Educating Consumers on the Security and Privacy of Internet of Things (IoT) Devices

A Quantifiable Security Compliance Measurement System to Aid in Purchasing Decisions

  • Mahmood Khadeer University of Washington Bothell
  • Marc Dupuis University of Washington Bothell
  • Samreen Khadeer University of Washington Bothell
Keywords: Internet of Things, IoT, security, privacy, framework, consumer devices, quantifiable security compliance measurement system


As the adoption of technology grows, consumers have many avenues to buy IoT devices and install them for their needs yet they have very little information about the security of the devices. The companies that are manufacturing the devices have no incentive to invest in the security of the devices or to let consumers know the security status of their respective devices. The competitive cost and time pressure faced by manufacturers is causing consumers to suffer from the vulnerabilities in their devices. This project makes three contributions to the development of security verification for IoT devices. First, it develops a quantifiable security compliance measurement system to measure the security of consumer IoT (SCMSI) devices. The SCMSI framework uses the OTA recommended Trust Framework augmented with key design and development security concerns to develop the criteria to measure the devices. Second, a scoring model is developed for each of the security requirements in the SCMSI framework. Third, a consumer facing pilot website is built to show the proof of concept of evaluating IoT devices and providing security ratings to consumers. Limitations and future directions are discussed.