Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others. There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers. As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it. Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences. In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors. We have evaluated how trust was built and managed from the initial set-up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests). As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.

如今，诸如Amazon Echo和Google Home之类的智能家居设备已成为主流。这些设备位于用户家中，本质上具有侵入性，能够访问诸如用户名，性别，家庭住址，日历约会等信息。人们越来越担心在智能家居设备中不加选择地收集数据和侵犯用户隐私，但是研究表明，对于消费者而言，可感知的收益已超过可感知的风险。结果，消费者对这些设备非常信任，有时甚至没有意识到。不正确的信任假设和安全控制措施可能导致未经授权的设备访问和控制，从而可能导致严重的后果。在本文中，我们在信任关系方面探索了智能家居环境中诸如Amazon Echo和Google Home之类的设备的行为，并提出了一种信任模型来改善所有相关参与者之间的关系。我们已经评估了从初始设置阶段到正常操作阶段如何建立和管理信任，在此期间，我们与不同类型的用户（即所有者，来宾）进行了许多交互测试。结果，我们能够评估所提供安全控制措施的有效性并确定潜在的相关安全问题。为了解决已确定的问题，我们定义了一个信任模型，并提出了一个基于该模型的解决方案以进一步保护智能家居系统。我们已经评估了从初始设置阶段到正常操作阶段如何建立和管理信任，在此期间，我们与不同类型的用户（即所有者，来宾）进行了许多交互测试。结果，我们能够评估所提供安全控制措施的有效性并确定潜在的相关安全问题。为了解决已确定的问题，我们定义了一个信任模型，并提出了一个基于该模型的解决方案，以进一步保护智能家居系统。我们已经评估了从初始设置阶段到正常操作阶段如何建立和管理信任，在此期间，我们与不同类型的用户（即所有者，来宾）进行了许多交互测试。结果，我们能够评估所提供安全控制措施的有效性并确定潜在的相关安全问题。为了解决已确定的问题，我们定义了一个信任模型，并提出了一个基于该模型的解决方案以进一步保护智能家居系统。