Table 4.
Proposed security threat and risk countermeasures to be applied in IoT-based smart home environments.
| Threat ID | Possible Mitigation Approaches |
|---|---|
| Control access to the system using efficient biometric identifiers [49] | |
| 1 | Implement a user awareness program to make users aware of social engineering |
| Implement multi-factor authentication | |
| Avoid using insecure Wi-Fi, which gives hackers access to personal data | |
| 2 | Set up a secure network before using a home automation application |
| Be aware of stolen or lost devices | |
| Use a secure communication channel by utilizing a secure virtual private network (VPN) | |
| 3 | Limit network traffic such that it is accessible only to authorized users |
| Develop a security awareness training program for smart home inhabitants | |
| Use an intrusion detection system (IDS) / intrusion prevention system (IPS) | |
| 4 | Use encryption mechanisms for security data transmission [50] |
| Perform frequent data backups to keep copies of sensitive data | |
| Secure the physical locations of installed devices | |
| 5 | Provide secure access to device configuration interfaces |
| Replace the default usability configuration of installed devices | |
| Use commodity hardware and software to collect and examine network traffic [33,34] | |
| 6 | Create backups of the working system’s configurations |
| Always monitor system’s performance, looking for misbehavior incidents | |
| Apply a strong authentication mechanism such as fingerprint authentication [51] | |
| 7 | Offer awareness and training programs regarding system security |
| Ensure that system configurations are secure and performed by authentic people | |
| Restrict physical access to devices to only authentic people | |
| 8 | Avoid infrastructure outsourcing to a third-party service provider |
| Modify default device configurations to achieve a better security level | |
| Disable unnecessary location tracking services on mobile devices | |
| 9 | Develop a good understanding of user privacy concerns |
| Track system behavior to identify any suspicious privacy leakage | |
| Use only trusted and authentic networks (wired or wireless) | |
| 10 | Share information carefully and in a restricted manner |
| Use only trusted providers to receive technical support for hardware failures in smart home |