ABSTRACT
Data breaches place affected individuals at significant risk of identity theft. Yet, prior studies have shown that many consumers do not take protective actions after receiving a data breach notification from a company. We analyzed 161 data breach notifications sent to consumers with respect to their readability, structure, risk communication, and presentation of potential actions. We find that notifications are long and require advanced reading skills. Many companies downplay or obscure the likelihood of the receiver being affected by the breach and associated risks. Moreover, potential actions and offered compensations are frequently described in lengthy paragraphs instead of clearly listed. Little information is provided regarding an action's urgency and effectiveness; little guidance is provided on which actions to prioritize. Based on our findings, we provide recommendations for designing more usable and informative data breach notifications that could help consumers better mitigate the consequences of being affected by a data breach.
Supplemental Material
Available for Download
The auxiliary material consists of two parts. Appendix A is a list our analyzed data breach notifications retrieved from the website of Maryland's state attorney general's office, including some meta-data (e.g., types of breached information and how breach occurred) and URLs to the original file. Appendix B is the final version of our codebook used for the qualitative analysis.
- Lillian Ablon, Paul Heaton, Diana Catherine Lavery, and Sasha Romanosky. 2016. Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information. Technical Report. Rand Corporation. Google ScholarDigital Library
- Alessandro Acquisti, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Manya Sleeper, et al. 2017. Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online. ACM Computing Surveys (CSUR) 50, 3 (2017), 44. Google ScholarDigital Library
- Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2015. Privacy and human behavior in the age of information. Science 347, 6221 (2015), 509--514.Google Scholar
- Idris Adjerid, Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2013. Sleights of privacy: Framing, disclosures, and the limits of transparency. In Proceedings of the Ninth Symposium on Usable Privacy and Security. ACM, 9. Google ScholarDigital Library
- Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.. In USENIX Security Symposium, Vol. 13. Google ScholarDigital Library
- Hazim Almuhimedi, Adrienne Porter Felt, Robert W Reeder, and Sunny Consolvo. 2014. Your reputation precedes you: History, reputation, and the chrome malware warning. In Symposium on Usable Privacy and Security (SOUPS), Vol. 4. 2. Google ScholarDigital Library
- Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. In Proceedings of the 33rd Annual ACM conference on Human Factors in Computing Systems. ACM, 787--796. Google ScholarDigital Library
- American Bankers Association. 2018. Data Security & Customer Notification Requirements for Banks. https://www.aba.com/Tools/ Function/Technology/Pages/datasecuritynotification.aspx. Last accessed on: 09.13.2018.Google Scholar
- BBC. 2011. Using bullet points and numbers in lists. http://www.bbc.co.uk/skillswise/factsheet/en13styl-l1-f-bulletedand-numbered-points. Last accessed on: 01.06.2019.Google Scholar
- Fabio Bisogni. 2016. Proving Limits of State Data Breach Notification Laws: Is a Federal Law the Most Adequate Solution? Journal of Information Policy 6, 1 (2016), 154--205.Google ScholarCross Ref
- Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie Downs, and Saranga Komanduri. 2011. Bridging the gap in computer security warnings: A mental model approach. IEEE Security & Privacy 9, 2 (2011), 18--26. Google ScholarDigital Library
- Cristian Bravo-Lillo, Saranga Komanduri, Lorrie Faith Cranor, Robert W Reeder, Manya Sleeper, Julie Downs, and Stuart Schechter. 2013. Your attention please: designing security-decision UIs to make genuine risks harder to ignore. In Proceedings of the Ninth Symposium on Usable Privacy and Security. ACM, 6. Google ScholarDigital Library
- Ronald P Carver. 1983. Is reading rate constant or flexible? Reading Research Quarterly (1983), 190--215.Google Scholar
- F. H. Cate. 2010. The Limits of Notice and Choice. IEEE Security Privacy 8, 2 (2010), 59--62. Google ScholarDigital Library
- Alexander Chernev, Ulf Böckenholt, and Joseph Goodman. 2015. Choice overload: A conceptual review and meta-analysis. Journal of Consumer Psychology 25, 2 (2015), 333--358.Google ScholarCross Ref
- Lauren Lyons Cole. 2017. After the Equifax breach, consumers were advised to freeze their credit - but almost no one did it. http: //www.businessinsider.com/equifax-credit-freeze-2017--9. Last accessed on: 01.22.2018.Google Scholar
- Council of European Union. 2017. General Data Protection Regulation (GDPR). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri= CELEX:32016R0679. Last accessed on: 04.28.2018.Google Scholar
- Lorrie Faith Cranor. 2012. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. J. on Telecomm. & High Tech. L. 10 (2012), 273.Google Scholar
- Lorrie Faith Cranor, Pedro Giovanni Leon, and Blase Ur. 2016. A largescale evaluation of US financial institutions' standardized privacy notices. ACM Transactions on the Web (TWEB) 10, 3 (2016), 17. Google ScholarDigital Library
- Sauvik Das, Joanne Lo, Laura Dabbish, and Jason I Hong. 2018. Breaking! A Typology of Security and Privacy News and How It's Shared. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. ACM, 1. Google ScholarDigital Library
- Rachna Dhamija, J Doug Tygar, and Marti Hearst. 2006. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems. ACM, 581--590. Google ScholarDigital Library
- Anthony Downs. 1957. An economic theory of political action in a democracy. Journal of Political Economy 65, 2 (1957), 135--150.Google ScholarCross Ref
- Adrienne Porter Felt, Alex Ainslie, Robert W Reeder, Sunny Consolvo, Somas Thyagaraja, Alan Bettes, Helen Harris, and Jeff Grimes. 2015. Improving SSL warnings: Comprehension and adherence. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, 2893--2902. Google ScholarDigital Library
- Rudolf Franz Flesch et al. 1949. Art of readable writing. Harper.Google Scholar
- Alain Forget, Sonia Chiasson, Paul C van Oorschot, and Robert Biddle. 2008. Improving text passwords through persuasion. In Proceedings of the 4th Symposium on Usable Privacy and Security. ACM, 1--12. Google ScholarDigital Library
- Brian Fung. 2018. Equifax's massive 2017 data breach keeps getting worse. https://www.washingtonpost.com/news/the-switch/wp/ 2018/03/01/equifax-keeps-finding-millions-more-people-who-wereaffected-by-its-massive-data-breach/?noredirect=on&utmterm= .52f7af5c120a. Last accessed on: 09.09.2018.Google Scholar
- Loretta Garrison, Manoj Hastak, Jeanne M Hogarth, Susan Kleimann, and Alan S Levy. 2012. Designing Evidence-based Disclosures: A Case Study of Financial Privacy Notices. Journal of Consumer Affairs 46, 2 (2012), 204--234.Google ScholarCross Ref
- Gemalto. 2017. Data Breaches and Customer Loyalty 2017. Technical Report. Gemalto.Google Scholar
- General Assembly of Maryland. 2018. Md. Code Ann. Comm. Law 14--3504: Maryland's Personal Information Protection Act. http: //mgaleg.maryland.gov/webmga/frmStatutesText.aspx?article= gcl§ion=14--3501&ext=html&session=2017RS&tab=subject5. Last accessed on: 06.05.2018.Google Scholar
- Joshua Gluck, Florian Schaub, Amy Friedman, Hana Habib, Norman Sadeh, Lorrie Faith Cranor, and Yuvraj Agarwal. 2016. How short is too short? Implications of length and framing on the effectiveness of privacy notices. In 12th Symposium on Usable Privacy and Security (SOUPS). 321--340. Google ScholarDigital Library
- Maximilian Golla, Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, and Blase Ur. 2018. What was that site doing with my Facebook password?: Designing Password-Reuse Notifications. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1549--1566. Google ScholarDigital Library
- Kelli Grant. 2017. Identity theft, fraud cost consumers more than $16 billion. https://www.cnbc.com/2017/02/01/consumers-lost-morethan-16b-to-fraud-and-identity-theft-last-year.html Last accessed on: 06.19.2018.Google Scholar
- Claire Greene and Joanna Stavins. 2017. Did the Target data breach change consumer assessments of payment card security? Journal of Payments Strategy & Systems 11, 2 (2017), 121--133.Google Scholar
- Robert Gunning. 1969. The fog index after twenty years. Journal of Business Communication 6, 2 (1969), 3--13.Google ScholarCross Ref
- Erika Harrell and Lynn Langton. 2015. Victims of identity theft, 2014. Technical Report.Google Scholar
- HIPPA Journal. 2017. What are the HIPAA Breach Notification Requirements? https://www.hipaajournal.com/hipaa-breach-notificationrequirements/. Last accessed on: 09.13.2018.Google Scholar
- Mark Hochhauser. 2001. Lost in the Fine Print: Readability of Financial Privacy Notices. https://www.privacyrights.org/blog/lost-fine-printreadability-financial-privacy-notices-hochhauser. Last accessed on: 09.13.2018.Google Scholar
- Alexander Jenkins, Murugan Anandarajan, and Rob D'Ovidio. 2014. "All that Glitters is not Gold': The Role of Impression Management in Data Breach Notification. Western Journal of Communication 78, 3 (2014), 337--357.Google ScholarCross Ref
- Carlos Jensen and Colin Potts. 2004. Privacy policies as decisionmaking tools: an evaluation of online privacy notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 471--478. Google ScholarDigital Library
- Elizabeth Keyes. 1993. Typography, color, and information structure. Technical communication (1993), 638--654.Google Scholar
- Bart P Knijnenburg and Alfred Kobsa. 2013. Making decisions about privacy: information disclosure in context-aware recommender systems. ACM Transactions on Interactive Intelligent Systems (TiiS) 3, 3 (2013), 20. Google ScholarDigital Library
- Jeffery Kosseff. 2016. My company has had a breach: Whom do I have to notify? https://iapp.org/news/a/my-company-has-had-a-breachwho-do-i-have-to-notify/. Last accessed on: 09.18.2018.Google Scholar
- Thomas Kude, Hartmut Hoehle, and Tracy Ann Sykes. 2017. Big data breaches and customer compensation strategies: Personality traits and social influence as antecedents of perceived compensation. International Journal of Operations & Production Management 37, 1 (2017), 56--74.Google ScholarCross Ref
- Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser. 2017. Research methods in human-computer interaction. Morgan Kaufmann.Google Scholar
- Joseph Lazzarotti, Jason Gavejian, and Maya Atrakchi. 2018. Security Breach Notification Laws. http://www.ncsl.org/research/ telecommunications-and-information-technology/security-breachnotification-laws.aspx. Last accessed on: 06.05.2018.Google Scholar
- Johnny Lieu. 2017. Terms and Conditions are too long, just ask a guy who read Amazon's for 9 hours. https://mashable.com/2017/03/15/ reading-amazons-terms-conditions/#IQDa1u7BsOq0. Last accessed on: 09.13.2018.Google Scholar
- Ewa Luger, Stuart Moran, and Tom Rodden. 2013. Consent for all: revealing the hidden complexity of terms and conditions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2687--2696. Google ScholarDigital Library
- Bernard Mar. 2018. GDPR: The Biggest Data Breaches And The Shocking Fines (That Would Have Been). https://www.forbes.com/ sites/bernardmarr/2018/06/11/gdpr-the-biggest-data-breaches-andthe-shocking-fines-that-would-have-been/#199b5b4b6c10. Last accessed on: 09.18.2018.Google Scholar
- Maryland Coordination and Analysis Center. 2018. Maryland Data Breach Notification Law Updated. http://www.mcac.maryland.gov/ newsroom/Critical%20Infrastructure%20News/maryland-databreach-notification-law-updated. Last accessed on: 06.05.2018.Google Scholar
- Maryland's State Attorney General. 2018. Guidelines for businesses to comply with the Maryland Personal Information Protection Act. http://www.marylandattorneygeneral.gov/Pages/IdentityTheft/ businessGL.aspx. Last accessed on: 06.05.2018.Google Scholar
- Aleecia M McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4 (2008), 543.Google Scholar
- Vyacheslav Mikhed and Michael Vogan. 2015. Out of sight, out of mind: consumer reaction to news on data breaches and identity theft. (2015). Working Paper.Google Scholar
- Drew Mitnick. 2018. No more waiting: it's time for a federal data breach law in the U.S. https://www.accessnow.org/no-more-waitingits-time-for-a-federal-data-breach-law-in-the-u-s/. Last accessed on: 09.18.2018.Google Scholar
- M Granger Morgan, Baruch Fischhoff, Ann Bostrom, and Cynthia J Atman. 2002. Risk communication: A mental models approach. Cambridge University Press.Google Scholar
- National Conference of State Legislators. 2018. 2018 Security Breach Legislation. http://www.ncsl.org/research/telecommunications-andinformation-technology/2018-security-breach-legislation.aspx. Last accessed on: 09.13.2018.Google Scholar
- Jakob Nielsen. 1997. How Users Read on the Web.Google Scholar
- Patricia A Norberg, Daniel R Horne, and David A Horne. 2007. The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of Consumer Affairs 41, 1 (2007), 100--126.Google ScholarCross Ref
- Don Norman. 2013. The design of everyday things: Revised and expanded edition. Constellation.Google Scholar
- Eyal Peer and Alessandro Acquisti. 2016. The impact of reversibility on the decision to disclose personal information. Journal of Consumer Marketing 33, 6 (2016), 428--436.Google ScholarCross Ref
- Justin Petelka, Yixin Zou, and Florian Schaub. 2019. Put Your Warning Where Your Link Is: Improving and Evaluating Email Phishing Warnings. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM. Google ScholarDigital Library
- Ponemon Institute. 2014. The Aftermath of a Data Breach: Consumer Sentiment. Technical Report. Ponemon Institute LLC.Google Scholar
- Privacy Rights Clearinghouse. 2016. What to Do When You Receive A Data Breach Notice. https://www.privacyrights.org/consumerguides/what-do-when-you-receive-data-breach-notice. Last accessed on: 09.13.2018.Google Scholar
- Privacy Rights Clearinghouse. 2018. Data Breaches. https:// www.privacyrights.org/data-breaches. Last accessed on: 09.13.2018.Google Scholar
- Robert W Proctor, M Athar Ali, and Kim-Phuong L Vu. 2008. Examining usability of web privacy policies. Intl. Journal of Human--Computer Interaction 24, 3 (2008), 307--328.Google ScholarCross Ref
- Ashwini Rao, Florian Schaub, Norman Sadeh, Alessandro Acquisti, and Ruogu Kang. 2016. Expecting the unexpected: Understanding mismatched privacy expectations online. In Symposium on Usable Privacy and Security (SOUPS), Vol. 4. 2. Google ScholarDigital Library
- Joel R Reidenberg, Jaspreet Bhatia, Travis D Breaux, and Thomas B Norton. 2016. Ambiguity in privacy policies and the impact of regulation. The Journal of Legal Studies 45, S2 (2016), S163--S190.Google ScholarCross Ref
- Joel R Reidenberg, Travis Breaux, Lorrie Faith Cranor, Brian French, Amanda Grannis, James T Graves, Fei Liu, Aleecia McDonald, Thomas B Norton, and Rohan Ramanath. 2015. Disagreeable privacy policies: Mismatches between meaning and users' understanding. Berkeley Tech. LJ 30 (2015), 39.Google Scholar
- Joel R Reidenberg, N Cameron Russell, Alexander J Callen, Sophia Qasir, and Thomas B Norton. 2015. Privacy harms and the effectiveness of the notice and choice framework. ISJLP 11 (2015), 485.Google Scholar
- Alex Reynolds. 2017. GDPR matchup: US state data breach laws. https: //iapp.org/news/a/gdpr-match-up-u-s-state-data-breach-laws/. Last accessed on: 09.18.2018.Google Scholar
- Sasha Romanosky, Rahul Telang, and Alessandro Acquisti. 2011. Do data breach disclosure laws reduce identity theft? Journal of Policy Analysis and Management 30, 2 (2011), 256--286.Google ScholarCross Ref
- Manuel Rudolph, Denis Feth, and Svenja Polst. 2018. Why Users Ignore Privacy Policies--A Survey and Intention Model for Explaining User Privacy Behavior. In International Conference on Human-Computer Interaction. Springer, 587--598.Google Scholar
- Sonam Samat and Alessandro Acquisti. 2017. Format vs. Content: The Impact of Risk and Presentation on Disclosure Decisions. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). 377--384. Google ScholarDigital Library
- Sonam Samat, Alessandro Acquisti, and Linda Babcock. 2017. Raise the Curtains: The Effect of Awareness About Targeting on Consumer Attitudes and Purchase Intentions. In Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017). USENIX Association, 299--319. Google ScholarDigital Library
- F. Schaub, R. Balebako, and L. F. Cranor. 2018. Designing Effective Privacy Notices and Controls. IEEE Internet Computing (2018), 1--1. Google ScholarDigital Library
- Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). 1--17. Google ScholarDigital Library
- Benjamin Scheibehenne, Rainer Greifeneder, and Peter M Todd. 2010. Can there ever be too many options? A meta-analytic review of choice overload. Journal of Consumer Research 37, 3 (2010), 409--425.Google ScholarCross Ref
- Barry Schwartz. 2004. The paradox of choice: Why more is less. Ecco New York.Google Scholar
- Tali Sharot. 2011. The optimism bias. Current biology 21, 23 (2011), R941--R945.Google Scholar
- Robert H Sloan and Richard Warner. 2014. Beyond notice and choice: Privacy, norms, and consent. J. High Tech. L. 14 (2014), 370.Google Scholar
- Paul Slovic, Baruch Fischhoff, and Sarah Lichtenstein. 1979. Rating the risks. Environment: Science and Policy for Sustainable Development 21, 3 (1979), 14--39.Google ScholarCross Ref
- Peter Swire and Kenesa Ahmad. 2012. Foundations of Information Privacy and Data Protection. International Association of Privacy Professionals.Google Scholar
- Richard H Thaler and Cass R Sunstein. 2008. Nudge: Improving decisions about health, wealth, and happiness. HeinOnline.Google Scholar
- The California State Government. 2003. California Civ. Code s. 1798.82(a). https://leginfo.legislature.ca.gov/faces/ codesdisplaySection.xhtml?lawCode=CIV§ionNum=1798.82. Last accessed on: 06.05.2018.Google Scholar
- The Federal Trade Commission. 2018. Gramm-Leach-Bliley Act. https://www.ftc.gov/tips-advice/business-center/privacy-andsecurity/gramm-leach-bliley-act. Last accessed on: 09.13.2018.Google Scholar
- The Privacy Rights Clearinghouse. 2018. Data Breaches. https:// www.privacyrights.org/data-breaches. Last accessed on: 12.19.2018.Google Scholar
- The U.S. Government Printing Office. 1996. Health Insurance Portability and Accountability Act of 1996, Public Law 104191. https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/html/PLAW104publ191.htm. Last accessed on: 09.18.2018.Google Scholar
- Susan Tompor. 2018. Credit freeze: A misunderstood freebie that you actually want. https://www.freep.com/story/money/personalfinance/susan-tompor/2018/09/06/equifax-freeze-credit-breach/ 1156255002/. Last accessed on: 09.13.2018.Google Scholar
- Janice Y Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. 2011. The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research 22, 2 (2011), 254--268. Google ScholarDigital Library
- United States Congress. 1999. S.900 - Gramm-Leach-Bliley Act. https: //www.congress.gov/bill/106th-congress/senate-bill/00900. Last accessed on: 09.13.2018.Google Scholar
- Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, et al. 2012. How does your password measure up? The effect of strength meters on password creation.. In USENIX Security Symposium. 65--80. Google ScholarDigital Library
- Matthew W Vail, Julia B Earp, and Annie I Antón. 2008. An empirical study of consumer perceptions and comprehension of web site privacy policies. IEEE Transactions on Engineering Management 55, 3 (2008), 442--454.Google ScholarCross Ref
- Jennifer R Veltsos. 2012. An analysis of data breach notifications as negative news. Business Communication Quarterly 75, 2 (2012), 192--207.Google ScholarCross Ref
- Melanie Volkamer, Karen Renaud, Benjamin Reinheimer, and Alexandra Kunz. 2017. User experiences of TORPEDO: tooltip-powered phishing email detection. Computers & Security 71 (2017), 100--113. Google ScholarDigital Library
- Paul Wagenseil. 2017. What to Do After a Data Breach. https:// www.tomsguide.com/us/data-breach-to-dos,news-18007.html. Last accessed on: 09.13.2018.Google Scholar
- Yang Wang, Pedro Giovanni Leon, Alessandro Acquisti, Lorrie Faith Cranor, Alain Forget, and Norman Sadeh. 2014. A field trial of privacy nudges for facebook. In Proceedings of the SIGCHI conference on human factors in computing systems. ACM, 2367--2376. Google ScholarDigital Library
- Kelce Wilson. 2018. Data breach notifications may facilitate identity theft. https://iapp.org/news/a/data-breach-notifications-mayfacilitate-identity-theft/. Last accessed on: 09.13.2018.Google Scholar
- Shomir Wilson, Justin Cranshaw, Norman Sadeh, Alessandro Acquisti, Lorrie Faith Cranor, Jay Springfield, Sae Young Jeong, and Arun Balasubramanian. 2013. Privacy manipulation and acclimation in a location sharing application. In Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, 549--558. Google ScholarDigital Library
- Yixin Zou, Abraham H. Mhaidli, Austin McCall, and Florian Schaub. 2018. "I've Got Nothing to Lose": Consumers' Risk Perceptions and Protective Actions after the Equifax Data Breach. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS). Google ScholarDigital Library
Index Terms
- You `Might' Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications
Recommendations
Internet of Things security
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
Help Wanted: Consumer Privacy Behavior and Smart Home Internet of Things (IoT) Devices
SIGITE '18: Proceedings of the 19th Annual SIG Conference on Information Technology EducationThe infrastructure of smart home IoT devices is complex and the combination of data streams that run throughout it is convoluted. This poses a threat to consumer privacy. However, consumers fall short of adopting privacy protection measures. This study ...
Taxonomy and analysis of security protocols for Internet of Things
AbstractThe Internet of Things (IoT) is a system of physical as well as virtual objects (each with networking capabilities incorporated) that are interconnected to exchange and collect information locally or remotely over the Internet. Since ...
Highlights- We first discuss essential security requirements that are needed to secure IoT environment. We also discuss the threat model and various attacks related to ...
Comments