recent literature review on
security and privacy of smart home systems, from a home user’s perspectives.
Our work was conducted in a two-staged approach. In the rst stage, we conducted the above-mentioned
systematic meta-review, to have a better understanding of related literature review papers. The results of the
meta-review helped shape the methodology of a subsequent systematic literature review (SLR) in the second
stage.
Key contributions of our work and noteworthy ndings from our SLR are summarized below.
(1)
Methodologically, we used a meta-review to systematically examine past literature reviews and to facilitate
design of a follow-up SLR, which is a review method that has not been used in similar past work.
(2)
Compared with past literature review papers, our SLR has the most comprehensive coverage of dierent
user perspectives related to security and privacy of smart home systems, and covers more recent research
papers from 2010 until 2021.
(3)
A number of key ndings and recommendations for future research directions are obtained from our SLR,
many of which have not been discussed in previous review papers. We list these below.
•
The hybrid nature of a modern home with multiple (inter-)connected devices, including dierent types of
traditional and “smarter” devices, is still under-studied.
•The existence of multiple and dierent types of home users has not been suciently considered.
•
Study of home network and related security and privacy issues in dierent context and various cross-
contextual eects are still under-researched areas.
•
More research is needed to better understand data ows across multiple devices and users and in dierent
contexts.
1A similar denition can be found at https://www.lexico.com/denition/smart_home.
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 3
•Some demographic factors such as location and income of home users are less studied than others.
•
Research on home users’ perspectives in relation to the security and privacy of the home network is
predominately focused on a small number of smart devices, e.g., smart speakers and smart cameras.
•
More advanced theoretical and conceptual frameworks, such as smart home security ontologies, need
to be developed to support a more holistic view of security and privacy aspects of a home network
environment.
The rest of this paper is structured as follows. Section 2 discusses the general methodology followed to conduct
both studies. Sections 3 and 4 explain the methodology and results of the two stages (the meta-review and the
SLR), respectively. Note that our meta-review plays the role of the related work section of a more traditional
literature review paper. Section 5 summarizes our main ndings and recommendations for future research, while
the later section concludes the paper.
2 GENERAL METHODOLOGY
As mentioned in the previous section, the methodology we followed is two-staged: 1) a meta-review to gather the
related reviews in this eld more systematically and to help formulate research questions for the SLR, and 2) an
SLR to collate and analyze the original research in this eld. For both the meta-review and the SLR, we followed
the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) method [
128
], a widely used
procedure for conducting SLRs. The procedures followed in both stages of our study are illustrated in Fig. 1.
Meta-Review SLR
ACM Digital Library
(�=315)
Scopus
(�=1,647)
IEEE Xplore
(�=708)
Merging all search results
(�=2,670)
Removing duplicates
(�=1,647)
Screening based on titles and abstracts
(�=257)
Final selection based on fulltext
(�=52)
ACM Digital Library
(�=61)
Scopus
(�=2,521)
IEEE Xplore
(�=424)
Merging all search results
(�=3,006)
Removing duplicates
(�=2,521)
Screening based on titles and abstracts
(�=226)
Selection based on fulltext
(�=102)
+Snowballing (�=24)
Final selection (�=126)
Fig. 1. The PRISMA procedures used for the meta-review and the SLR
ACM Comput. Surv.

4 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
The PRISMA procedure to identify eligible papers for the systematic review process includes four main steps:
(1) identifying pertinent records, (2) screening the selected records based on the exclusion and inclusion criteria,
(3) assessing the eligible records, and (4) selecting eligible items for the nal study. Since the results of the
meta-review were produced systematically and contributed to the selection of our research questions for the
SLR, we decided to present both the above scientic process in one ow diagram presented in Fig. 1. For ease
of understanding, both these processes are color coded (blue for the SLR, and green for the meta-review) to
represent two dierent processes.
For both stages, a selection of three major scientic databases, Scopus, ACM Digital Library and IEEE Xplore,
were considered. We decided to include Scopus as it is regarded as a very comprehensive and interdisciplinary
database [
21
]. Note that Scopus is a product of the largest scientic publisher Elsevier, so research papers
published by Elsevier are well covered by Scopus. In addition, we observed that research papers published by
other mainstream publishers such as Springer and John Wiley & Sons, Inc. are substantially indexed by Scopus.
We decided to include ACM Digital Library and IEEE Xplore as additional databases because ACM and IEEE are
the two most important subject-specic publishers for cyber security and smart home research. Although the
same query was used for all the databases, each database oered dierent searching tools, i.e., Scopus supported
searching directly into paper title, abstract and keywords (called “meta data”), but ACM Digital Library and IEEE
Xplore did not oer such a direct search option, so we decided to search into the abstract only. The results were
ltered to include only ‘Journal articles’, ‘Conference proceedings’, ‘Conference reviews’, ‘Reviews’, and ‘Articles
in press’, published in the English language. Specic keywords used, the inclusion and exclusion criteria for each
of the review and the period of search, have been included in the respective methodology sections.
To store, categorize and analyze our data in both stages, we used a widely used research software system called
MAXQDA (http://www.MAXQDA.com/). MAXQDA has several useful tools to support dierent qualitative and
quantitative analysis tasks such as “Smart coding tool”, “Document variable analysis”, “Visual tools”, “Memos”,
“MaxDictio” which were very helpful in our analysis.
3 META-REVIEW
The meta-review aims to identify, collect, analyze and synthesize the review papers on the subject of security
and privacy at home, and helps to formulate the research questions for the main SLR. The meta-review concept
is similar to scope review [132] that can be used as a precursor to an SLR to help guide the design of the SLR.
3.1 Methodology
Following our research aim, the meta-review focused on the research question: How have existing review papers
in the area of security and privacy of home networking covered research on user perspectives?
3.1.1 Search Keywords. Table 1 shows the keywords we used to conduct our search queries. The search strategy
includes three main components: the rst subset of keywords capture the home networking and smart home
context, the second limit our searches to security and privacy-related papers, and the last one covers several
typical keywords indicating the nature of the paper as a review or SoK (systematization of knowledge) paper.
Table 1. The list of keywords used for the meta-review
(Home AND (Network OR Networking OR Smart OR Computer OR Computing OR Internet OR Device))
AND (Security OR Privacy)
AND (Review OR Survey OR Overview OR Systematisation OR Systematization OR Systematic OR SoK)
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 5
To follow the screening and eligibility checking steps of the PRISMA process, a set of exclusion and inclusion
criteria were established. A paper meeting any one of the exclusions (or inclusion) criteria was excluded (or
included).
3.1.2 Exclusion Criteria. Papers meeting the following exclusion criteria were excluded:
•Papers published before 2001
•Non-English papers
•Papers that do not cover the home context (e.g., those covering industrial IoT)
•Conference reviews or book chapters
•Papers that do not cover any security or privacy factors
•
Papers which are not review papers excepting non-review papers that report any taxonomy covering
security, privacy or user perspectives of the home network
3.1.3 Inclusion Criteria. After excluding papers based on the exclusion criteria, those meeting at least one of the
following inclusion criteria were selected:
•Papers focusing on issues and solutions in the area of security and privacy of the home network
•Papers that systematically reviewed smart home and home network related products or applications
The non-review papers reporting on ontology or taxonomy relevant to the subjects were considered as
pseudo-reviews and were included in the study because they normally systematically conceptualize relevant
topics.
In the following, we present the results of the meta-review.
3.2 Results & Discussion
Figure 1 (colored in green) shows the results from each step of the meta-review. The initial searches gave us
2,670 papers in total. After removing duplicates, we had 1,647 papers to screen. Following the exclusion criteria
in Section 3.1.2, we ended up with 257 papers for further screening. After a scan of those papers’ abstracts,
introduction and conclusion sections and applying our inclusion criteria presented in Section 3.1.3, 52 papers
were included for nal analysis. The screening and ltering steps gave us a clear indication of reviews that were
conducted in the past on relevant topics, helping to inform the second stage of our work (i.e., the SLR). Table 2
presents an overall comparison of related study with the current research. Note that although all included papers
are review papers, only some can be considered SLR (i.e., others were not done following a systematic approach).
Table 3 depicts the thematic categorization of the 52 papers in our study based on the broad overall theme that
the reviews conveyed.
3.2.1 Security & Privacy in General. Nineteen papers covered by the meta-review focus on various common
issues arising from security and privacy problems in a smart home. DeFranco and Kassab’s paper [
52
] covered the
broad theme of general research avenues around smart home. While Kuyucu et al
.
[
99
] reviewed papers relating
to both privacy and security related issues and solutions, Liao et al
.
[
109
] explored security problems, challenges,
techniques used, and solutions available from a mobile computing point of view. Talal et al
.
[
175
] focused on
security issues of tele-medicine environment exploring smart home issues and solutions in general and hardware
sensors, protocols, wireless network, security architecture, in particular. Philip et al
.
[
147
] published a similar
study on home health monitoring systems. Bolton et al
.
[
33
] surveyed the security and privacy challenges of
virtual assistants such as ‘Siri’ by Apple. Barriga A. and Yoo [
23
] discussed existing security mechanisms and
approaches in a smart home automation system, while Batalla et al
.
[
25
] analyzed the security requirements
and countermeasures used in a general IoT architecture and suggested an extendable home area network with
multi-level privacy and security to be managed by a trusted external actor to lessen the burden on home users.
ACM Comput. Surv.

6 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
Table 2. Comparison of the current study with related work
Holistic
Multi-Device
Awareness
Concerns
Behavior
Multi-User
Demographics
Contextual
Theoretical
[111] ✓ ✓
[35, 90] ✓ ✓
[180] ✓ ✓ ✓ ✓
[80] ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
[191] ✓ ✓ ✓
[198] ✓ ✓ ✓ ✓ ✓
[2, 25, 115] ✓ ✓
[10, 67] ✓✓✓
[14] ✓ ✓ ✓ ✓ ✓
[142] ✓ ✓ ✓ ✓
[24] ✓ ✓ ✓ ✓ ✓ ✓
[78] ✓✓✓
[17, 62, 66] ✓ ✓
[158, 184] ✓ ✓ ✓
[96] ✓ ✓ ✓ ✓ ✓
[12, 99] ✓ ✓ ✓ ✓
[16, 124] ✓ ✓ ✓
[41, 74, 75, 133, 185] ✓ ✓
[51, 55] ✓ ✓
[45, 109, 151, 159, 175] ✓ ✓ ✓
[131, 194] ✓ ✓ ✓
[152] ✓ ✓ ✓ ✓
[54] ✓ ✓ ✓ ✓
[33, 52, 69, 172] ✓ ✓ ✓ ✓ ✓
[43] ✓ ✓ ✓
[11, 127] ✓ ✓
[147] ✓✓✓
[107] ✓ ✓ ✓ ✓ ✓
2022 Our work ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
Year(s)
Reference(s)
Subject Focus
SLR
Meta-Review
Security
Privacy
Smart Home
User Perspectives
2000–2016
2017
2018
2019
2020
2021
Other topics covered in some reviews include smart home data protection issues [
43
] and security issues in
dierent layers of smart home network [172].
Three papers chose to focus on specic areas in the smart home security. These include, Ambient Intelligence
(AmI) applications and their privacy issues by Lopez et al
.
[
111
], major wireless protocols such as Zigbee and
Z-wave by Marksteiner et al
.
[
115
], and, and security and protection mechanism in face detection techniques
by Fatima et al
.
[
55
]. Papers also looked into general smart home related topics, i.e., Vasanth et al
.
[
185
] who
discussed on smart home automation and trust building factors, Whereas, Michler et al
.
[
124
] investigated
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 7
Table 3. Categorization of review papers into dierent categories (period: 2000–2021)
Category
2000–2016
2017
2018
2019
2020
2021
(#)
Security &
privacy in
general
[111] [25, 115] [17, 23] [12, 99, 124,
185]
[55, 109,
147, 151,
159, 175]
[33, 43, 52,
172] 19
User perspectives
[80, 180,
191, 198] [14, 24, 142] [96] [124] – [107] 10
Threats and
attacks [90] [2, 25] [78] [16, 74] [45, 51, 109] – 9
Security &
privacy solutions – – [17, 62, 66,
158]
[41, 75, 99,
133]
[131, 151,
159] [11, 127] 13
Smart devices [35, 90] [10, 67] [184] – [54, 152,
194] [69] 9
research work on trust-building factors in consumer IoT products in four areas including smart home. Reviews
also considered alternative approaches to dierent security issues in a home network such as utilizing fog-
computing architecture [
151
], smart home safety and security using Ardunio platform [
159
] and using software
dened networking (SDN) [17] to control home network security.
3.2.2 User Perspectives. We identied ten papers that reviewed the literature on privacy and security issues from
home users’ perspectives. Out of all 10 papers, Howe et al
.
[
80
]’s research was the only paper which touched
upon many of the areas we wanted to review, although it is a very old review (2012). This research focused on
the psychology and factors inuencing users’ security behaviors and decisions. It explored various demographic
characteristics, information sources for home users, users’ understanding of security risks, their perception of
security behaviors and defensive security actions.
Wilson et al
.
[
191
] analyzed 150 relevant papers and organized their ndings into three broad themes of
1) growth of smart home from ‘functional’, ‘instrumental’ and ‘socio-technical’ viewpoints, 2) users and their
use of smart home with the subcategories of ‘prospective users’, ‘interactions and decisions’ and ‘technology
in the home’, and 3) challenges in a smart home covering hardware and software, design and domestication
issues. Alotaibi et al
.
[
14
] reviewed research work on security awareness and education amongst home users
recommended an individualized approach to provide information to users based on their existing awareness level.
Michler et al
.
[
124
] analyzed user perception from the angle of trust to understand smart home adoption issues.
Two papers explored the elderly users’ prospective on using smart home. Pal et al
.
[
142
]’s systematic review
on the elderly users’ perspective on smart homes, observed that the elderly population have serious security
and privacy concerns on the use of smart devices. In another systematic review, Yusif et al
.
[
198
] focused on
assistive technology use by older people and noted that 34% of the articles examined, recognized privacy as a
major concern for the older adults.
The other four papers diered widely in their topic choices. After having systematically reviewed privacy-
related papers, Kraemer and Flechais [
96
] concluded that contextual privacy at home and privacy behaviors
were very under-researched areas. The concept of privacy paradox and related studies were covered in two
reviews [
24
,
180
]. Li et al
.
[
107
] conducted a systematic review to nd the motivation, barriers and risk of smart
home adoption from a consumer’s point of view.
3.2.3 Threats and Aacks. We found nine papers reviewing various aspects of security threats, attack types.
Abrishamchi et al
.
[
2
] discussed dierent types of side-channel threats in a smart home, giving a categorical
ACM Comput. Surv.

8 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
view of dierent devices and systems layers in a smart home that leaks private data. Hearteld et al
.
[
78
] on the
other hand, produced a taxonomic view of the possible cyber-physical threats and their impact on smart home.
Alrawi et al
.
[
16
] produced a systematized view of the research literature on smart home security arena, under
4 major categories: ‘device’, ‘mobile application’, ‘cloud endpoint’ and ‘communication’. Papers were further
sub-categorized into ‘Attack vector’, ‘Mitigation’, and ‘Stakeholder’ and evaluated with 45 IoT devices to identify
the research gaps. Researchers also explored the security vulnerabilities by dierent IoT devices [
51
] and smart
home devices [
45
]. Batalla et al
.
[
25
] classied the security threats in home area network devices by referring to
the 3-layered approach of ENISA (European Union agency for Cybersecurity), i.e., perceptual, network and the
application layer attack and physical attacks. Implantable, wearables and embedded sensors were another topic
of discussion [90] along with security measures in mobile computing [109].
3.2.4 Security & Privacy Solutions. Thirteen papers focused on solutions to specic security and privacy problems
in a smart home. Chakraborti et al
.
[
41
] reviewed research work on software solutions and embedded solutions
in a smart home. Two of the papers [
131
,
158
] reviewed blockchain-based solutions for addressing security and
privacy problems of a smart home. Three papers focused on dierent areas of smart home solutions, including
current fog-based literature [
151
], research on software-dened networks (SDN) [
17
] and smart home safety
and security systems focusing specically based on the Arduino platform [
159
]. Kuyucu et al
.
[
99
] reviewed
papers both on issues and solutions. We found six papers reviewing the existing literature on authentication
schemes and various security threats to them. Four papers [
11
,
62
,
127
,
133
] provided a general classication of
dierent authentication schemes, threats and attacks on IoT devices in a smart home. Other such as Ghazali and
Zakaria [
66
] extensively reviewed the biometric factors reecting on the authentication mechanisms inside a
smart home whereas, Gupta et al
.
[
75
] focused on a comparative study of dierent encryption algorithms used in
IoT platform and proposed solutions to increase energy eciency of various systems.
3.2.5 Smart Home Devices. Nine papers covered in the meta-review focused on smart home devices, with-
out looking at the system or user level aspects where multiple devices form a home network. Varghese and
Hayajneh [
184
] reviewed research on security and privacy of dierent categories of smart home devices. Ray
et al
.
[
152
] provided an in-depth discussion on IoT-based biosensors. Four other papers covered other specic
areas including smart TV [
10
], hybrid broadcasting broadband TV (HbbTV) techniques [
67
], video surveillance
methods [
35
], implantable and wearable medical devices, detectors and control systems such as temperature
sensors or smoke detectors [
90
]. Edu et al
.
[
54
] reviewed research work on smart home personal assistants
(SPA) to examine the main security and privacy issues, features that characterize known attacks, limitations of
countermeasures. Features and challenges of smart gateway systems [
194
] and assisted smart home technologies
for elderly people [69] are two other areas of discussion under this category.
3.2.6 Discussions & Research estions Identified for the SLR. The meta-review led to several key ndings.
•
First, although ten papers covered user perspectives in dierent ways, the discussions have not considered
papers from both the security and privacy angle. The reviews have reected on the privacy issues [
96
,
180
], educational awareness [
14
] and general challenges users face with very little focus on security and
privacy [
191
]. The “User Perspective” as discussed in Section 1, comprises a much broader domain. Only
Howe et al
.
[
80
] discussed a more comprehensive details of user perspectives including behaviors and
practices of users, but the study is relatively old (published in 2012). There is therefore a need of collating
and synthesizing more studies in this growing area.
•
Second, 42 review papers collectively cover dierent aspects of smart home research, including specic
(types of) smart home devices, privacy and security issues, and technical solutions. We noticed the absence
of wider discussions and a more holistic view of a smart home where multiple and heterogeneous devices
are interacting with each other and home users.
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 9
•
Third, as reported in [
96
], contextual aspects of security and privacy of home network have been much
less studied.
•
Fourth, among the ten review papers covering user perspectives, demographic factors are mentioned in
only one early review conducted by Howe et al. (2012) [80].
•
Fifth, although not a systematic review, Howe et al
.
[
80
] conducted a very comprehensive review of papers
covering user perspectives, published before 2010 and was a main motivation of our study. Hence, this
work focuses on papers published since 2010.
Based on the above ndings, we decided to dene the following more focused research questions for the SLR
in the second stage of our work, as presented in Table 4.
Table 4. Research questions (RQs) identified for the follow-up SLR via the meta-review
RQ1
Has the current literature paid attention to the security and privacy perspectives of users within a home
network in a holistic manner?
RQ2
Is there any research exploring home users perspectives on security and privacy of multiple inter-
connected devices in a home network?
RQ3 What is the current research on users’ awareness of security and privacy issues of a home network?
RQ4
To what extent researchers have explored the security and privacy concerns of users in a home network?
RQ5 What type of user security behaviors and practices in a home network have been researched?
RQ6
What research has been conducted to understand the dierence in users security and privacy behaviors
and practices in a multi-user home network?
RQ7
What demographic factors have been studied while exploring home users’ perspectives on security and
privacy aspects in a home network?
RQ8
How have dierent contexts of a home network been considered when studying home users’ perspectives
regarding security and privacy aspects?
RQ9
What theoretical and conceptual frameworks have been proposed and used to facilitate studies on user
perspectives regarding security and privacy aspects of a home network?
As is evident from the paper, the boundary between RQ3, RQ4 and RQ5 is not a clear-cut one. Broadly speaking,
RQ3 focuses more on the knowledge of home users on facts related to security and privacy matters in the home
networking context; RQ4 focuses more on home users’ concerns (i.e., perceived risks and problems), including
not only concerns caused by awareness of genuine security and privacy issues, but also those caused by false
perception or misunderstanding of (possibly non-existing) security and privacy issues; and RQ5 looks more
at what home users actually do (behaviors and practices) and the reasons behind them (attitudes, motivation,
perception). RQ5 has a broader scope and may be argued to include RQ3 and RQ4 as two sub-questions, since
actual behaviors and practices may also be caused by (lack of) awareness and/or concerns.
4 SYSTEMATIC LITERATURE REVIEW (SLR)
The SLR was conducted in line with the 9 research questions identied via the meta-review reported at the end
of the previous section, examining related original (i.e., non-review) research work in the literature from 2010 till
2021. There are two reasons why we decided to exclude papers published before 2010. First, we wanted to focus
on more recent research (the past decade), which is a common practice for SLRs [
89
,
182
]. Our results showed
that relevant research was indeed more done in the past several years (see Figure 2). Second, Howe et al
.
’s review
work [80] conducted in 2012 covered original research papers published before 2010 quite comprehensively.
ACM Comput. Surv.

10 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
4.1 Methodology
As mentioned in Section 2, we followed the same PRISMA method [
128
,
140
] for the SLR, following the exclusion
and inclusion criteria explained below. Similar to what we did for the mata-review, we also considered the term
“home” in a broader sense.
4.1.1 Exclusion Criteria. Papers meeting the following exclusion criteria were excluded:
•Papers published before 2010
•Non-English papers
•
Papers that are not related to a home network context or do not include a signicant coverage of home
networks
•Papers that do not cover any security or privacy aspects
•Papers that do not cover home user issues
•
Papers that have been considered in the meta-review reported in the previous section, or papers that do
not report original research work.
4.1.2 Inclusion Criteria. Any topics which meets at least one of the relevant areas in the RQs listed in Table 4.
4.1.3 Information Sources & Search Strategy. As mentioned for the general methodology in Section 2, the same
three databases, i.e., Scopus, ACM Digital Library and IEEE Xplorer, were used to search for related research
papers. The scope of our SLR was decided mainly by the result of the meta-review which are reected in our
research questions Table 4. The research questions which were formulated as the result of the meta-review guided
the process of a keyword selection. The search queries we used for the SLR are formed by four required sets of
keywords each covering a dierent aspect of our RQs: the context of home network or smart home, security or
privacy, users, and behaviors (see Table 5).
Table 5. The keywords used in the search queries of the SLR
(Home AND (Network* OR Smart OR Comput* OR Internet OR Device))
AND (Security OR Privacy)
AND (User OR Human OR People OR Customer OR Person)
AND
(Perception OR Awareness OR Concern OR Behaviour OR Behavior OR Worry OR Action OR Decision)
4.2 Results
4.2.1 Papers Selected. The papers returned from the database searches totaled: 2,521 from Scopus, 61 from ACM
Digital Library, and 424 from IEEE Xplore. After removing duplicates, those papers were rst screened based on
their titles and abstracts, by applying the exclusion criteria. This resulted in 226 papers eligible for more detailed
screening and selection based on their full text. This led to the exclusion of 124 papers and 102 eligible papers
were selected.
We performed an additional snowballing-based process [
65
] to identify more relevant papers by analyzing
references of the 102 papers selected. Any potentially relevant papers identied went through the same exclusion
and inclusion criteria. In total 24 additional papers were identied following this snowballing process, increasing
the number of selected papers to 126. The results of the process of searching for and identifying the nal selected
papers are shown in Figure 1.
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 11
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021
0
10
20
30
6040156
14 18 22 27 23
6040156
14 18 22 27 23
Fig. 2. The number of papers published yearly between 2010 and 2021.
4.2.2 Yearly Trend of Selected Papers. Figure 2 demonstrates the yearly trend of selected papers in the past 11
years (2010–2021). As can be seen, the majority of papers were published after 2016, indicating the fact that
related research has gained momentum towards the second half of the 2010s. This trend is not surprising given
the fact that smart home devices have become more popular more recently, and privacy and security issues
around them has become more prominent in the past a few years.
4.2.3 Thematic Analysis of Selected Papers. In order to answer the nine RQs dened for the SLR, we conducted a
thematic analysis of all selected papers and classied them into nine topical themes each corresponding to an
RQ, as shown in Table 6 (2016–2021) and Table 7 (2010–2015). Considering the overlaps between RQ3, RQ4 and
RQ5, we mapped selected papers to them as follows: papers that explicitly refer to home users’ understanding,
awareness, perception, knowledge and belief on security and privacy matters in the context of a home network
were categorized under RQ3; papers that have an explicit coverage on home users’ concerns or worried on
security and privacy issues and problems were categorized under RQ4; and papers that cover home users’ actual
security and privacy behaviors and practices were categorized under RQ5. Comparing papers published in the
past six years (2016–2021) and the earlier six years (2010–2015), we can see two revealing patterns: 1) research on
related topic has been increasing drastically recently since 2016; and 2) recent papers frequently cover multiple
RQs compare to earlier papers, indicating that more researchers realized the complexity of security and privacy
issues of home networks and the need to study them from multiple angles. We represented the inclusion of this
complexity in the included papers by the following specic graphic symbols: (a) “Substantial coverage” – to
represent papers which provided a substantial coverage of one RQ, (b) “Partial coverage” – when a part of the
paper is devoted to one RQ, and nally (c) “ Light touch“ – where a paper discussed about an RQ only briey.
Discussions for each RQ mainly concentrated on the papers which provided a full coverage, while mentioning
about the partial coverage. Across all papers published in the 11 years our SLR covered, we can see some popular
research areas (e.g., RQ4 “Privacy concerns”, RQ5 “Security behaviors and practices”, and RQ9 “Theoretical and
conceptual frameworks”). In addition, the results also revealed some obviously less-studied areas, especially
under RQ2 on multiple inter-connected devices and RQ8 on contextual aspects.
For each RQ, we will discuss the relevant papers covered in our SLR with greater details later, grouping them
into dierent sub-categories within each RQ. Table 8 shows an overview of all the papers which have been
mapped to the RQs and the sub-categories within each RQ.
4.2.4 RQ1: Holistic view.For this RQ, we considered 11 papers that examined security and privacy of home
networks from a more holistic point of view.
Papers in this category discussed dierent aspects, including privacy and security risks of users while adopting
to smart devices at home [
22
,
110
,
141
], general challenges for home users and solution [
37
], comprehensively
assessing privacy risks of smart home by investigating the data-collecting capabilities of its integral components
and assessing the individual risk they pose [
170
], general benets and risks [
113
,
191
], the role of trust [
56
,
162
],
and hybrid nature of modern smart homes [
34
,
136
,
201
]. The last two aspects are of particular interest for RQ1,
so we briey introduce the ve papers below with greater details.
ACM Comput. Surv.

12 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
Table 6. Papers in 9 RQs (2016–2021). Legend: Substantial coverage Partial coverage Light touch
Period Paper(s) RQ1 RQ2 RQ3 RQ4 RQ5 RQ6 RQ7 RQ8 RQ9
[119, 166]
[4, 77, 199]
[77]
[20, 120, 129]
[22]
[31]
[85]
[196]
[34]
[37, 137, 162, 170, 201]
[30, 40]
[42, 49]
[48, 100, 106, 136, 138, 174, 179]
[53, 146]
[1, 27, 67, 76, 93, 95, 121, 145, 163]
[56]
[57, 87]
[58]
[83]
[47, 61, 135, 164, 167, 183]
[7, 13, 46, 60, 71, 112, 154, 165, 171, 203]
[63, 84]
[72]
[81]
[82]
[28, 29]
[64, 92]
[94]
[4, 98, 188, 202]
[104]
[105]
[103]
[110]
[113]
[70, 114, 150]
[144]
[116, 118]
[122]
[126]
[134]
[141]
[9, 10, 68, 130, 130, 149, 192]
[153]
[173]
[178, 181, 187, 195]
[117, 197]
[199]
[47]
[59, 143]
11 5 34 46 63 16 17 8 21
2016–2021
Number of Papers
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 13
Table 7. Categorization of papers into the 9 RQs (2010–2015). The same legend as in Table 6.
Period Paper(s) RQ1 RQ2 RQ3 RQ4 RQ5 RQ6 RQ7 RQ8 RQ9
[7]
[18]
[86, 88, 97, 176, 193]
[108]
[79, 86, 139, 186]
[189]
[190]
015150602
2010–2015
Number of Papers
The role of trust: Ferraris et al
.
[
56
] explored the trust relationship between the user and popular smart
devices and suggested an interesting trust model, which would enhance home security in regards to how devices
interact with users and other devices. Schomakers et al
.
[
162
] discussed how the degree of automation can aect
the privacy and trust perception of smart home users by not only exploring privacy from the information security
viewpoint but also reecting on the physical, social and psychological dimensions.
The hybrid nature of modern smart homes: Zhao [
201
] reected on the legal denition for the current
digital home which has a uid boundary and discussed some rising problems such as the changing perception of the
home’s location, the increasing signicance of data protection in the home, and the weakening legal enforcement
owing to the ‘cross border data-ows’ and ‘complicated industrial supply chain’. Nthala and Flechais [
136
]
investigated data security decisions in the home and proposed to study them by considering the home space in
three distinct areas: social, activity-based, and technological spaces. Boussard et al
.
[
34
] proposed the concepts of
‘vPlace’ and ‘vSpace’, to address the problem of proliferation of poorly secured IoT devices at home. ‘vPlace’ is the
collection of all registered resources in the home network and external devices owned by home users along with
their dynamic states of connection to the network of connected or not connected to the network, and ‘vSpace’
refers to virtual spaces or rooms oriented towards dierent contexts of family, work (from home) or visitors.
Some recommended solutions proposed in research falling into this category are interesting, such as calculating
privacy risks from the data collection capabilities of a device and dividing the whole home network into physical
and virtual places. However, we felt that research should take into account co-existence of dierent (both smart
and traditional) devices in a home network, exploring whether people’s security and privacy behaviors and
actions are dierent in dierent types of home networks such as in a student accommodation, an Airbnb or a
shared at.
4.2.5 RQ2: Multiple inter-connected devices.For this theme, we found only a small number of (four)
papers [7, 34, 119, 166], which are briey introduced below.
Al Abdulwahid et al
.
[
7
] focused on the unavailability of a common authentication technique using multiple
digital devices. Boussard et al
.
[
34
]’s vPlace and vSpace concepts, introduced previously for RQ1, utilized the
software-dened network (SDN) technique to manage access control in a multi-user home network with multiple
devices. Sikder et al
.
[
166
] discussed the complex and conicting demands of multiple users in a multi-device
home compared to a single-users environments and suggested a new access control system called Kratos to
enhance awareness of related environment. Marky et al
.
[
119
] (lab-based study,
�=
15) found that users would
prefer to have detailed information about each device, a clear status communication, more dynamic and rule-based
settings, and delegation options to adjust privacy settings in a multi-device setting.
The limited research on RQ2 suggests the need for research in the eld of interconnections and interactions
between multiple home devices, and any consequential security and privacy problems.
ACM Comput. Surv.

14 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
Table 8. A taxonomic view of the research papers under dierent sub-categories belonging to the RQs
RQ Sub-category Paper(s) #
RQ1: Holistic View
Smart device adoption [22, 110, 141] 3
General challenges & solutions [37] 1
General benets & risks [113, 191] 1
Data ows & privacy risks [170] 1
The role of trust [56, 162] 2
Hybrid nature of modern smart home [34, 136, 201] 3
RQ2: Multiple Devices
Lack of common authentication techniques [7] 1
Multi-device and multi-user scenarios [34, 166] 2
Multi-device privacy conguration [119] 1
RQ3: User Awareness
Eect of workplace training [88, 97, 121, 176] 4
Privacy awareness & perception [27, 31, 53, 58, 67, 95, 116–118, 146, 162, 188, 199, 202] 14
Smart personal assistants [1, 85, 98, 113, 145] 5
Dierent types of home users [5, 93, 193] 3
PrivSec awareness in general [57, 83, 87, 103, 105, 110, 113, 196, 197] 9
RQ4: User Concern
Privacy concerns in general [13, 83, 104, 150, 192, 196, 203] 7
Concerns with smart speakers [42, 46, 60, 82, 85, 103, 112–114, 130, 144] 11
Reection on underlying behaviors [68, 108] 2
Parental privacy concerns [15, 149, 171] 3
Other aspects [9, 22, 40, 47, 49, 70–72, 81, 105, 154, 165, 190] 13
PrivSec concern in general [9, 28, 29, 59, 59, 88, 134, 141, 153, 197, 199] 11
RQ5: Behavior/Practice
Security practice related decision [9, 136–138] 4
Management and conguration [79, 87, 179] 3
Security behavior aecting practice [18, 31, 53, 58, 77, 174, 192] 7
Personalized approaches [57, 186] 2
Privacy-specic behaviors [8, 42, 49, 103, 113] 5
Machine Learning based study [22, 106, 114, 134] 4
Other aspects [3, 86, 139, 149] 4
PrivSec behavior in general
[
4
,
47
,
58
,
61
,
63
,
68
,
70
,
84
,
98
,
100
,
103
,
105
,
114
,
116
,
118
,
123
,
126
,
130
,
134
,
135
,
141
,
144
,
146
,
150
,
164
,
167
,
173
,
178
,
181
,
183
,
187
,
188
,
195
,
200
,
202
]
35
RQ6: Multi-User Bystander privacy [4, 28, 29, 48, 119, 197] 6
Access control & conguration [63, 77, 84, 119, 200] 5
Devices shared by multiple users [63, 82, 84, 103, 113, 117, 118] 7
RQ7: Demography
Gender [61, 104, 123, 135, 189] 5
Non-gender demographic factors [30, 40, 47, 94, 153, 167, 183, 186, 190] 9
Location [81, 100, 164] 3
RQ8: Contextual Location as context [120, 129, 134] 3
Device as context [20, 77, 105, 112, 122, 173] 6
RQ9: Theoretical
Protection Motivation Theory (PMT) [18, 53, 64, 122, 126, 187] 6
Extended PMT [178, 181] 2
Theory of Planned behavior (TPB) [56, 72, 195] 3
Conceptual Framework [59, 92, 104, 108, 141, 143, 144] 7
4.2.6 RQ3: Security and privacy awareness of home users.35 papers covered in our SLR studied users’
awareness and perception of security and privacy in the context of home networking, with 24 papers substantially
covering this topic.
The eect of workplace training and the subsequent cyber awareness for home users is a topic that has
received some attention. While some researchers investigated organizational, social and personal factors that can
aect cyber security awareness of home users and attributed the cyber awareness of the home users to personal
initiatives’ knowledge, others such as Talib et al
.
[
176
] and Kritzinger and von Solms [
97
] recommended organized
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 15
security awareness programs at the workplace to help boost home users’ cyber awareness. Kang et al
.
[
88
] and
McDermott et al
.
[
121
] suggested the absence of a direct relationship between people’s technical background and
their security or privacy awareness.
The topic of low privacy awareness is another popular topic discussed by many researchers [
53
,
67
,
116
–
118
,
146
,
163
,
202
], owing to reasons such as the absence of audio-visual inputs [
202
] or a low level of self-
ecacy [
146
]. On the positive side, it was also reported that home users are willing to engage in privacy
protective mechanism, if relevant tools are easy to understand and cheap [
53
]. Through an online role-playing
exercise, Binns et al
.
[
31
] (online role playing scenario,
�=
27), found that home users’ privacy-related decisions
are heavily inuenced by their pre-existing perceptions of and relationships with companies (more precisely,
mobile app suppliers). They suggested privacy-aware tools that can help users to incorporate such pre-existing
contextual factors into their privacy-related decisions. Two studies [
27
,
95
] suggested using augmented reality
related solutions to make home users aware of privacy issues and to encourage them to make more informed
decisions. Wickramasinghe and Reinhardt [
188
] (survey,
�=
229), observed that users had a lack of knowledge of
sensitive data collected by smart objects and the thirds parties receiving such data. Zeng et al
.
[
199
] (interview,
�=
15), suggested how users’ vulnerability depends on the level of their privacy knowledge, and pointed out a
clear mismatch between the awareness and power of the owner/administrator of the smart home in comparison
to other home users. Freudenreich et al
.
[
58
] (interview,
�=
16), studied security practices of home users related
to Wi-Fi security and found that, although they were mostly aware of the vulnerabilities, they found it dicult to
address these issues.
Due to the growing popularity of smart speakers (also called smart/intelligent personal assistants or voice
assistants – we will use the shorter term “smart speaker” hereinafter), some studies [
1
,
85
,
113
] looked into
dierent security and privacy aspects of smart speakers. They found that, home users were generally aware of
personal data being stored on smart speakers, but not with the service provider and in some cases with other third
parties. Most users were not even aware that they could review or delete the stored data [
113
]. The incomplete
mental model on dierent privacy issues [
1
] or lack of knowledge on the matter [
98
] leads to various privacy
concerns. Park and Lim’s research [
145
] demonstrated that at times, when users are more aware of their privacy,
they expected their own personal space oriented features in the smart speakers.
Three papers looked at dierent types of home users. Kim et al
.
[
93
] (trend analysis
�=
23; interview
�=
20; survey
�=
188) categorized users into dierent groups depending on the level of their cyber awareness.
For example, ‘Innocent Irene’ (extreme low level of awareness) or ‘Parental Patrick’ (people with a family to
protect). They suggested designing smart devices to suit to home users’ cyber personality. Xavier and Pati [
193
]
(survey,
�=
324) pointed out how lack of awareness aects the ability to understand security threats whereas
Ahmad et al. [5] focused on lack of parental awareness on the topic of cyber threat towards children at home.
Home user awareness and perception was also addressed in nine papers [
57
,
83
,
87
,
103
,
105
,
110
,
113
,
196
,
197
],
while focusing on other related concepts such as privacy and security concerns, privacy and security behaviors
of single and multi-users and contextual security at home.
Research on RQ3 has a noticeable focus on privacy awareness, possibly because privacy issues of smart
devices such as smart speakers are more visible and understandable by home users than (technical) security
issues. The research on the eect of workforce training was a topic we did not expect, showing how home and
work contexts can be connected. Discussions on user awareness on topics such as issues from connected home,
existing tools and supports to mitigate issues arising, understanding of home user on legal and economical help
available in case of security breach are surprisingly thin and important areas to focus on.
4.2.7 RQ4: Security and privacy concerns of home users.RQ4 is one of the most discussed themes,
with 47 papers covering a range of related topics, with 36 of them focusing majorly on this RQ. The other 11
ACM Comput. Surv.

16 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
papers [
9
,
28
,
29
,
59
,
88
,
134
,
141
,
143
,
153
,
197
,
199
] focused more on topics in other RQs such as multi-user
concept or user behaviors, so they will be covered elsewhere.
Seven papers looked at privacy concerns in a more broader and systematic sense. In order to understand
the privacy concerns of home users, Zimmermann et al
.
[
203
] (interview
�=
42) categorized home user concerns
under two types, ‘unrelated to attacks’ such as dependency on a technology or loss of control to use, and ‘related
to attacks’ such as smart home data exposure and manipulation of device sensors. Worthy et al
.
[
192
] (experiment,
�=
5) collected daily use data from the participated homes with a specially developed IoT device, to nd that
that users tend to demand more control over the information collection process when they have less trust on
the data controller and consumers. Through an empirical analysis involving 265 valid respondents, Lee [
104
]
(survey,
�=
300) observed a positive association between dierent types of vulnerabilities (‘Technological’,
‘Legal’ and ‘User’) and IoT privacy concern, except provider vulnerabilities. Hwang et al
.
[
83
] (survey,
�=
300)
revealed dierent levels of privacy risk perception for dierent types of home IoT services, venturing into a
trade-o between privacy and functionalities. This trade-o is also re-iterated by a study conducted by Psychoula
et al. [150](survey �=231; interview �=41). Yao et al. [196] explored user-centered privacy design (Co-design
study,
�=
25) to demonstrate home users’ conceptualization of privacy control mechanisms. They identied six
factors (Data Transparency & Control’, ‘Security’, ‘safety’, ‘Usability’, ‘Contextual detection & Personalizing’, and
‘System Modality’) to help design smart home privacy controls. A study [
13
] focused on understanding Saudi
home users’ privacy and security concerns of using smart devices, and revealed that 79.7% of Saudi users were
afraid of losing their data because of low awareness of related issues and the lack of governmental interventions.
Eleven papers discussed privacy concerns on smart speakers, the most popular topic under RQ4, and
discussed it from many angles, i.e., lack of privacy concerns by users, contextual privacy concerns, data
collection behaviors of the manufacturers, the underlying behaviors such as trust and psychological
factors. Lau et al
.
[
103
] conducted a diary study with 34 smart speaker user and non-users, to nd that smart
speaker users lacked knowledge on privacy risks whereas non-users lacked trust on the vendors. This was further
highlighted by Malkin et al
.
[
113
] and Chalhoub and Flechais [
42
], who commented on how users preferred
comfort to privacy because of the low level of privacy concern and any desire to observe privacy behaviors
is inhibited by the lack of user-friendly interface. Concerns about the privacy risks that smart speakers can
track and listen to users’ data were observed in two studies [
46
,
85
]. Fruchter and Liccardi [
60
] used dierent
NLP (natural language processing) tools to process 109,536 online user reviews on Amazon Echo and Google
Home for the presence of specic security and privacy-oriented keywords. Only 2% of the reviews using those
keywords showed major concerns about data collection. Manikonda et al
.
[
114
] examined online reviews to
note users’ positive outlook towards the smart speakers and a good level of privacy. Mols et al
.
’s explorative
study (survey,
�=
325; focus group,
�=
35) on the Dutch households’ privacy concerns [
130
] provided a
multi-dimensional understanding of users’ concerns including surveillance, device security, day-to-day user
behaviors and transparency of platforms. Lutz and Newlands [
112
] (survey,
�=
325) discussed privacy concerns
related to smart speakers from a contextual perspective, suggesting that such concerns vary depending on
the source. Two papers focused on users’ concerns about the data collection behaviors of smart speaker
manufacturers. Huang et al
.
[
82
] investigated shared use of smart speakers (interviews,
�=
26), and observed
that participants expressed privacy concerns about their housemates and visitors, and also about privacy-invasive
data collection by speaker manufacturers. Park et al
.
[
144
] (survey,
�=
359) noticed that privacy concerns led to
negative privacy-coping behaviors such as anger, anxiety and disappointment against the relevant companies,
and generate bad words of mouth or disengagement.
Reection on the underlying behaviors such as psychological and trust behind users’ concerns about
smart speakers was explored in two papers. Liao et al
.
’s investigation (survey,
�=
1160) on the role of privacy
and trust in users’ decisions on adopting smart speakers [
110
] revealed that, users tend to trust the vendors
(Google, Amazon, and Apple) on the usage of their information, and privacy concerns dier between people
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 17
who use dierent hardware devices (a smart phone or a smart speaker) to interact with the agent. Ghosh and
Eastin [
68
] (survey,
�=
289) examined dierent psychological mechanisms underlying home user’s interaction
with software agents such as Alexa and Siri and hardware devices such as smart speakers and smart phones, and
how they aect privacy concerns and information disclosure behaviors. Similar to what Ghosh and Eastin [
68
]’s
study explained about how participants are more likely to report on higher privacy concerns when interacting
with voice assistants through smart speakers than through smart phones.
Parental privacy concern was discussed in three papers. Reecting on parent’s technology usage, control
and concerns, Alqhatani and Lipford [
15
] (interview,
�=
20) stated that parents did discuss children’s privacy
and security concerns regarding their online use and controls but did not expand on these to include smart
devices. In contrast, Prasad et al
.
[
149
] (interview,
�=
20) considered parental privacy concerns towards service
providers and manufacturers and how they aect their children. Sun et al
.
[
171
] (interview,
�=
23) identied
six factors which, according to them, inuence parents’ perception of privacy risks, including parenting style,
tech-savviness, trust in manufacturer, age of the children, features of the used devices and news media reporting.
While twelve papers considered other aspects which might aect privacy concerns of home users.
Golbeck [
70
] analyzed 501 online comments to nd out that 81% of the home user have concerns about using
their Internet Service Providers (ISP) supplied home router as a public Wi-Fi hot-spot. Privacy concern was
found to be the most prevalent ethical concern in a study (survey,
�=
631) by Seymour et al
.
[
165
]. Through
their study on authentication management techniques of home users (
�=
93), Alam et al
.
[
9
] revealed that this
type of privacy concerns does not actually reect users’ practices. Grünewald and Reisch [
71
]’s study (survey,
�=
701) revealed that participants were more inclined to share their location data for services (50%), than with
service providers (28%), but struggled with dierentiating between the two. Lee and Kobsa [
105
] conducted a
clustering analysis based on data collected from 200 participants on 2,800 hypothetical IoT scenarios and ve
contextual parameters (‘where’, ‘what’, ‘who’, ‘reason’ and ‘persistence’) aecting home users’ privacy concerns,
to nd scenarios according to their privacy risks. A new theoretical model (which will be discussed more in
RQ9) was suggested by Guhr et al
.
[
72
] to nd out the role, privacy concerns plays in home users’ acceptance of
smart home technology. Results of Crabtree et al
.
’s research [
49
] demonstrated the fact that the discussion and
design eorts for any sort of privacy mechanisms should focus on managing human relationships rather than
controlling data ows. Both Barbosa et al
.
[
22
] and Cannizzaro et al
.
[
40
] commented on users’ reluctance on
home IoT adoption due to their privacy concerns, and how such reluctance grows with age [
40
]. Devices and
platforms other than smart devices such as ambient assisted living (AAL) [
47
], mobile-assisted robots [
154
] were
also studied to understand the type of privacy concerns they might generate. Wilkowska et al
.
[
190
] used three
dierent methodologies, i.e., a focus group(
�=
42), a survey(
�=
104) and an experimental usability study(
�=
55),
to study home users’ privacy concerns in the context of AAL and found that the level of privacy concerns of
participants observed, following each methodology diered signicantly.
Finally, one paper paid attention to the role of cultural background in privacy concerns: Huang and Wu [
81
]
conducted a small interview study with nine Chinese smart home users, showing some preliminary evidence
regarding their privacy concerns likely being less than an average American user (based on past American
privacy-related studies).
Multiple papers related to RQ4 focused on a specic type of smart devices – smart speakers. The trade-os
between privacy and functionality, how privacy concerns aected the decision of smart home adoption, are also
relatively popular topics of discussion. However, we found that some smart home devices such as smart
home appliances are much less studied, despite the increasing use of these devices in modern smart homes.
4.2.8 RQ5: Security & privacy behaviors and practices of home users.This is another popular area of
research, with 66 papers. Some papers (32) focused majorly on this RQ and others (34) reected on security and
privacy behaviors while discussing other concepts such as privacy concerns, awareness, multi-users issues and
ACM Comput. Surv.

18 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
related conceptual frameworks [
4
,
47
,
58
,
61
,
63
,
68
,
70
,
84
,
98
,
100
,
103
,
105
,
114
,
116
,
118
,
123
,
126
,
130
,
134
,
135
,
141
,
144
,
146
,
150
,
164
,
167
,
173
,
178
,
181
,
183
,
187
,
188
,
195
,
200
,
202
]. Here, we will focus on the 32 papers in the
former group.
Security practice related decision was discussed in four papers. Nthala and Flechais [
136
] in their study,
(interview,
�=
15) identied four themes ( stimuli (cues to action), support, stakeholders, and context) around
home users’ security practice related decisions. In a follow-up work (interviews,
�=
50) [
138
], they found that
home users majorly rely on family and friends as an informal support network. Furthermore, in another follow-up
work (survey,
�=
1
,
128; interview,
�=
65) [
137
], they found that security practice is aected by survival/outcome
bias, factors undermining condence in a security measure, in addition to other well known factors such as trust,
cost, knowledge and skill. Alam et al
.
[
9
] observed that despite being very concerned about their privacy and
security, users don’t follow appropriate security steps.
Management and conguration of smart devices was explored in three papers. Kaaz et al
.
[
87
] (experiment,
�=
7) found that, contrary to the popular belief, smart devices are not ‘plug and play’ and a majority of home
users face multiple barriers while conguring such devices, which often force them to accept vendors’ default
(possibly awed) security and privacy settings. Ho et al
.
[
79
], in an earlier (2010) study on home wireless networks,
revealed how home users depended on out-of-box security tools provided by manufacturers, hardly changed the
default security settings, rarely installed and maintained encryption keys across devices, and did not perceive
any dierences between encryption and access control. Topa and Karyda [
179
] collected and analyzed a broad
spectrum of privacy and security issues on usability of security tools such as VPNs, anti-virus and anti-spyware
programs (scenario-based, survey,
�=
150; interview,
�=
112) to highlight the need of detailed help, consistency
regarding use of technical terms, concerns over the use of personal data, and the absence of appropriate usability
tools for disabled users.
Seven studies looked at security behaviors aecting home users’ security practices for home networks.
Anderson and Agarwal [
18
] observed (survey,
�=
600) that home users’ security behaviors were inuenced by
cognitive, social and psychological components and hence, all such factors should be considered when analyzing
their security attitudes. He et al
.
[
77
] (survey,
�=
425) conrmed a proposed hypothesis that, participants focused
on IoT devices’ capabilities rather than the devices themselves to dene access control and authentication policies.
Binns et al
.
[
31
] concluded that, home users’ security actions are mostly inuenced by their preconceived notion
about the company responsible for the specic hardware device or software (e.g., a mobile app). However, Dupuis
and Ebenezer [
53
] were of the opinion that home users would be more willing to take precautionary actions if
they clearly understand the security mechanisms of the products they use. Via a mixed-method study (survey,
�=
1
,
006; interview,
�=
14), Taieb and Pelet [
174
] observed that home users’ attitudes and perception towards
IoT devices and the security of their data depend on the device type, e.g., a smart health device could induce them
to share more information than a smart speaker. Worthy et al
.
[
192
] conducted an experiment to collect data
from ve dierent households for a period of 10-14 days and analyzed the inhabitants’ behaviors. They observed
that the participants became familiar with new devices very soon and were generally happy with sharing data
as long as it is properly de-identied (e.g., via aggregation) and they were aware of the purpose of collection.
Risks associated with Wi-Fi vulnerabilities in home users were explored by Freudenreich et al
.
[
58
] (survey and
interview,
�=
16), who found that, although generally aware of the privacy risks, people were not knowledgeable
or skilled to address such problems.
The need of personalized approaches is highlighted in some work. Both Wash and Rader [
186
] and Forget
et al
.
[
57
] argued on the unsuitability of ‘one size ts all’ approach to security. Wash and Rader [
186
] discussed
dierent ‘folk models’ of threats that induce a home user to make dierent security decisions according to their
contextual belief. Whereas Forget et al
.
[
57
] collected user security behaviors and machine congurations of
73 users for at least 3 months within 9-month time window, and then interviewed 15 users out of the 73 ones.
Their results reiterated a nding of Wash and Rader [
186
] – since home users engage in security behaviors and
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 19
practices dierently, they may benet from dierent styles and dierent levels of interventions for their specic
needs.
privacy-specic behaviors of home users were explored in several papers. Crabtree et al
.
[
49
] studied
digital practices of 20 homes in the UK and found that participants employs a number of ‘ne-grained meth-
ods’(throwaway emails, ad blockers, cookies, consent forms, private browsing) to manage the ow of their private
data securely. Chalhoub and Flechais [
42
] investigated home users’ attitude in terms of the user experience
(UX), and pointed out that the lack of users’ privacy concerns arose out of their individual perception of the
situation and how they traded their privacy needs for the benets from smart devices. Lau et al
.
[
103
] and Malkin
et al
.
[
113
] found no evidence of privacy-seeking behaviors in users of smart speakers, and observed that users
did not use privacy controls already available to them in such devices. Al-Ameen et al
.
[
8
] revealed a number of
mismatches between users’ actual perception of data collection and data sharing by the IoT devices compared to
the devices’ published privacy policies.
Four papers used machine learning(ML) tools to reect on home users’ privacy or security behaviors. Naeini
et al
.
[
134
] used ML classiers to predict users’ preferred comfort level and their decision to allow or deny specic
data collection, whereas Barbosa et al
.
[
22
] implemented a decision tree classier to suggest how easy aordability
as a ‘motivator’ can defocus privacy as a ‘blocker’. Manikonda et al
.
[
114
] applied the latent Dirichlet allocation
(LDA) algorithm [
32
] and Word2Vec [
125
] to understand users’ privacy behavior and concerns. Li et al
.
[
106
]
analyzed home users’ security and privacy behavior by examining 15.4 million video streams from 211k Chinese
users and observed that frequent use of the camera increases the privacy risks.
Four papers looked at other aspects of user attitudes, perceptions and behaviors. Prasad et al
.
[
149
] discovered
(focus groups,
�=
3; interviews,
�=
14) that parents did not trust device/software manufacturers or ISPs to
protect their children from harms when using smart devices, and felt it was their responsibility to do so. Jin
et al
.
[
86
] discussed a dierent topic of residential privacy by examining data collected from the Foursquare
application and identied several vulnerabilities and privacy risks caused by user behaviors. Oulasvirta et al
.
[
139
]
used a specic behavioral observation system (BOB) to pool sensor data from designated surveillance devices
(Wi-Fi cameras, key-presses from personal computers, smart devices, TV and DVD media centers) to comment on
the contextual behavioral change. Abrokwa et al
.
[
3
] (survey,
�=
493) observed no signicant privacy behavioral
dierences between users of two mobile operating systems (iOS and Android).
The RQ5-related papers cover a wide range of topics, e.g., home users’ privacy and security behaviors, practices
and decisions, and parental behaviors, which mostly focused on issues around standalone devices. As in the case
of RQ3 and RQ4, more future research should focus on understanding home users’ behaviors and attitudes in
a connected home with hybrid devices.
4.2.9 RQ6: Multiple users in a single home.Eighteen papers in our study covered security and privacy
issues in a multi-user home environment, in dierent levels of depth.
Five papers examined privacy of bystanders, e.g., guests and nannies. Yao et al
.
[
197
] examined potential
privacy concerns and expectations of the bystanders (Focus groups,
�=
18) and observed strong contextual
variations, as they switch their roles under dierent social relationships. Bernd et al
.
[
29
] identied dierent
types of bystanders including nannies, home care attendants, house cleaners and maintenance workers who can
be aected by the use of smart devices but are not directly involved in the use of such devices. In a follow-up
study, Bernd et al
.
[
28
] (interview,
�=
25) found that nannies expected the existence of smart cameras but wanted
transparency of information from their employer (i.e., the homeowner) beforehand and were concerned by
potential misuse of collected data. Cobb et al
.
[
48
] surveyed 386 incidental users of smart devices, to understand
their most typical concerns and the context where it materializes, and recommended better communication
between the primary and incidental users. Ahmad et al
.
[
4
] (interview,
�=
19), proposed a concept of ‘tangible
privacy’ for designing IoT devices, to provide stronger privacy assurances to bystanders.
ACM Comput. Surv.

20 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
Four other papers discussed challenges in a multi-user home, focusing on access control and conguration
managements of home devices by dierent users in the same home environment. Access control issues in
a multi-user home were discussed by three groups of researchers [
77
,
84
,
200
], who conducted scenario-based
analyses and discussed challenges of using smart devices in a multi-user environment, including coarse-grained
access control resulting in either complete access or no access to users, intended or unintended threats to the
primary user’s data. Marky et al
.
[
119
] investigated a prototype for multi-setting interface to adjust privacy
settings by multiple users with multiple devices (experiment,
�=
15) and found that users prefer ability to
access detailed information with the settings. By exploring security and privacy implications in a multi-user
home, Zeng and Roesner [
200
] designed a prototype with dierent access control features (i.e., location-based,
supervisory). They discovered that factors such as usability and conguration complexity, lack of concerns for
devices, interference with other functionalities, trust between dierent home users are some of the reasons why
users ignore access control mechanisms. Four researchers [
77
,
84
,
200
] recommended dierent design changes
in smart devices to increase the usability and accessibility of the functionalities to all home users. Additionally,
He et al
.
[
77
] exploring dierent types of relationship in a multi-user home (‘Babysitter vs. visiting family’, and
‘Child vs. teenager’) found clear dierences in dierent users’ desires to have specic access control policies
attached to dierent capabilities of an IoT device.
Nine researchers discussed the challenges of device use in a multi-user home by primary and secondary
users, mostly focusing on the shared use of smart speaker. Both Malkin et al
.
[
113
] and Lau et al
.
[
103
] reected
on privacy tensions between primary, secondary and incidental users of smart speakers, while Zeng et al
.
[
199
]
pointed out unique privacy and security challenges that occur in a multi-user home where incidental users
depend on the primary users’ knowledge and control.In a related, study (interview,
�=
21),Marky et al
.
[
116
]
observed that visitors would usually accept the data collection by smart devices so long as the data is anonymized
and recommended to gain awareness and knowledge and evaluate data sensitivity, to exert control over their
privacy. In a follow-up study, Marky et al
.
[
118
] (interview,
�=
42) investigated two related privacy issues –
privacy of bystanders to homeowners and privacy of homeowners to bystanders. They recommended that, the
IoT designers must pay attention to both bystanders and the users while designing their devices. In their study
on mental model of 30 participants, Marky et al
.
[
117
] noticed a general lack of awareness amongst visitors about
the data ows in a smart home ecosystem. Based on interview data from 26 participants using smart speakers,
Huang et al
.
[
82
] (interview,
�=
26) found that participants had dierent types of concerns about inappropriate
access and misuse of personal information by housemates and other external entities, but would follow the same
risk management strategies in both cases. Geeng and Roesner [
63
] conducted a mixed-method study (
�=
18) to
study the inter-communication, tensions, and challenges in a multi-user home. They observed that the smart
home environment mimics the existing power dynamics (i.e., parent-child) in a household, giving smart home
drivers more access to functionalities than other users. Park and Lim [
145
] discussed on the privacy awareness of
family members while sharing a smart speaker.
Papers related to RQ6 cover mainly two areas, bystander privacy and access control. Users’ understanding
of the more complicated data ows in a multi-user home is one of the main topic that we felt should be
studied more, along with other areas such as threats from malicious secondary users and security and
privacy implications of interactions between multiple devices and multiple users.
4.2.10 RQ7: Demographic factors and their eects.Seventeen papers in our study substantially covered
topics related to this RQ.
Five papers studied home users’ security behaviors, practices and concerns, with a focus on gender. Wilkowska
and Ziee [
189
] studied the use of e-health technologies at home (
�=
104, 60 females and 44 males), showing
that female and healthy adults were more prone to demand stringent security and privacy standards than male
adults and ailing elderly, respectively. In contrast, Nohlberg and Kävrestad’s survey (152 participants, 53 females
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 21
and 99 males) [
135
] found men to be more decisive in comparison to women in an information security decision.
McGill and Thompson [
123
] surveyed 624 users (234 females and 390 males) and their results echoed Nohlberg
and Kävrestad’s nding that security behaviors of female users are weaker than male users’. Furini et al
.
[
61
]
conducted a small study during the 2020 COVID-19 lockdown on people’s privacy behaviors and concerns on
smart speakers, and found that both male and female users had privacy concerns. Looking into gender and IoT
use experience, Lee [
104
] concluded that female users were more concerned by their own vulnerabilities and
people without technical experience were more concerned by providers’ vulnerabilities.
Some other papers focused on demographic factors beyond gender such as age and disability while analyzing
privacy and security attitudes and concerns of people using AAL, older adults and other variables such as age,
ethnicity, income level and disability. van Heek et al
.
[
183
] studied the acceptance of AAL technologies, and the
trade-os between perceived benets and barriers (survey,
�=
279). They found that user diversity in terms of
age, disability and care giving experience does signicantly aect the trade-os between perceived benets and
barriers. In another related study that used three dierent methodological approaches (focus groups, survey and
a usability study), Wilkowska et al
.
[
190
] noticed privacy with regard to AAL technologies is independent of the
age or gender. The same conclusion was also drawn by Choukou et al
.
[
47
], who compared the attitude of older
and younger adults on the use of AAL technology. However, when age was discussed as a factor inuencing
privacy and security attitude in general (not specic to AAL), it tends to play a signicant role in user attitude.
Age was a parameter studied by Singh et al
.
[
167
] (survey,
�=
231) who found that older adults (36 – 70) were
more willing to share data on health grounds than their younger (below 36) counterparts. In their analysis of a
large-scale survey with 2,033 UK participants, Cannizzaro et al
.
[
40
] noticed that age and education level play a
signicant role in determining people’s trust on IoT devices for security and privacy. In another study, Wash and
Rader [
186
] found that educated users and older adults often exercise fewer precautions in regard to security
threat. Klobas et al
.
[
94
] reported similar results about security perceptions of older and educated participants
who seemed to be more likely to assess security risks of IoT products and had a more positive attitude towards
them, although they were still concerned about the privacy and functionality, which does not meet the need of
their specic requirements. [
30
]. Reeder et al
.
[
153
] interviewed ten post-menopausal women (age band: 50-70) to
understand their perception of wearable devices and found that the participants largely accepted the technology
as useful.
Seidl et al
.
[
164
]’s study (survey,
�=
214) found that geo-privacy behaviors are very much linked to a
participant’s underlying knowledge of the eld and similar across dierent demographic factors including
gender, ethnicity and income level. Huang and Wu [
81
]’s comparative study on Chinese and US users revealed
that users’ privacy concerns in China seemed to be lower than in Western countries. Lafontaine et al
.
[
100
]
conducted a survey (
�=
232) over three geographic regions (the US, the EU and India) and found that IoT users
were comparatively comfortable in accepting risk than non-IoT users. Furthermore, they observed contrasting
behaviors of users in dierent regions, i.e., people in India trust their government more in protecting their data
compared to people in the US and the EU.
Papers related to RQ7 studied demographic factors such as gender, age, educational background, disability,
ethnicity and income level, and their implications on security and privacy behaviors of home users. There is
contradictory evidence of weaker security behaviors of females compared to males, therefore needing
more research in this area. We noticed that a majority of the studies focused on developed nations such as the
UK, the US and the EU, so more research on developing countries and non-Western countries is much needed.
4.2.11 RQ8: Contextual factors influencing security and privacy behaviors and practices at home.
Eleven papers in our study contributed substantially to this theme.
Three papers considered location as the contextual factor. McCreary et al
.
[
120
]’s study (video experiment,
�=
264) found that people were very much concerned about privacy inside their home regardless of the activities
ACM Comput. Surv.

22 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
they are involved in compared to outside their home. Molina et al
.
[
129
] (survey,
�=
276) asked their participants
to imagine using Wi-Fi networks at four dierent locations (coee shop, university, Airbnb, and home). One of
their hypotheses is that a higher belief in publicness heuristic can lead to less information disclosure. Their results
showed positive evidence to support this hypothesis. Naeini et al
.
[
134
]’s research (vignette study,
�=
1
,
007)
working with a set of 380 IoT data collection and dierent scenarios revealed the context-dependence and the
diverse nature of privacy preferences of home users.
Other researchers analyzed contextual use of devices [
139
] aecting privacy and security behaviors or
leading to specic individual knowledge and experience or device’s primary function dictating users’ privacy
perception [
4
]. Lee and Kobsa [
105
] conducted a comprehensive analysis using K-mode clustering analysis,
employing data from hypothetical IoT scenarios (survey,
�=
200). They used K-modes clustering analysis with
four clusters (‘Very unacceptable’, ‘Unacceptable’, ‘Somewhat acceptable’, and ‘Acceptable’) and analyzed the
data with ve contextual parameters (‘where’, ‘what’, ‘who’, ‘reason’ and ‘persistence’) to reect on the impacts
of contextual factors on peoples’ privacy perceptions. Apthorpe et al
.
[
20
] used the contextual integrity (CI)
framework (survey,
�=
1
,
731). They collected 3,849 information ows passing between various rst and third-
party recipients in a smart home to provide rich insights into why device manufacturers should survey privacy
norms in specic contexts and why privacy norms should support restrictive rather than permissive IoT device
communications. Tabassum et al
.
’s [
173
] study, (interview,
�=
23) discovered that users’ threat modelling of their
home and their protection behaviors were not shaped by their existing knowledge, but by their experience in
other computing contexts. McGill and Thompson’s research (survey,
�=
629) on users’ security behaviors [
122
]
revealed that users perceived to expect more risks from the use of a mobile device than from a home computer. He
et al
.
[
77
] studied access control issues in multi-user homes (
�=
425) and looked at frequent context-dependent
capabilities of various IoT devices. They noticed ve contextual factors (‘Age’, ‘Location of Device’, ‘Recent Usage
History’, ‘Time of Day’ and ‘Location of User’) impacted signicantly on the implementation of access control
capabilities of smart devices. According to Lutz and Newlands’s study [
112
], privacy concerns are dependent on
the context of the origin source.
The major areas of discussion on this RQ were location and use of smart devices. However, we feel that
some other important contexts need more research, including varying security behaviors and practices of home
users when using traditional devices verses smart devices, sharing a particular device with other users, dierent
types of smart devices other than more studied ones such as smart speakers. There is also a lack of research on
the legal context, e.g., home users’ understanding of the legal support available to them in case of any security or
privacy breaches, and their legal rights when it comes to the storage and manipulation of their data on dierent
types of home devices.
4.2.12 RQ9: Theoretical frameworks of security and privacy behaviors.With Eighteen papers in our
data set, RQ9 is another much-discussed theme in our study.
Seven papers in this theme [
18
,
53
,
64
,
94
,
122
,
126
,
187
] discussed users’ security behaviors in light of the PMT
(Protection Motivation Theory)[
156
]. Analyzing the survey data from 72 home computer users, Mills and
Sahi [
126
] concluded that participants were not signicantly inuenced by perceived vulnerability or perceived
severity when trying to implement additional security measures on their home computers. However, they
identied that response ecacy and self-ecacy were moderate predictors of individuals’ intention to implement
additional security measures. Klobas et al
.
[
94
] study on security risk’s inuence on smart home adoption (survey,
�=
405) observed the perceived risk as a determinant of smart home adoption intentions. White et al
.
[
187
]
used a survey with 945 adult participants to investigate dierent factors that aect computer security protective
behaviors and perceived security incidents. Dupuis and Ebenezer [
53
] used a mixed-method study under the
framework of PMT, using analysis of data from 500 customer reviews of ten IoT devices, 18 interviews, and
a large-scale AMT-based online survey with 1,006 valid response, to study the lack of privacy-risk awareness.
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 23
They found that home users would engage in dierent privacy protected mechanisms if they are simple to
understand and cheap to use. George et al
.
[
64
] reiterated this fact in their survey (
�=
219), when they found
that low awareness of risk coupled with self-ecacy hinders the users from addressing the existing privacy risks.
Anderson and Agarwal [
18
] used PMT to examine security behaviors of 101 participants in a survey with 594
home computer users and an experiment with 101 participants. They concluded that users’ security behaviors
were inuenced by an individualized message focusing on the benets of good security behaviors.
Two Papers extended the functionalities of PMT for their investigation. Tsai et al
.
[
181
] examined how PMT
factors predict users’ security intentions (survey,
�=
988). They extended the original PMT theory by including
commonly neglected variables such as threat susceptibility, prior experience with a safety hazard, coping self-
ecacy, to understand threat perspectives of home computer users while being online. They found several factors
such as gender, age, threat severity, prior experience, coping self-ecacy, personal responsibilities amongst
others, that are signicantly co-related with users’ security intentions. Thompson et al
.
[
178
] (survey,
�=
629),
included the social and peer inuence, psychological ownership and metrics on actual behaviors to measure the
eectiveness of these factors on user behaviors under dierent contexts. Their results demonstrated that users
behaved dierently under both contexts (personal computers and mobile devices). Their ndings echoed the PMT
theory by proving the fact that perceived vulnerability, self-ecacy and response cost all played an important
role in determining users’ security behaviors.
The Theory of Planned Behavior (TPB) proposed by Ajzen in 2011 [
6
] explains that individuals depend on
intention to behave in a certain way and their ability to control that intention. Yang et al
.
[
195
]added six external
variables to TPB to build a comprehensive new model and validated the model with data collected from 216
survey participants. The results echoed the core concept of TPB that attitude, subjective norm and PBC (perceived
behavioral control) are positively related to behavioral intention of the user. Guhr et al
.
[
72
] developed a research
model based on several theoretical models, including TPB, to measure the eect of privacy concerns on the smart
device usage by home users. The study (survey, n=256) applied the partial least squared structural equation
modelling (PLS-SEM) to identify four essential elements to represent privacy concerns, including secondary use
of personal information, perceived surveillance, perceived intrusion, and awareness of privacy practice. Ferraris
et al. [56] as suggested in 4.2.4, put-forward a holistic trust model to improve security at home.
Some other old and new conceptual frameworks include the Technology Threat Avoidance Theory (TTAT) for
testing the IT Threat avoidance [
108
], negative-perception modelling for identifying barriers to smart home usage
by the elderly user [
141
], the privacy calculus theory to measure the relationship between perceived privacy risk
and the willingness to share privacy information [
92
], Innovation Resistant theory (IRT) and Multidimensional
Development Theory (MDT) to examine privacy concerns by Frick et al
.
[
59
] and the new model Perceived
surveillance of conversation (PSoC) developed by Pal et al
.
[
143
] to determine the cause of privacy concern.
Some of the new frameworks include the Stimuli-organisms-responses (S-O-R) framework for measuring the
balancing role of negative emotions such as anger, anxiety between privacy concerns and behaviors [
144
],
vulnerability-privacy concern-resistance (VPR) framework for explaining how users’ resistance to the adoption
of new technology is aected by their privacy concerns and their perception of their vulnerabilities Lee [104].
Although old and new theoretical frameworks have been used/developed to explore home users’ security and
privacy attitudes, practices and concerns, studies on using such frameworks to analyze security and privacy
aspects on the use of smart devices such as smart speakers are largely missing from the papers we covered.
In addition, it seems that such frameworks have not been incorporated into relevant ontologies to support related
research in a more holistic manner.
ACM Comput. Surv.

24 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
5 DISCUSSIONS & RECOMMENDED RESEARCH DIRECTIONS
The results of our meta-review and SLR showed active and extensive research on dierent topics in the broad area
of user perspectives of security and privacy aspects of home networks. However, our work also revealed many
research gaps, indicating that more research is still required. In this section, we summarize our core ndings
around seven recommended future research directions. Note that some can be mapped to a single RQ of our SLR,
but others cross-cut several RQs.
5.1 Co-existence of multiple connected devices in a single home
As mentioned in the Introduction Section, the average number of connected devices in an average household in
most Western countries is over seven [
101
]. The existence of many households with multiple home devices calls
for more research on the role of co-existence of multiple devices in a single home. Such needs have been met
by some research [
34
,
166
], but with limited depth and breadth. We observed three main research gaps. First,
most research that has been conducted focused on standalone devices or a specic type of devices such as smart
speakers [
1
,
42
,
46
,
145
], smart phone [
40
], and activity sensors [
153
]. Although recent research has explored
multiple devices in a connected home, especially data ows in a connected home [
36
,
39
,
91
], more research
is still needed to investigate how dierent types of home devices interact with each other, e.g., a smart
doorbell with a smart alarm, how such interactions are perceived by the users and how they aect security and
privacy of the home network as a whole. Second, the increasing number of home devices in a single home will
unavoidably complicate conguration and management of such devices, including their security and
privacy settings. Third, a large number of studies have concentrated on specic types of home devices, leaving
some types of home devices under-studied, especially dierent types of smart appliance. However, the
use of smart appliance at homes has been steadily increasing [
102
,
169
], so more research on such devices is
much needed.
5.2 Multiple users in a single home
According to the PRB (Population Reference Bureau) [
148
], the average household size worldwide in 2020 was
4.0, suggesting that most home networks have multiple users. Considering frequent and occasional visitors (e.g.,
neighbors, relatives, friends, carers and nannies) to a household, the number of users can be even larger. There are
also more complicated scenarios where the concepts of “home” and “regular occupants” are not clearly dened.
For instance, some members of a household split their time between two or even more “homes” (e.g., university
students and boarding school pupils live on campus during term time and go back to their parents’ house during
term breaks), some people living in the same neighborhood may share a broadband router where the “home”
network covers multiple households (which we could call an “extended home network”), and students sharing
a multi-room house may see it as a “pseudo-home”. Note that there can also be a hierarchical or graph-based
structure among multiple home users, possibly device-dependent (e.g., a primary user of a home device is a
secondary user of another home device). Research on the privacy and security issues in a multi-user home is
steadily growing [
28
,
63
,
82
,
113
,
117
,
118
,
197
,
200
]. However, most studies in this area are focused on access
control issues and power-play relationships between primary and secondary home users, overlooking the issues
of an increasingly hybrid and extended home occupants [
201
]. Research on many aspects of multiple users
in a single home, e.g., insider attacks and home users’ perception, security and privacy aspects of an “extended
home network” and a “pseudo-home” network, is missing from the current research literature.
5.3 Multiple contexts and contextual factors/parameters
Our SLR results showed evidence of research mainly in location- [
120
,
129
] or device-based contexts [
122
,
173
].
Although home itself may be considered a specic context, home users actually use the home network and home
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 25
devices in the home for many dierent purposes, leading to multiple dierent (sub-)contexts of home networking
where security and privacy aspects have to be studied dierently. For instance, when using traditional computing
devices (personal computers) and “smarter” home devices, the context of use is very dierent. Similarly, when
working from home, there is a mixture and overlap between the work and home contexts. Furthermore, when a
user brings home devices (e.g., mobile devices and wearables) outside of the home for controlling home devices
remotely, an “extended home” context is created. More generally, each unique home networking scenario and
each specic type of home device could dene a unique context, and the dierent subsets of home devices that
work together for a specic purpose also dene dierent contexts. In addition to contexts dened by dierent
usage scenarios and user intention/purposes, some contexts are more overarching and should be considered
part of other contexts, e.g., the legal context regarding data protection matters about home devices that collect
personal data. Context-aware security and privacy is a signicant research area and some past studies [
157
] have
shown that concepts such as contextual histories dealing with the present and past contexts of the user can be
used to enhance the competency and predict future contexts [
50
] to adept user behaviors. However, as our SLR
showed, research on dierent contexts and contextual factors/parameters is still relatively limited, and future
work should venture into less-studied contexts.
5.4 Data flows across multiple devices, multiple users and in multiple contexts
Given the existence of multiple devices, multiple users and multiple contexts in a typical home network, and the
complicated relationships between them, there can be complicated unidirectional and bidirectional data ows of
dierent kinds, e.g., device-to-device, user-to-user, device-to-user, device-to-Internet, and user-to-Internet (the
last two are about data ows between the home and the external world, mainly external online services and
cloud servers on the Internet). These data ows might also dier in dierent contexts. Therefore, understanding
such data ows is of particular importance for analyzing security and privacy issues and for developing more
eective solutions. Researchers have been working around this topic [
38
,
91
,
155
] with a good deal of work
focusing on device-to-Internet phenomena [
20
,
173
], but a more systematic endeavor is still lacking. Hence, more
comprehensive research is needed to consider the complexities of data ows inside a home and from/to the
external world. These might consider dierent types of data ows between dierent entities in dierent
contexts, how they lead to security and/or privacy threats and risks, how home users perceive such data ows,
how home users respond to any security or privacy concerns, and how technical or socio-technical solutions can
be developed based on knowledge of such data ows. In addition, more experimental work is required to test
“hidden” data ows that are not explicitly specied in user manuals of home devices and privacy policies of the
manufacturers.
5.5 Demographic factors
Not surprisingly, our SLR revealed that gender and age are the two mostly studied demographic factors in the
literature. Some researchers also looked at eects of other demographic factors such as ethnicity, knowledge, edu-
cation level, income level, and disability, though with a limited depth. Furthermore, as mentioned in Section 4.2.10,
39% of the studies were conducted in UK, USA and Western Europe, suggesting a need for diversication
of countries covered. Chen et al
.
[
44
] suggested that, “geographical perspectives” could be instrumental in
deciding human behaviors and hence it is important that further research should consider less-studied areas.
While some demographic factors have been less or not studied, even for more-studied factor such as gender, we
have observed conicting results, so more research is needed to consolidate our understanding.
ACM Comput. Surv.

26 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
5.6 Home users’ awareness, perceptions, aitudes, behaviors and practices
Although a lot of work has been done on these aspects, the research gaps we identied in the previous subsections
suggest that there are still several gaps to be lled by further research. Many factors, including household types,
types of home networks including those with multiple geo-locations [
201
], dierent user structures [
118
,
200
],
dierent usage contexts and scenarios, and dierent demographic factors, can aect home users’ awareness,
perceptions, attitudes, behaviors and practices. According to some past studies [
27
,
31
,
73
,
95
], behavioral practices
could be inuenced by the level of awareness. Although dierent awareness enhancement initiatives are steadily
increasing to help users understand the nuances of security and privacy at home, they are still not eective
for non-expert users. Therefore, more research is needed to look into better ways and methods of increasing
privacy and security awareness of the users. Furthermore, a number of studies [
87
,
179
] looked into issues
of device congurations by users. These could be further investigated to address dierent issues, including
weak authentication [
177
] and multi-user authorization (automatic conguration) [
26
]. Dierent ML algorithms
including supervised classiers [
22
,
134
] and unsupervised learning algorithms such as LDA [
22
] have been
used in past studies to both predict and analyze user behavior. However, further attention in this area is needed,
especially in the context of multi-user and multi-device home to automatically learn and predict multi-user
behavior and issues in a connected landscape. In addition to more studies on less-studied areas, some more
holistic approaches are clearly needed, e.g., new taxonomies and ontologies that can cover dierent types of
user perspectives and inuencing factors.
5.7 Theoretical and conceptual frameworks
Our SLR has shown that past studies have considered the use and development of theoretical and conceptual
frameworks, but mostly focusing on behavioral frameworks (e.g., PMT and TPB). On a more technical front,
many taxonomies and ontologies have also been proposed [
19
,
78
,
160
,
168
], but they mostly have a limited scope
and do not cover user perspectives suciently or not at all. More precisely, there is much less work developing
theoretical and conceptual frameworks connecting home computing, IoT and smart home, user perspectives,
security and privacy aspects, and other important factors. We argue that a more advanced ontology needs
developing to have a more holistic and comprehensive view of security and privacy of home networks,
covering a wide range of aspects including at least the following: traditional computing devices (including
personal computers, routers and switches), smarter devices (including mobile devices, wearables, and IoT devices),
physical and virtual network topologies, relevant software tools and online services (including rmware in
hardware devices, mobile apps, smart speaker skills, online management tools and services, etc.), household
and user structures, demographic factors, mappings between home devices to capabilities, dierent threats and
defense mechanisms, dierent aspects of user perspectives (including awareness, attitude, perception, purposes
and intention, behavior, activities, and practices). Developing such a comprehensive ontology is not trivial, and
should be based on existing taxonomies and ontologies covering dierent areas.
6 CONCLUSION
The purpose of this study is to conduct a systematic review of published papers on user perspectives of security
and privacy aspects of a home network environment. It is evident from the results that this is quite a popular
area of research and the number of studies, especially towards the later part of the last decade, has increased
signicantly in number and in depth. Despite many research papers published, the focus of most past studies is
on issues and concerns arising from using a specic type of smart devices (i.e., smart speakers), their security
and privacy practices and related decisions, and underlying factors such as user trust and access control issues.
Few studies explored the issues of multiple types of connected devices inside a home network (including smart
devices, traditional computing devices, multiple smart devices and gateway devices, etc.) or considered the
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 27
uid boundaries of a digital home. Additionally, some researchers also discussed multi-user related security and
privacy concerns and behaviors. Research also highlighted the role of location- and device-specic contexts, and
demographic factors, such as age and gender, in shaping users’ security and privacy behaviors. Furthermore, the
study collated theoretical and conceptual frameworks explaining the reasoning behind such users’ behaviors and
actions.
Our work revealed a number of important research gaps and calls for more research in a range of key research
areas, particularly around more holistic approaches (such as more advanced conceptual frameworks, especially a
more comprehensive home networking and smart home ontology) considering multiple and inter-connected
heterogeneous home devices, co-existence of several types of home users and other stakeholders, various contexts,
data ows between dierent entities and in dierent contexts, and more demographic factors. In other words, we
call for more future research to study the multi-dimensional complexity around security and privacy aspects of
home networks and user perspectives, in order to make future home networks and smart homes more secure and
privacy-friendly and meet people’s needs better.
REFERENCES
[1]
Noura Abdi, Kopo M. Ramokapane, and Jose M. Such. 2019. More than Smart Speakers: Security and Privacy Perceptions of Smart Home
Personal Assistants. In Proceedings of SOUPS 2019. USENIX, 451–466. https://www.usenix.org/conference/soups2019/presentation/abdi
[2]
Mohammad Ali Nassiri Abrishamchi, A. Hanan Abdullah, A. David Cheok, and Kevin S. Bielawski. 2017. Side Channel Attacks on
Smart Home Systems: A Short Overview. In Proceedings of IECON 2017. IEEE, 8144–8149. https://doi.org/10.1109/IECON.2017.8217429
[3]
Desiree Abrokwa, Shruti Das, Omer Akgul, and Michelle L. Mazurek. 2021. Comparing Security and Privacy Attitudes Among U.S.
Users of Dierent Smartphone and Smart-Speaker Platforms. In Proceedings of SOUPS 2021. USENIX, 139–158. https://www.usenix.
org/conference/soups2021/presentation/abrokwa
[4]
Imtiaz Ahmad, Rosta Farzan, Apu Kapadia, and Adam J. Lee. 2020. Tangible Privacy: Towards User-Centric Sensor Designs for Bystander
Privacy. Proceedings of the ACM on Human-Computer Interaction 4, CSCW2, Article 116 (2020), 28 pages. https://doi.org/10.1145/3415187
[5]
Nazilah Ahmad, Umi Asma’Mokhtar, Wan Fariza Paizi Fauzi, Zulaiha Ali Othman, Yusri Hakim Yeop, and Siti Norul Huda Sheikh
Abdullah. 2018. Cyber Security Situational Awareness among Parents. In Proceedings of CRC 2018. IEEE, 3 pages. https://doi.org/10.
1109/CR.2018.8626830
[6]
Icek Ajzen. 2011. The theory of planned behaviour: Reactions and reections. Psychology & Health 26, 9 (2011), 1113–1127. https:
//doi.org/10.1080/08870446.2011.613995
[7]
Abdulwahid Al Abdulwahid, Nathan Clarke, Ingo Stengel, Steven Furnell, and Christoph Reich. 2015. Security, Privacy and Usability –
A Survey of Users’ Perceptions and Attitudes. In Proceedings of TrustBus 2015. Springer, 153–168. https://doi.org/10.1007/978-3-319-
22906-5_12
[8]
Mahdi Nasrullah Al-Ameen, Al-Ameen Chauhan, M.A. Manazir Ahsan, and Huzeyfe Kocabas. 2021. A look into user’s privacy
perceptions and data practices of IoT devices. Information and Computer Security 29, 4 (2021), 573–588. https://doi.org/10.1108/ICS-08-
2020-0134
[9]
Aniqa Alam, Heather Molyneaux, and Elizabeth Stobert. 2021. Authentication Management of Home IoT Devices. In Proceedings of
HCI-CPT 2021. Springer, 3–21. https://doi.org/10.1007/978-3-030- 77392-2_1
[10]
Iftikhar Alam, Shah Khusro, and Muhammad Naeem. 2017. A Review of Smart TV: Past, Present, and Future. In Proceedings of ICOSST
2017. IEEE, 35–41. https://doi.org/10.1109/ICOSST.2017.8279002
[11]
Salem AlJanah, Ning Zhang, and Siok Wah Tay. 2021. A Survey on Smart Home Authentication: Toward Secure, Multi-Level and
Interaction-Based Identication. IEEE Access 9 (2021), 130914–130927. https://doi.org/10.1109/ACCESS.2021.3114152
[12]
Zahrah A. Almusaylim and Noor Zaman. 2019. A review on smart home present state and challenges: linked to context-awareness
internet of things (IoT). Wireless Networks 25, 6 (2019), 3193–3204. https://doi.org/10.1007/s11276-018-1712- 5
[13]
Omar Almutairi and Khalid Almarhabi. 2021. Investigation of Smart Home Security and Privacy: Consumer Perception in Saudi Arabia.
International Journal of Advanced Computer Science and Applications 12, 4 (2021), 614–622. https://doi.org/10.14569/IJACSA.2021.0120477
[14]
Fayez Alotaibi, Nathan Clarke, and Steven Furnell. 2017. An Analysis of Home User Security Awareness Education. In Proceedings of
ICITST 2017. IEEE, 116–122. https://doi.org/10.23919/ICITST.2017.8356359
[15]
Abdulmajeed Alqhatani and Heather Lipford. 2018. Exploring Parents’ Security and Privacy Concerns and Practices. In Proceedings
USEC 2018. Internet Society, 6 pages. https://doi.org/10.14722/usec.2018.23019
[16]
Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose. 2019. SoK: Security Evaluation of Home-Based IoT Deployments.
In Proceedings of IEEE S&P 2019. IEEE, 1362–1380. https://doi.org/10.1109/SP.2019.00013
ACM Comput. Surv.

28 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
[17]
Abdalkrim M. Alshnta, Mohd Faizal Abdollah, and Ahmed Al-Haiqi. 2018. SDN in the home: A survey of home network solutions
using Software Dened Networking. Cogent Engineering 5, 1, Article 1469949 (2018). https://doi.org/10.1080/23311916.2018.1469949
[18]
Catherine L. Anderson and Ritu Agarwal. 2010. Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer
User Security Behavioral Intentions. MIS Quarterly 34, 3 (2010), 613–643. https://doi.org/10.2307/25750694
[19]
Malik Nadeem Anwar, Mohammad Nazir, and Khurram Mustafa. 2017. Security Threats Taxonomy: Smart-Home Perspective. In
Proceedings of ICACCA Fall 2017. IEEE, 4 pages. https://doi.org/10.1109/ICACCAF.2017.8344666
[20]
Noah Apthorpe, Yan Shvartzshnaider, Arunesh Mathur, Dillon Reisman, and Nick Feamster. 2018. Discovering Smart Home Internet of
Things Privacy Norms Using Contextual Integrity. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
2, 2, Article 59 (2018), 23 pages. https://doi.org/10.1145/3214262
[21]
Judit Bar-Ilan. 2018. Tale of Three Databases: The Implication of Coverage Demonstrated for a Sample Query. Frontiers in Research
Metrics and Analytics 3, Article 6 (2018), 9 pages. https://doi.org/10.3389/frma.2018.00006
[22]
Natã M. Barbosa, Zhuohao Zhang, and Yang Wang. 2020. Do Privacy and Security Matter to Everyone? Quantifying and Clustering
User-Centric Considerations About Smart Home Device Adoption. In Proceedings of SOUPS 2020. USENIX, 417–435. https://www.
usenix.org/conference/soups2020/presentation/barbosa
[23]
Jhonattan J. Barriga A. and Sang Guun Yoo. 2018. Security over Smart Home Automation Systems: A Survey. In Proceedings of MICRADS
2018. Springer, 87–96. https://doi.org/10.1007/978-3-319- 78605-6_7
[24]
Susanne Barth and Menno D.T. de Jong. 2017. The privacy paradox – Investigating discrepancies between expressed privacy concerns
and actual online behavior – A systematic literature review. Telematics and Informatics 34, 7 (2017), 1038–1058. https://doi.org/10.
1016/j.tele.2017.04.013
[25]
Jordi Mongay Batalla, Athanasios Vasilakos, and Mariusz Gajewski. 2017. Secure Smart Homes: Opportunities and Challenges. Comput.
Surveys 50, 5, Article 75 (2017), 32 pages. https://doi.org/10.1145/3122816
[26]
Jochen Bauer, Michael Hechtel, Christoph Konrad, Martin Holzwarth, Hilko Homann, Thomas Feld, Sven Schneider, Ingo Zinnikus,
Andreas Mayr, and Jörg Franke. 2020. ForeSight - An AI-driven Smart Living Platform, Approach to Add Access Control to openHAB.
In Proceedings of ICOST 2020. Springer, 432–440. https://doi.org/10.1007/978-3-030-51517-1_40
[27]
Carlos Bermejo Fernandez, Petteri Nurmi, and Pan Hui. 2021. Seeing is Believing?: Eects of Visualization on Smart Device Privacy
Perceptions. In Proceedings of MM 2021. ACM, 4183–4192. https://doi.org/10.1145/3474085.3475552
[28]
Julia Bernd, Ruba Abu-Salma, and Alisa Frik. 2020. Bystanders’ Privacy: The Perspectives of Nannies on Smart Home Surveillance. In
Proceedings of FOCI 2020. USENIX, 14 pages. https://www.usenix.org/conference/foci20/presentation/bernd
[29]
Julia Bernd, Alisa Frik, Maritza Johnson, and Nathan Malkin. 2019. Smart Home Bystanders: Further Complexifying a Complex
Context. In Proceedings of CI Symposium 2019. PrivaCI, 6 pages. https://privaci.info/symposium2/papers_and_slides/Sub_Bernd_et_al_
Bystanders_CI_2019.pdf
[30]
Chao Bian, Bing Ye, Anna Hoonakker, and Alex Mihailidis. 2021. Attitudes and perspectives of older adults on technologies for assessing
frailty in home settings: a focus group study. BMC Geriatrics 21, 1, Article 298 (2021), 13 pages. https://doi.org/10.1186/s12877-021-
02252-4
[31]
Reuben Binns, Jun Zhao, Max Van Kleek, Nigel Shadbolt, Ilaria Liccardi, and Daniel Weitzner. 2017. My Bank Already Gets this
Data: Exposure Minimisation and Company Relationships in Privacy Decision-Making. In Proceedings of CHI 2017. ACM, 2403–2409.
https://doi.org/10.1145/3027063.3053255
[32]
David M. Blei, Andrew Y. Ng, and Michael I. Jordan. 2003. Latent Dirichlet Allocation. Journal of Machine Learning Research 3 (2003),
993–1022. https://www.jmlr.org/papers/volume3/blei03a/blei03a.pdf
[33]
Tom Bolton, Tooska Dargahi, Sana Belguith, Mabrook S. Al-Rakhami, and Ali Hassan Sodhro. 2021. On the Security and Privacy
Challenges of Virtual Assistants. Sensors 21, 7, Article 2312 (2021), 19 pages. https://doi.org/10.3390/s21072312
[34]
Mathieu Boussard, Dinh Thai Bui, Richard Douville, Pascal Justen, Nicolas Le Sauze, Pierre Peloso, Frederik Vandeputte, and Vincent
Verdot. 2018. Future Spaces: Reinventing the Home Network for Better Security and Automation in the IoT Era. Sensors 18, 9, Article
2986 (2018), 30 pages. https://doi.org/10.3390/s18092986
[35]
Marius Brezovan and Costin Badica. 2013. A Review on Vision Surveillance Techniques in Smart Home Environments. In Proceedings
of CSCS 2013. IEEE, 471–478. https://doi.org/10.1109/CSCS.2013.30
[36]
Joseph Bugeja and Andreas Jacobsson. 2019. On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces. In Proceedings
of Privacy and Identity 2019. Springer, 126–141. https://doi.org/10.1007/978-3-030- 42504-3_9
[37]
Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson. 2016. On Privacy and Security Challenges in Smart Connected Homes. In
Proceedings of EISIC 2016. IEEE, 172–175. https://doi.org/10.1109/EISIC.2016.044
[38]
Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson. 2018. An Empirical Analysis of Smart Connected Home Data. In Proceedings of
ICIOT 2018. Springer, 134–149. https://doi.org/10.1007/978-3-319- 94370-1_10
[39]
Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson. 2020. Is your home becoming a spy?: a data-centered analysis and classication
of smart connected home systems. In Proceedings of IoT 2020. ACM, Article 17, 8 pages. https://doi.org/10.1145/3410992.3411012
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 29
[40]
Sara Cannizzaro, Rob Procter, Sinong Ma, and Carsten Maple. 2020. Trust in the smart home: Findings from a nationally representative
survey in the UK. PLoS ONE 15, 5, Article e0231615 (2020), 30 pages. https://doi.org/10.1371/journal.pone.0231615
[41]
Aditya Chakraborti, Aastha Jain, iddartha Menon, and Krishna Samdani. 2019. A Review of Security Challenges in Home Automation
Systems. In Proceedings of ICSCAN 2019. IEEE, 6 pages. https://doi.org/10.1109/ICSCAN.2019.8878722
[42]
George Chalhoub and Ivan Flechais. 2020. “Alexa, Are You Spying on Me?”: Exploring the Eect of User Experience on the Security
and Privacy of Smart Speaker Users. In Proceedings of HCII 2020. Springer, 305–325. https://doi.org/10.1007/978- 3-030-50309-3_21
[43]
Bing Chen, Yaping Liu, Shuo Zhang, Jie Chen, and Zhiyu Han. 2021. A Survey on Smart Home Privacy Data Protection Technology. In
Proceedings of DSC 2021. IEEE, 583–590. https://doi.org/10.1109/DSC53577.2021.00092
[44]
Hao Chen, Kaisheng Lai, Lingnan He, and Rongjun Yu. 2020. Where You Are Is Who You Are? The Geographical Account of
Psychological Phenomena. Frontiers in psychology 11 (2020), 536. https://doi.org/10.3389/fpsyg.2020.00536
[45]
Chola Chhetri and Vivian Motti. 2020. Identifying Vulnerabilities in Security and Privacy of Smart Home Devices. In Proceedings of
NCS Research Track 2020. Springer, 211–231. https://doi.org/10.1007/978-3- 030-58703-1_13
[46]
Chola Chhetri and Vivian Genaro Motti. 2019. Eliciting Privacy Concerns for Smart Home Devices from a User Centered Perspective.
In Proceedings of iConference 2019. Springer, 91–101. https://doi.org/10.1007/978-3-030- 15742-5_8
[47]
M. A. Choukou, Y. Sakamoto, and P. Irani. 2021. Attitude and perceptions of older and younger adults towards ambient technology for
assisted living. European Review for Medical and Pharmacological Sciences 25, 10 (2021), 3709–3717. https://doi.org/10.26355/eurrev_
202105_25938
[48]
Camille Cobb, Sruti Bhagavatula, Kalil Anderson Garrett, Alison Homan, Varun Rao, and Lujo Bauer. 2021. "I would have to evaluate
their objections": Privacy tensions between smart home device owners and incidental users. Proceedings on Privacy Enhancing
Technologies 2021, 4 (2021), 54 – 75. https://doi.org/10.2478/popets-2021-0060
[49]
Andy Crabtree, Peter Tolmie, and Will Knight. 2017. Repacking ‘Privacy’ for a Networked World. Computer Supported Cooperative
Work (CSCW) 26, 4-6 (2017), 453–488. https://doi.org/10.1007/s10606-017-9276- y
[50]
João H. da Rosa, Jorge L. V. Barbosa, and Giovane D. Ribeiro. 2016. ORACON: An adaptive model for context prediction. Expert Systems
with Applications 45 (2016), 56–70. https://doi.org/10.1016/j.eswa.2015.09.016
[51]
Brittany D. Davis, Janelle C. Mason, and Mohd Anwar. 2020. Vulnerability Studies and Security Postures of IoT Devices: A Smart
Home Case Study. IEEE Internet of Things Journal 7, 10 (2020), 10102–10110. https://doi.org/10.1109/JIOT.2020.2983983
[52]
Joanna F. DeFranco and Mohamad Kassab. 2021. Smart home research themes: An analysis and taxonomy. Procedia Computer Science
185 (2021), 91–100. https://doi.org/10.1016/j.procs.2021.05.010
[53]
Marc Dupuis and Mercy Ebenezer. 2018. Help Wanted: Consumer Privacy Behavior and Smart Home Internet of Things (IoT) Devices.
In Proceedings of SIGITE 2018. ACM, 117–122. https://doi.org/10.1145/3241815.3241869
[54]
Jide S. Edu, Jose M. Such, and Guillermo Suarez-Tangil. 2020. Smart Home Personal Assistants: A Security and Privacy Review. Comput.
Surveys 53, 6, Article 116 (2020), 36 pages. https://doi.org/10.1145/3412383
[55]
Saman Fatima, Naila Aiman Aslam, Iqra Tariq, and Nouman Ali. 2020. Home Security and Automation Based on Internet of Things: A
Comprehensive Review. In Proceedings of ETSE 2020. IOP, Article 012011, 12 pages. https://doi.org/10.1088/1757-899X/899/1/012011
[56]
Davide Ferraris, Daniel Bastos, Carmen Fernandez-Gago, and Fadi El-Moussa. 2020. A trust model for popular smart home devices.
International Journal of Information Security 20, 4 (2020), 571–587. https://doi.org/10.1007/s10207-020-00519- 2
[57]
Alain Forget, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Marian
Harbach, and Rahul Telang. 2016. Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes. In Proceedings
of SOUPS 2016. USENIX, 97–111. https://www.usenix.org/conference/soups2016/technical-sessions/presentation/forget
[58]
Jan Freudenreich, Jake Weidman, and Jens Grossklags. 2020. Responding to KRACK: Wi-Fi Security Awareness in Private Households.
In Proceedings of HAISA 2020. Springer, 233–243. https://doi.org/10.1007/978-3-030-57404-8_18
[59]
Nicholas R. J. Frick, Konstantin L. Wilms, Florian Brachten, Teresa Hetjens, Stefan Stieglitz, and Björn Ross. 2021. The perceived
surveillance of conversations through smart devices. Electronic Commerce Research and Applications 47, Article 101046 (2021), 16 pages.
https://doi.org/10.1016/j.elerap.2021.101046
[60]
Nathaniel Fruchter and Ilaria Liccardi. 2018. Consumer Attitudes Towards Privacy and Security in Home Assistants. In CHI 2018 EAs.
ACM, Article LBW050, 6 pages. https://doi.org/10.1145/3170427.3188448
[61]
Marco Furini, Silvia Mirri, Manuela Montangero, and Catia Prandi. 2020. On the Usage of Smart Speakers During the Covid-19
Coronavirus Lockdown. In Proceedings of GoodTechs 2020. ACM, 187–192. https://doi.org/10.1145/3411170.3411260
[62]
Attlee M. Gamundani, Amelia Phillips, and Hippolyte N. Muyingi. 2018. An Overview of Potential Authentication Threats and Attacks
on Internet of Things(IoT): A Focus on Smart Home Applications. In Proceedings of iThings/GreenCom/CPSCom/SmartData 2018. IEEE,
50–57. https://doi.org/10.1109/Cybermatics_2018.2018.00043
[63]
Christine Geeng and Franziska Roesner. 2019. Who’s In Control? Interactions In Multi-User Smart Homes. In Proceedings of CHI 2019.
ACM, 13 pages. https://doi.org/10.1145/3290605.3300498
[64]
Joey F. George, Rui Chen, and Lingyao Yuan. 2021. Intent to purchase IoT home security devices: Fear vs privacy. PLoS ONE 16, 9,
Article e0257601 (2021), 14 pages. https://doi.org/10.1371/journal.pone.0257601
ACM Comput. Surv.

30 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
[65]
Fereshteh Ghaljaie, Mahin Naderifar, and Hamideh Goli. 2017. Snowball Sampling: A Purposeful Method of Sampling in Qualitative
Research. Strides in Development of Medical Education 14, 3, Article e67670 (2017), 4 pages. https://doi.org/10.5812/sdme.67670
[66]
Taqiyah-Khadijah Ghazali and Nur-Haryani Zakaria. 2018. Security, Comfort, Healthcare, and Energy Saving: A Review on Biometric
Factors for Smart Home Environment. Journal of Computers 29, 1 (2018), 20. http://www.csroc.org.tw/journal/JOC29_1/JOC-2901- 17.pdf
[67]
Marco Ghiglieri, Melanie Volkamer, and Karen Renaud. 2017. Exploring Consumers’ Attitudes of Smart TV Related Privacy Risks. In
Proceedings of HAS 2017. Springer, 656–674. https://doi.org/10.1007/978-3-319-58460-7_45
[68]
Charulata Ghosh and Matthew S. Eastin. 2020. Understanding Users’ Relationship with Voice Assistants and How It Aects Privacy
Concerns and Information Disclosure Behavior. In Proceedings of HCII 2020. Springer, 381–392. https://doi.org/10.1007/978-3- 030-
50309-3_25
[69]
Munkhjargal Gochoo, Fady Alnajjar, Tan-Hsu Tan, and Sumayya Khalid. 2021. Towards Privacy-Preserved Aging in Place: A Systematic
Review. Sensors 21, 9, Article 3082 (2021), 27 pages. https://doi.org/10.3390/s21093082
[70]
Jennifer Golbeck. 2017. User Concerns with Personal Routers Used as Public Wi- hotspots. In Proceedings of UEMCON 2017. IEEE,
571–576. https://doi.org/10.1109/UEMCON.2017.8248978
[71]
Phil Grünewald and Theresa Reisch. 2020. The trust gap: Social perceptions of privacy data for energy services in the United Kingdom.
Energy Research & Social Science 68, Article 101534 (2020), 8 pages. https://doi.org/10.1016/j.erss.2020.101534
[72]
Nadine Guhr, Oliver Werth, Philip Peter Hermann Blacha, and Michael H. Breitner. 2020. Privacy concerns in the smart home context.
SN Applied Sciences 2, 2, Article 247 (2020), 12 pages. https://doi.org/10.1007/s42452- 020-2025-8
[73]
T. Gundu and S. V. Flowerday. 2013. Ignorance to Awareness: Towards an Information Security Awareness Process. SAIEE Africa
Research Journal 104, 2 (2013), 69–79. https://doi.org/10.23919/SAIEE.2013.8531867
[74]
Hemant Gupta and Mayank Singh. 2019. Cyber Threat Analysis of Consumer Devices. In Proceedings of ICACDS 2019. Springer, 32–45.
https://doi.org/10.1007/978-981-13-9942- 8_4
[75]
Punit Gupta, Sumit Bharadwaj, and Vipin Kumar Sharma. 2019. A Survey To Bridging The Gap Between Energy And Security In IoT
And Home. In Proceedings of ICIIP 2019. IEEE, 379–384. https://doi.org/10.1109/ICIIP47207.2019.8985841
[76]
Julie Haney, Yasemin Acar,and Susanne Furman. 2021. “It’s the Company,the Government, You and I”: User Perceptions of Responsibility
for Smart Home Privacy and Security. In Proceedings of USENIX Security 2021. USENIX, 411–428. https://www.usenix.org/conference/
usenixsecurity21/presentation/haney
[77]
Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking
Access Control and Authentication for the Home Internet of Things (IoT). In Proceedings of USENIX Security 2018. USENIX, 255–272.
https://www.usenix.org/conference/usenixsecurity18/presentation/he
[78]
Ryan Hearteld, George Loukas, Sanja Budimir, Anatolij Bezemskij, Johnny R.J. Fontaine, Avgoustinos Filippoupolitis, and Etienne
Roesch. 2018. A taxonomy of cyber-physical threats and impact in the smart home. Computers & Security 78 (2018), 398–428.
https://doi.org/10.1016/j.cose.2018.07.011
[79]
Justin T. Ho, David Dearman, and Khai N. Truong. 2010. Improving Users’ Security Choices on Home Wireless Networks. In Proceedings
of SOUP 2012. ACM, Article 12, 12 pages. https://doi.org/10.1145/1837110.1837126
[80]
Adele E. Howe, Indrajit Ray, Mark Roberts, Malgorzata Urbanska, and Zinta Byrne. 2012. The Psychology of Security for the Home
Computer User. In Proceedings of IEEE S&P 2012. IEEE, 209–223. https://doi.org/10.1109/SP.2012.23
[81]
Kathy Huang and Zhanwei Wu. 2019. Perception of Smart Home Devices and Privacy by Chinese Users. In Proceedings of HCII 2019.
Springer, 476–481. https://doi.org/10.1007/978-3-030- 23528-4_65
[82]
Yue Huang, Borke Obada-Obieh, and Konstantin (Kosta) Beznosov. 2020. Amazon vs. My Brother: How Users of Shared Smart Speakers
Perceive and Cope with Privacy Risks. In Proceedings of CHI 2020. ACM, Article 402, 13 pages. https://doi.org/10.1145/3313831.3376529
[83]
Hyesun Hwang, Jaehye Suk, Kee Ok Kim, and Jihyung Hong. 2018. How Consumers Perceive Home IoT Services for Control, Saving,
and Security. In Proceedings of HIMI 2018. Springer, 575–588. https://doi.org/10.1007/978-3-319-92046-7_47
[84]
William Jang, Adil Chhabra, and Aarathi Prasad. 2017. Enabling Multi-User Controls in Smart Home Devices. In Proceedings of IoTS&P
2017. ACM, 49–54. https://doi.org/10.1145/3139937.3139941
[85]
Yousra Javed, Shashank Sethi, and Akshay Jadoun. 2019. Alexa’s Voice Recording Behavior: A Survey of User Understanding and
Awareness. In Proceedings of ARES 2019. ACM, Article 89, 10 pages. https://doi.org/10.1145/3339252.3340330
[86]
Lei Jin, Xuelian Long, and James B. D. Joshi. 2012. Towards Understanding Residential Privacy by Analyzing Users’ Activities in
Foursquare. In Proceedings of BADGERS 2012. ACM, 25–32. https://doi.org/10.1145/2382416.2382428
[87]
Kim J. Kaaz, Alex Hoer, Mahsa Saeidi, Anita Sarma, and Rakesh B. Bobba. 2017. Understanding user perceptions of privacy, and
conguration challenges in home automation. In Proceedings of VL/HCC 2017. IEEE, 297–301. https://doi.org/10.1109/VLHCC.2017.
8103482
[88]
Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. “My Data Just Goes Everywhere”: User Mental Models of the
Internet and Implications for Privacy and Security. In Proceedings of SOUPS 2020. USENIX, 39–52. https://www.usenix.org/conference/
soups2015/proceedings/presentation/kang
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 31
[89]
Harsurinder Kaur, Husanbir Singh Pannu, and Avleen Kaur Malhi. 2019. A Systematic Review on Imbalanced Data Challenges in
Machine Learning: Applications and Solutions. Comput. Surveys 52, 4, Article 79 (2019), 36 pages. https://doi.org/10.1145/3343440
[90]
Mehran Mozaari Kermani, Meng Zhang, Anand Raghunathan, and Niraj K. Jha. 2013. Emerging Frontiers in Embedded Security. In
Proceedings of VLSID 2013. IEEE, 203–208. https://doi.org/10.1109/VLSID.2013.222
[91]
Damla Kilic, Andy Crabtree, Glenn McGarry, and Murray Goulden. 2022. The cardboard box study: understanding collaborative data
management in the connected home. Personal and Ubiquitous Computing 26, 1 (2022), 155–176. https://doi.org/10.1007/s00779-021-
01655-9
[92]
Dongyeon Kim, Kyuhong Park, Yongjin Park, and Jae-Hyeon Ahn. 2019. Willingness to provide personal information: Perspective of
privacy calculus in IoT services. Computers in Human Behavior 92 (2019), 273–281. https://doi.org/10.1016/j.chb.2018.11.022
[93]
Euiyoung Kim, JungKyoon Yoon, Jieun Kwon, Tiany Liaw, and Alice M. Agogino. 2019. From Innocent Irene to Parental Patrick:
Framing User Characteristics and Personas to Design for Cybersecurity. In Proceedings of ICED 2019. Cambridge University Press,
1773–1782. https://doi.org/10.1017/dsi.2019.183
[94]
Jane E. Klobas, Tanya McGill, and Xuequn Wang. 2019. How perceived security risk aects intention to use smart home devices: A
reasoned action explanation. Computers & Security 87, Article 101571 (2019), 13 pages. https://doi.org/10.1016/j.cose.2019.101571
[95]
Kathrin Knutzen, Florian Weidner, and Wolfgang Broll. 2021. Exploring Augmented Reality Privacy Icons for Smart Home Devices
and their Eect on Users’ Privacy Awareness. In Proceedings of ISMAR-Adjunct 2021. IEEE, 409–414. https://doi.org/10.1109/ISMAR-
Adjunct54149.2021.00093
[96]
Martin J. Kraemer and Ivan Flechais. 2018. Researching Privacy in Smart Homes: A Roadmap of Future Directions and Research
Methods. In Proceedings of Living in the Internet of Things 2018. IET, 10 pages. https://doi.org/10.1049/cp.2018.0038
[97]
Elmarie Kritzinger and Sebastiaan H. von Solms. 2010. Cyber security for home users: A new way of protection through awareness
enforcement. Computers & Security 29, 8 (2010), 840–847. https://doi.org/10.1016/j.cose.2010.08.001
[98]
Oksana Kulyk, Kristina Milanovic, and Jeremy Pitt. 2020. Does My Smart Device Provider Care About My Privacy? Investigating Trust
Factors and User Attitudes in IoT Systems. In Proceedings of NordiCHI 2020. ACM, Article 29, 12 pages. https://doi.org/10.1145/3419249.
3420108
[99]
Meral Korkmaz Kuyucu, Şerif Bahtiyar, and Gökhan İnce. 2019. Security and Privacy in the Smart Home: A Survey of Issues and
Mitigation Strategies. In Proceedings of UBMK 2019. IEEE, 113–118. https://doi.org/10.1109/UBMK.2019.8907037
[100]
Evan Lafontaine, Afaq Sabir, and Anupam Das. 2021. Understanding People’s Attitude and Concerns towards Adopting IoT Devices. In
CHI 2021 CHI EA. Article 307, 10 pages. https://doi.org/10.1145/3411763.3451633
[101]
Federica Laricchia. 2022. Average number of devices residents have access to in households worldwide in 2020, by country. https:
//www.statista.com/statistics/1107307/average-number-connected-devices- households-worldwide/
[102]
Jeremiah Lasquety-Reyes. 2021. Number of Smart Homes forecast for the segment Smart Appliances in the United Kingdom from
2017 to 2025 (in millions). https://www.statista.com/forecasts/887605/number-of-smart-homes-in- the-smart-home- segment-smart-
appliances-in-the-united-kingdom
[103]
Josephine Lau, Benjamin Zimmerman, and Florian Schaub. 2018. Alexa, Are You Listening?: Privacy Perceptions, Concerns and
Privacy-seeking Behaviors with Smart Speakers. Proceedings of the ACM on Human-Computer Interaction 2, CSCW, Article 102 (2018),
31 pages. https://doi.org/10.1145/3274371
[104]
Hwansoo Lee. 2020. Home IoT resistance: Extended privacy and vulnerability perspective. Telematics and Informatics 49, Article 101377
(2020), 12 pages. https://doi.org/10.1016/j.tele.2020.101377
[105]
Hosub Lee and Alfred Kobsa. 2016. Understanding User Privacy in Internet of Things Environments. In Proceedings of WF-IoT 2016.
IEEE, 407–412. https://doi.org/10.1109/WF-IoT.2016.7845392
[106]
Jinyang Li, Zhenyu Li, Gareth Tyson, and Gaogang Xie. 2020. Your Privilege Gives Your Privacy Away: An Analysis of a Home Security
Camera Service. In Proceedings of INFOCOM 2020. IEEE, 387–396. https://doi.org/10.1109/INFOCOM41043.2020.9155516
[107]
Wenda Li, Tan Yigitcanlar, Isil Erol, and Aaron Liu. 2021. Motivations, barriers and risks of smart home adoption: From systematic
literature review to conceptual framework. Energy Research & Social Science 80, Article 102211 (2021), 29 pages. https://doi.org/10.
1016/j.erss.2021.102211
[108] Huigang Liang, Yajiong Lucky Xue, et al. 2010. Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance
Perspective. Journal of the Association for Information Systems 11, 7 (2010), 394–413. https://doi.org/10.17705/1jais.00232
[109]
Bin Liao, Yasir Ali, Shan Nazir, Long He, and Habib Ullah Khan. 2020. Security Analysis of IoT Devices by Using Mobile Computing: A
Systematic Literature Review. IEEE Access 8 (2020), 120331–120350. https://doi.org/10.1109/ACCESS.2020.3006358
[110]
Yuting Liao, Jessica Vitak, Priya Kumar, Michael Zimmer, and Katherine Kritikos. 2019. Understanding the Role of Privacy and Trust
in Intelligent Personal Assistant Adoption. In Proceedings of iConference 2019. Springer, 102–113. https://doi.org/10.1007/978-3-030-
15742-5_9
[111]
Mar Lopez, Juanita Pedraza, Javier Carbo, and Jose M. Molina. 2014. Ambient Intelligence: Applications and Privacy Policies. In
Proceedings of PAAMS 2014. Springer, 191–201. https://doi.org/10.1007/978-3-319-07767- 3_18
ACM Comput. Surv.

32 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
[112]
Christoph Lutz and Gemma Newlands. 2021. Privacy and smart speakers: A multi-dimensional approach. Information Society 37, 3
(2021), 147–162. https://doi.org/10.1080/01972243.2021.1897914
[113]
Nathan Malkin, Joe Deatrick, Allen Tong, Primal Wijesekera, Serge Egelman, and David Wagner. 2019. Privacy Attitudes of Smart
Speaker Users. Proceedings on Privacy Enhancing Technologies 2019, 4 (2019), 250–271. https://doi.org/10.2478/popets-2019- 0068
[114]
Lydia Manikonda, Aditya Deotale, and Subbarao Kambhampati. 2018. What’s up with Privacy? User Preferences and Privacy Concerns
in Intelligent Personal Assistants. In Proceedings of AIES 2018. ACM, 229–235. https://doi.org/10.1145/3278721.3278773
[115]
Stefan Marksteiner, Víctor Juan Exposito Jimenez, Heribert Valiant, and Herwig Zeiner. 2017. An Overview of Wireless IoT Protocol
Security in the Smart Home Domain. In Proceedings of CTTE-CMI 2017. IEEE, 8 pages. https://doi.org/10.1109/CTTE.2017.8260940
[116]
Karola Marky, Sarah Prange, Florian Krell, Max Mühlhäuser, and Florian Alt. 2020. “You Just Can’t Know about Everything”: Privacy
Perceptions of Smart Home Visitors. In Proceedings of MUM 2020. ACM, 83–95. https://doi.org/10.1145/3428361.3428464
[117]
Karola Marky, Sarah Prange, Max Mühlhäuser, and Florian Alt. 2021. Roles Matter! Understanding Dierences in the Privacy Mental
Models of Smart Home Visitors and Residents. In Proceedings of MUM 2021. ACM, 108–122. https://doi.org/10.1145/3490632.3490664
[118]
Karola Marky, Alexandra Voit, Alina Stöver, Kai Kunze, Svenja Schröder, and Max Mühlhäuser. 2020. “I Don’t Know How to Protect
Myself”: Understanding Privacy Perceptions Resulting from the Presence of Bystanders in Smart Environments. In Proceedings of
NordiCHI 2020. ACM, Article 4, 11 pages. https://doi.org/10.1145/3419249.3420164
[119]
Karola Marky, Verena Zimmermann, Alina Stöver, Philipp Homann, Kai Kunze, and Max Mühlhäuser. 2020. All in One! User Perceptions
on Centralized IoT Privacy Settings. In CHI 2020 EAs. ACM, Article LBW071, 8 pages. https://doi.org/10.1145/3334480.3383016
[120]
Faith McCreary, Alexandra Zaroglu, and Heather Patterson. 2016. The Contextual Complexity of Privacy in Smart Homes and Smart
Buildings. In Proceedings of HCIBGO 2016. Springer, 67–78. https://doi.org/10.1007/978-3-319-39399-5_7
[121]
Christopher D. McDermott, John P. Isaacs, and Andrei V. Petrovski. 2019. Evaluating Awareness and Perception of Botnet Activity within
Consumer Internet-of-Things (IoT) Networks. Informatics 6, Article 8 (2019), 15 pages. https://doi.org/10.3390/informatics6010008
[122]
Tanya McGill and Nik Thompson. 2017. Old risks, new challenges: exploring dierences in security between home computer and
mobile device use. Behaviour & Information Technology 36, 11 (2017), 1111–1124. https://doi.org/10.1080/0144929X.2017.1352028
[123]
Tanya McGill and Nik Thompson. 2018. Gender Dierences in Information Security Perceptions and Behaviour. In Proceedings of ACIS
2018. University of Technology Sydney ePress, 11 pages. https://doi.org/10.5130/acis2018.co
[124]
Oliver Michler, Reinhold Decker, and Christian Stummer. 2019. To trust or not to trust smart consumer products: a literature review of
trust-building factors. Management Review Quarterly 70 (2019), 391–420. https://doi.org/10.1007/s11301-019- 00171-8
[125]
Tomas Mikolov, Edouard Grave, Piotr Bojanowski, Christian Puhrsch, and Armand Joulin. 2017. Advances in Pre-Training Distributed
Word Representations. arXiv:1712.09405 [cs.CL]. https://doi.org/10.48550/arXiv.1712.09405
[126]
Annette Mills and Natasha Sahi. 2019. An Empirical Study of Home User Intentions towards Computer Security. In Proceedings of
HICSS 2019. University of Hawai’i at Manoa, 4834–4840. https://doi.org/10.24251/HICSS.2019.583
[127]
Ziarmal Nazar Mohammad, Fadi Farha, Adnan O. M. Abuassba, Shunkun Yang, and Fang Zhou. 2021. Access control and authorization
in smart homes: A survey. Tsinghua Science and Technology 26, 6 (2021), 906–917. https://doi.org/10.26599/TST.2021.9010001
[128]
David Moher, Alessandro Liberati, Jennifer Tetzla, Douglas G. Altman, and The PRISMA Group. 2009. Preferred reporting items
for systematic reviews and meta-analyses: the PRISMA statement. PLoS Medicine 6, 7, Article e1000097 (2009), 6 pages. https:
//doi.org/10.1371/journal.pmed.1000097 (Website: http://www.prisma-statement.org/).
[129]
Maria D. Molina, Andrew Gambino, and S. Shyam Sundar. 2019. Online Privacy in Public Places: How Do Location, Terms and
Conditions and VPN Inuence Disclosure?. In CHI 2019 EAs. ACM, Article LBW2616, 6 pages. https://doi.org/10.1145/3290607.3312932
[130]
Anouk Mols, Yijing Wang, and Jason Pridmore. 2021. Household intelligent personal assistants in the Netherlands: Exploring privacy
concerns around surveillance, security, and platforms. Convergence (2021), 20 pages. https://doi.org/10.1177/13548565211042234
[131]
Md. Moniruzzaman, Seyednima Khezr, Abdulsalam Yassine, and Rachid Benlamri. 2020. Blockchain for smart homes: Review of current
trends and research challenges. Computers & Electrical Engineering 83, Article 106585 (2020), 16 pages. https://doi.org/10.1016/j.
compeleceng.2020.106585
[132]
Zachary Munn, Micah D.J. Peters, Cindy Stern, Catalin Tufanaru, Alexa McArthur, and Edoardo Aromataris. 2018. Systematic review
or scoping review? Guidance for authors when choosing between a systematic or scoping review approach. BMC Medical Research
Methodology 18, 1, Article 143 (2018), 7 pages. https://doi.org/10.1186/s12874-018-0611-x
[133]
Ajay Nadargi and Mythili Thirugnanam. 2019. Novel and ecient Authentication Scheme for IoE in Smart Home Environment.
International Journal of Innovative Technology and Exploring Engineering 8, 8 (2019), 111–115. https://www.ijitee.org/wp-content/
uploads/papers/v8i8/G6059058719.pdf
[134]
Pardis Emami Naeini, Sruti Bhagavatula, Hana Habib, Martin Degeling, Lujo Bauer, Lorrie Faith Cranor, and Norman Sadeh. 2017.
Privacy Expectations and Preferences in an IoT World. In Proceedings of SOUPS 2017. USENIX, 399–412. https://www.usenix.org/
conference/soups2017/technical-sessions/presentation/naeini
[135]
Marcus Nohlberg and Joakim Kävrestad. 2020. Exploring Information Security and Domestic Equality. In Proceedings of HAISA 2020.
Springer, 224–232. https://doi.org/10.1007/978-3-030- 57404-8_17
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 33
[136]
Norbert Nthala and Ivan Flechais. 2017. “If It’s Urgent or It Is Stopping Me from Doing Something, Then I Might Just Go Straight at It”: A
Study into Home Data Security Decisions. In Proceedings of HAS 2017. Springer, 123–142. https://doi.org/10.1007/978- 3-319-58460- 7_9
[137]
Norbert Nthala and Ivan Flechais. 2018. Informal Support Networks: an investigation into Home Data Security Practices. In Proceedings
of SOUPS 2018. USENIX, 63–82. https://www.usenix.org/conference/soups2018/presentation/nthala
[138]
Nobert Nthala and Ivan Flechais. 2018. Rethinking Home Network Security. In Proceedings of EuroUSEC 2018. Internet Society, 11 pages.
https://doi.org/10.14722/eurousec.2018.23011
[139]
Antti Oulasvirta, Aurora Pihlajamaa, Jukka Perkiö, Debarshi Ray, Taneli Vähäkangas, Tero Hasu, Niklas Vainio, and Petri Myllymäki.
2012. Long-Term Eects of Ubiquitous Surveillance in the Home. In Proceedings of UbiComp 2012. ACM, 41–50. https://doi.org/10.
1145/2370216.2370224
[140]
Matthew J. Page, David Moher, Patrick M. Bossuyt, Isabelle Boutron, Tammy C. Homann, Cynthia D. Mulrow, Larissa Shamseer,
Jennifer M. Tetzla, Elie A. Akl, Sue E. Brennan, Roger Chou, Julie Glanville, Jeremy M. Grimshaw, Asbjørn Hróbjartsson, Manoj M.
Lalu, Tianjing Li, Elizabeth W Loder, Evan Mayo-Wilson, Steve McDonald, Luke A. McGuinness, Lesley A. Stewart, James Thomas,
Andrea C. Tricco, Vivian A. Welch, Penny Whiting, and Joanne E. McKenzie. 2021. PRISMA 2020 explanation and elaboration: updated
guidance and exemplars for reporting systematic reviews. BMJ 372, Article n160 (2021), 36 pages. https://doi.org/10.1136/bmj.n160
[141]
Debajyoti Pal, Borworn Papasratorn, Wichian Chutimaskul, and Suree Funilkul. 2019. Embracing the Smart-Home Revolution in Asia
by the Elderly: An End-User Negative Perception Modeling. IEEE Access 7 (2019), 38535–38549. https://doi.org/10.1109/ACCESS.2019.
2906346
[142]
Debajyoti Pal, Tuul Triyason, and Suree Funikul. 2017. Smart Homes and Quality of Life for the Elderly: A Systematic Review. In
Proceedings of ISM 2017. IEEE, 413–419. https://doi.org/10.1109/ISM.2017.83
[143]
Debajyoti Pal, Xiangmin Zhang, and Saeed Siyal. 2021. Prohibitive factors to the acceptance of Internet of Things (IoT) technology
in society: A smart-home context using a resistive modelling approach. Technology in Society 66, Article 101683 (2021), 16 pages.
https://doi.org/10.1016/j.techsoc.2021.101683
[144]
Jonghwa Park, Hanbyul Choi, and Yoonhyuk Jung. 2021. Users’ Cognitive and Aective Response to the Risk to Privacy from a Smart
Speaker. International Journal of Human–Computer Interaction 37, 8 (2021), 759–771. https://doi.org/10.1080/10447318.2020.1841422
[145]
Sunjeong Park and Youn-kyung Lim. 2020. Investigating User Expectations on the Roles of Family-Shared AI Speakers. In Proceedings
of CHI 2020. ACM, Article 323, 13 pages. https://doi.org/10.1145/3313831.3376450
[146]
L. Patterson, S. Chard, B. Ng, and I. Welch. 2021. Internet of things (IoT) Privacy and Security: A User-Focused Study of Aotearoa New
Zealand Home Users. In Proceedings of HICSS 2021. University of Hawai’i at Manoa, 4404–4413. https://doi.org/10.24251/HICSS.2021.535
[147]
Nada Y. Philip, Joel J.P.C. Rodrigues, Honggang Wang, Simon James Fong, and Jia Chen. 2021. Internet of Things for In-Home Health
Monitoring Systems: Current Advances, Challenges and Future Directions. IEEE Journal on Selected Areas in Communications 39, 2
(2021), 300–310. https://doi.org/10.1109/JSAC.2020.3042421
[148]
Population Reference Bureau (PRB). [n.d.]. International | PRB. https://www.prb.org/international/indicator/hh-size-av/map/country/
[149]
Aarathi Prasad, Ruben Ruiz, and Timothy Stablein. 2019. Understanding Parents’ Concerns with Smart Device Usage in the Home. In
Proceedings of HCII 2019. Springer, 176–190. https://doi.org/10.1007/978-3-030-22351-9_12
[150]
Ismini Psychoula, Deepika Singh, Liming Chen, Feng Chen, Andreas Holzinger, and Huansheng Ning. 2018. Users’ Privacy Concerns
in IoT Based Applications. In Proceedings of SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI 2018. IEEE, 1887–1894. https://doi.org/
10.1109/SmartWorld.2018.00317
[151] Morteza Rahimi, Maryam Songhorabadi, and Mostafa Haghi Kashani. 2020. Fog-based smart homes: A systematic review. Journal of
Network and Computer Applications 153, Article 102531 (2020), 20 pages. https://doi.org/10.1016/j.jnca.2020.102531
[152]
Partha Pratim Ray, Dinesh Dash, and Neeraj Kumar. 2020. Sensors for internet of medical things: State-of-the-art, security and privacy
issues, challenges and future directions. Computer Communications 160 (2020), 111–131. https://doi.org/10.1016/j.comcom.2020.05.029
[153]
Blaine Reeder, Jane Chung, Kate Lyden, Joshua Winters, and Catherine M. Jankowski. 2020. Older women’s perceptions of wearable and
smart home activity sensors. Informatics for Health and Social Care 45, 1 (2020), 96–109. https://doi.org/10.1080/17538157.2019.1582054
[154]
Delphine Reinhardt, Monisha Khurana, and Luca Hernández Acosta. 2021. “I still need my privacy”: Exploring the level of comfort and
privacy preferences of German-speaking older adults in the case of mobile assistant robots. Pervasive and Mobile Computing 74, Article
101397 (2021), 13 pages. https://doi.org/10.1016/j.pmcj.2021.101397
[155]
Jingjing Ren, Daniel J. Dubois, David Chones, Anna Maria Mandalari, Roman Kolcun, and Hamed Haddadi. 2019. Information
Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach. In Proceedings of IMC 2019.
ACM, 267–279. https://doi.org/10.1145/3355369.3355577
[156]
Ronald W. Rogers. 1975. A Protection Motivation Theory of Fear Appeals and Attitude Change. The Journal of Psychology: Interdisci-
plinary and Applied 91, 1 (1975), 93–114. https://doi.org/10.1080/00223980.1975.9915803
[157]
João H. Rosa, Jorge L. V. Barbosa, Marcos Kich, and Lucas Brito. 2015. A Multi-Temporal Context-aware System for Competences
Management. International Journal of Articial Intelligence in Education 25, 4 (2015), 455–492. https://doi.org/10.1007/s40593- 015-0047-y
[158]
Seyedmostafa Safavi, Ahmad Moaaz Meer, Ed Keneth Joel Melanie, and Zarina Shukur. 2018. Cyber Vulnerabilities on Smart Healthcare,
Review and Solutions. In Proceedings of CRC 2018. IEEE, 5 pages. https://doi.org/10.1109/CR.2018.8626826
ACM Comput. Surv.

34 • Nandita Panaik, Shujun Li, and Jason R.C. Nurse
[159]
Qusay I. Sarhan. 2020. Systematic Survey on Smart Home Safety and Security Systems Using the Arduino Platform. IEEE Access 8
(2020), 128362–128384. https://doi.org/10.1109/ACCESS.2020.3008610
[160]
Kinza Sarwar, Sira Yongchareon, and Jian Yu. 2018. A Brief Survey on IoT Privacy: Taxonomy, Issues and Future Trends. In Proceedings
of ICSOC 2018 Workshops. Springer, 208–219. https://doi.org/10.1007/978- 3-030-17642- 6_18
[161]
Michael Schiefer. 2015. Smart Home Denition and Security Threats. In Proceedings of IMF 2015. IEEE, 114–118. https://doi.org/10.
1109/IMF.2015.17
[162]
Eva-Maria Schomakers, Hannah Biermann, and Martina Ziee. 2020. Understanding Privacy and Trust in Smart Home Environments.
In Proceedings of HCII 2020. Springer, 513–532. https://doi.org/10.1007/978-3-030-50309-3_34
[163]
Eva-Maria Schomakers, Hannah Biermann, and Martina Ziee. 2021. Users’ Preferences for Smart Home Automation – Investigating
Aspects of Privacy and Trust. Telematics and Informatics 64, Article 101689 (2021), 16 pages. https://doi.org/10.1016/j.tele.2021.101689
[164]
Dara E. Seidl, Piotr Jankowski, Keith C. Clarke, and Atsushi Nara. 2020. Please Enter Your Home Location: Geoprivacy Attitudes and
Personal Location Masking Strategies of Internet Users. Annals of the American Association of Geographers 110, 3 (2020), 586–605.
https://doi.org/10.1080/24694452.2019.1654843
[165]
William Seymour, Reuben Binns, Petr Slovak, Max Van Kleek, and Nigel Shadbolt. 2020. Strangers in the Room: Unpacking Perceptions
of ‘Smartness’ and Related Ethical Concerns in the Home. In Proceedings of DIS 2020. ACM, 841–854. https://doi.org/10.1145/3357236.
3395501
[166]
Amit Kumar Sikder, Leonardo Babun, Z. Berkay Celik, Abbas Acar, Hidayet Aksu, Patrick McDaniel, Engin Kirda, and A. Selcuk
Uluagac. 2020. Kratos: Multi-User Multi-Device-Aware Access Control System for the Smart Home. In Proceedings of WiSec 2020. ACM,
12 pages. https://doi.org/10.1145/3395351.3399358
[167]
Deepika Singh, Ismini Psychoula, Johannes Kropf, Sten Hanke, and Andreas Holzinger. 2018. Users’ Perceptions and Attitudes Towards
Smart Home Technologies. In Proceedings of ICOST 2018. Springer, 203–214. https://doi.org/10.1007/978-3-319-94523- 1_18
[168]
Daniel J. Solove. 2006. A taxonomy of privacy. University of Pennsylvania Law Review 154, 3 (2006), 477–564. https://doi.org/10.2307/
40041279
[169]
Statista. 2021. Smart Home Report 2021 - Smart Appliances. https://www.statista.com/study/50587/smart-home-report-smart-
appliances/
[170]
Jack Sturgess, Jason R.C. Nurse, and Jun Zhao. 2018. A capability-oriented approach to assessing privacy risk in smart home ecosystems.
In Living in the Internet of Things: Cybersecurity of the IoT-2018. IET, 8 pages. https://doi.org/10.1049/cp.2018.0037
[171]
Kaiwen Sun, Yixin Zou, Jenny Radesky, Christopher Brooks, and Florian Schaub. 2021. Child Safety in the Smart Home: Parents’
Perceptions, Needs, and Mitigation Strategies. Proceedings of the ACM on Human-Computer Interaction 5, CSCW2, Article 471 (2021),
41 pages. https://doi.org/10.1145/3479858
[172]
Yi Sun and Shihui Li. 2021. A systematic review of the research framework and evolution of smart homes based on the internet of
things. Telecommunication Systems 77, 3 (2021), 597–623. https://doi.org/10.1007/s11235- 021-00787-w
[173]
Madiha Tabassum, Tomasz Kosinski, and Heather Richter Lipford. 2019. “I don’t own the data”: End User Perceptions of Smart Home
Device Data Practices and Risks. In Proceedings of SOUPS 2019. USENIX, 435–450. https://www.usenix.org/conference/soups2019/
presentation/tabassum
[174]
Basma Taieb and Jean-Éric Pelet. 2019. The User’s Attitude and Security of Personal Information Depending on the Category of IoT. In
Proceedings of WorldCIST 2019, Vol. 931. Springer, 431–437. https://doi.org/10.1007/978-3- 030-16184-2_41
[175]
Mohammed Talal, A.A. Zaidan, B.B. Zaidan, A.S. Albahri, A.H. Alamoodi, O.S. Albahri, M.A. Alsalem, C.K. Lim, K.L. Tan, W.L. Shir,
and K.I. Mohammed. 2019. Smart Home-based IoT for Real-time and Secure Remote Health Monitoring of Triage and Priority
System using Body Sensors: Multi-driven Systematic Review. Journal of Medical Systems 43, 3, Article 42 (2019), 34 pages. https:
//doi.org/10.1007/s10916-019-1158-z
[176]
Shuhaili Talib, Nathan L. Clarke, and Steven M. Furnell. 2010. An Analysis of Information Security Awareness within Home and Work
Environments. In Proceedings of ARES 2010. IEEE, 196–203. https://doi.org/10.1109/ARES.2010.27
[177]
Liang Tan, Keping Yu, Fangpeng Ming, Xiaofan Cheng, and Gautam Srivastava. 2021. Secure and Resilient Articial Intelligence of
Things: A HoneyNet Approach for Threat Detection and Situational Awareness. IEEE Consumer Electronics Magazine 11, 3 (2021),
69–78. https://doi.org/10.1109/MCE.2021.3081874
[178]
Nik Thompson, Tanya Jane McGill, and Xuequn Wang. 2017. “Security begins at home”: Determinants of home computer and mobile
device security behavior. Computers & Security 70 (2017), 376–391. https://doi.org/10.1016/j.cose.2017.07.003
[179]
Ioanna Topa and Maria Karyda. 2018. Usability Characteristics of Security and Privacy Tools: The User’s Perspective. In Proceedings of
SEC 2018. Springer, 231–244. https://doi.org/10.1007/978-3-319- 99828-2_17
[180]
Daphne Townsend, Frank Knoefel, and Rak Goubran. 2011. Privacy Versus Autonomy: A Tradeo Model for Smart Home Monitoring
Technologies. In Proceedings of IEMBS 2011. IEEE, 4749–4752. https://doi.org/10.1109/IEMBS.2011.6091176
[181]
Hsin-yi Sandy Tsai, Mengtian Jiang, Saleem Alhabash, Robert LaRose, Nora J. Rifon, and Shelia R. Cotten. 2016. Understanding Online
Safety Behaviors. Computers & Security 59 (2016), 138–150. https://doi.org/10.1016/j.cose.2016.02.009
ACM Comput. Surv.

A Survey of User Perspectives on Security and Privacy in a Home Networking Environment • 35
[182]
Betsy Uchendu, Jason R.C. Nurse, Maria Bada, and Steven Furnell. 2021. Developing a cyber security culture: Current practices and
future needs. Computers & Security 109, Article 102387 (2021), 23 pages. https://doi.org/10.1016/j.cose.2021.102387
[183]
Julia van Heek, Simon Himmel, and Martina Ziee. 2017. Privacy, Data Security, and the Acceptance of AAL-Systems – A User-Specic
Perspective. In Proceedings of ITAP 2017. Springer, 38–56. https://doi.org/10.1007/978-3-319- 58530-7_4
[184]
Joel Varghese and Thaier Hayajneh. 2018. A Framework to Identify Security and Privacy Issues of Smart Home Devices. In Proceedings
of UEMCON 2018. IEEE, 135–143. https://doi.org/10.1109/UEMCON.2018.8796765
[185]
Williams Vasanth, Sebastian J. Terence, and Immaculate Jude. 2019. Survey on Internet of Things based Smart Home. In Proceedings of
ICISS 2019. IEEE, 460–464. https://doi.org/10.1109/ISS1.2019.8908112
[186]
Rick Wash and Emilee Rader. 2015. Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet
Users. In Proceedings of SOUPS 2015. USENIX, 309–325. https://www.usenix.org/conference/soups2015/proceedings/presentation/wash
[187]
Garry White, Tahir Ekin, and Lucian Visinescu. 2017. Analysis of protective behavior and security incidents for home computers.
Journal of Computer Information Systems 57, 4 (2017), 353–363. https://doi.org/10.1080/08874417.2016.1232991
[188]
Chathurangi Ishara Wickramasinghe and Delphine Reinhardt. 2019. A Survey-Based Exploration of Users’ Awareness and Their
Willingness to Protect Their Data with Smart Objects. In Privacy and Identity 2019. Springer, 427–446. https://doi.org/10.1007/978-3-
030-42504-3_27
[189]
Wiktoria Wilkowska and Martina Ziee. 2012. Privacy and data security in E-health: Requirements from the user’s perspective. Health
Informatics Journal 18, 3 (2012), 191–201. https://doi.org/10.1177/1460458212442933
[190]
Wiktoria Wilkowska, Martina Ziee, and Simon Himmel. 2015. Perceptions of Personal Privacy in Smart Home Technologies: Do User
Assessments Vary Depending on the Research Method?. In Proceedings of HAS 2015. Springer, 592–603. https://doi.org/10.1007/978- 3-
319-20376-8_53
[191]
Charlie Wilson, Tom Hargreaves, and Richard Hauxwell-Baldwin. 2015. Smart homes and their users: a systematic analysis and key
challenges. Personal and Ubiquitous Computing 19, 2 (2015), 463–476. https://doi.org/10.1007/s00779-014-0813-0
[192]
Peter Worthy, Ben Matthews, and Stephen Viller. 2016. Trust Me: Doubts and Concerns Living with the Internet of Things. In Proceedings
of DIS 2016. ACM, 427–434. https://doi.org/10.1145/2901790.2901890
[193]
Umesh Hodeghatta Rao Xavier and Bishwa Prakash Pati. 2012. Study of Internet Security Threats Among Home Users. In Proceedings
of CASoN 2012. IEEE, 217–221. https://doi.org/10.1109/CASoN.2012.6412405
[194]
Wenyao Yan, Zhixiao Wang, Hao Wang, Wendong Wang, Junhuai Li, and Xiaolin Gui. 2020. Survey on recent smart gateways for
smart home: Systems, technologies, and challenges. Transactions on Emerging Telecommunications Technologies, Article e4067 (2020),
20 pages. https://doi.org/10.1002/ett.4067
[195]
Heetae Yang, Hwansoo Lee, and Hangjung Zo. 2017. User acceptance of smart home services: an extension of the theory of planned
behavior. Industrial Management & Data Systems 117, 1 (2017), 68–89. https://doi.org/10.1108/IMDS- 01-2016-0017
[196]
Yaxing Yao, Justin Reed Basdeo, Smirity Kaushik, and Yang Wang. 2019. Defending My Castle: A Co-Design Study of Privacy Mechanisms
for Smart Homes. ACM. https://doi.org/10.1145/3290605.3300428
[197]
Yaxing Yao, Justin Reed Basdeo, Oriana Rosata Mcdonough, and Yang Wang. 2019. Privacy Perceptions and Designs of Bystanders in
Smart Homes. Proceedings of the ACM on Human-Computer Interaction 3, CSCW, Article 59 (2019), 24 pages. https://doi.org/10.1145/
3359161
[198]
Salifu Yusif, Jerey Soar, and Abdul Hafeez-Baig. 2016. Older people, assistive technologies, and the barriers to adoption: A systematic
review. International Journal of Medical Informatics 94 (2016), 112–116. https://doi.org/10.1016/j.ijmedinf.2016.07.004
[199]
Eric Zeng, Shrirang Mare, and Franziska Roesner. 2017. End User Security and Privacy Concerns with Smart Homes. In Proceedings of
SOUPS 2017. USENIX, 65–80. https://www.usenix.org/conference/soups2017/technical-sessions/presentation/zeng
[200]
Eric Zeng and Franziska Roesner. 2019. Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design
Exploration and In-Home User Study. In Proceedings of USENIX Security 2019. USENIX, 159–176. https://www.usenix.org/conference/
usenixsecurity19/presentation/zeng
[201]
Bo Zhao. 2020. Unraveling Home Protection in the IoT Age: Living, Mixed Reality, and Home 2.0. Science and Technology Law Review
21, 1 (2020), 43–80. https://doi.org/10.7916/stlr.v21i1.5763
[202]
Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster. 2018. User Perceptions of Smart Home IoT Privacy. Proceedings of
the ACM on Human-Computer Interaction 2, CSCW, Article 200 (2018), 20 pages. https://doi.org/10.1145/3274469
[203]
Verena Zimmermann, Paul Gerber, Karola Marky, Leon Böck, and Florian Kirchbuchner. 2019. Assessing Users’ Privacy and Security
Concerns of Smart Home Technologies. i-com 18, 3 (2019), 197–216. https://doi.org/10.1515/icom-2019-0015
ACM Comput. Surv.