Mobile App · Internet of Things · Smart Home
Mobile App · Internet of Things · Smart Home
Research Project | Fall 2018 to Present (Ongoing)
Professor Jason Hong
Teammate Se One Park (designer), Hyun Woo Paik (designer), Qinyi (Front-End Developer), Meenakshy and Tianyi (Back-End Developers)
My Role User Research and Testing, Concept Development, Re-design of UI, Partner with Engineers to Design Data Flow in Hub
The Internet of Things is rapidly growing as a market for consumer electronics and the IoT-ecosystem is becoming increasingly complex. However, there are a large host of challenges for making IoT work reliably in the home.
With continuous news on IoT cybercrime and the ever widening IoT eco-system, Intel and CMU CHIMPS Lab initiated this project to explore and design ways to enhance user control on IoT privacy and increase data security and transparency.
This is an ongoing research project mainly focuses on two problem areas:
How can we make it easy for everyday users to manage dozens or hundreds of smart devices with different user interface (possibly no interface at all)?
How can we help people with little expertise manage the privacy and security of their devices, especially in the case of multiple users?
We propose to design, build and evaluate an IoT Hub that offers services and functionality to help managing and securing IoT devices. The IoT Hub will make it easy to add, manage, connect, and secure Internet of Things devices in the context of homes, especially low-end devices that have minimal computational and networking capabilities.
The Hub will act like a smart WiFi router and operating system for connected IoT devices to offer common services such as:
fine-grain access management for family members and guests
intuitive device organization
status and automated software updates
restricted network communication and enhanced privacy control
To tackle the privacy issues with existing IoT eco-system and to discover design opportunities in frictionless interactions, I did background research and interviewed engineers regarding the intended back-end implementation of the IoT Hub to understand the technical limitations, specifically about the ways in which smart devices communicate with the network.
The Hub will take simply a basic set of Metadata from each IoT device, as Metadata is lightweight and easy to adopt for both legacy and new IoT devices. Use a simple and minimal set of REST-based protocols to read the Metadata, the Hub can remain lightweight and easily scalable. These metadata include:
Static: such as device manufacturer, serial ID, picture of the device
Dynamic: such as battery life, device on or off
User-set: such as name of device and location
The three features including static Metadata as well as proximity by default are used for security:
Periodic software updates through IoT Hub with update URLs, as most vulnerabilities in devices are due to outdated softwares
Utilizes Manufacturer Usage Description (MUD) as a whitelist with restricted websites an IoT device can access for manufacturers (or other entities) to specify normal behaviors for devices.
Proximity by Default: users have to prove proximity to before they can access the Hub and devices, as unfettered remote access is a major source of security problems for IoT.
After background research and gathering information from previous designer about reasons behind key design decisions, we conducted card sorting and user interviews to examine previous insights about user behaviors.
During card sorting sessions, participants were provided with 40 smart devices that exist in different physical space in the context of a home (e.g. TV, thermometer, refrigerator, game consoles, etc).
Two questions are the main focus of this phase of the research:
How do people organize and interact with numerous devices in the the context of home?
What are the different access scenarios for families and guests and how can flexibility be achieved without compromising privacy and security?
Differ from previous findings that people associate devices based on their physical location, the card sorting shows that:
Based on the discoveries, to implement a relatively simple and effective approach that is easy to adopt and extensible, I created a flow chart that illustrates the process from on-boarding to managing devices, and to access control.
Before we dived into the design process, we conducted competitive analysis on the existing IoT home assistant apps to get an understanding about the current features and identified our competitive edge in fine-grain access management and enhanced privacy and security control.
We started out by designing the on-boarding experience to add devices and rooms to the IoT Hub, as this was not explored in the previous design. Then, we focused on improving the high fidelity UI design of the screens regarding viewing and managing the devices.
The current on-boarding process includes confirming user address, naming the house, conforming contact information and creating the login and password.
User creates a series of rooms with customized names, and then detect devices in the room based on wifi connectivity.
The homepage contains search bar and recently used section allows for direct access to find and control devices. The notification section presents the most important information that requires immediate attention and action. The What’s On targets users’ need for privacy, to help them quickly locate sensitive devices in the physical space.
The admin user can create different device access at a group level for easy management, and invite members into the group. Group member will inherit group-level access by default, and can be customized to individual access as well.
Users can quickly find devices by room or by functionality, and can keep track of device access setting, status history, activity logs and different privacy settings.
The re-design of the home screen features:
A clear information hierarchy with sectional organizations for different user actions based on priority.
Direct notifications for users about security and device status, which need immediate actions or attention
Easy control of simple and most used devices like lamp with a single toggle on the home screen
Activity logs allow user to view the activity histories of various devices sorted by function and help identify and locate abnormal activities for security.
The access page is designed to accommodate different groups with various levels of access to devices granted by the admin user.
For security and privacy purpose, the default will be that new members have no access to any device. The device permission layer per guest allows admin user to grant access to each added member.
The device permission page is solely for managing device access for individual member. The admin user can grant access by rooms or functions, such flexibility comes in handy particularly for managing airbnb guest.
Overall Iteration Process
We are in the process of simplifying the on-boarding process even more by exploring auto-generated list of rooms and auto-categorization of devices based on device metadata.
We are exploring more managing access control features in the Airbnb scenario where the member in the group stays for different durations of time, and the list of members is constantly changing.
We will also explore the opportunities in increasing users’ awareness of the status of devices in the room (whether they’re actively watching or recording) and how can the design empower users in learning about cyber security.