Rethinking home network security

The continued rise in the number of managed and unmanaged devices connected to home networks has expanded the threat surface in the home. We have seen increases in the number and impact of attacks targeting network and IoT devices in the home, yet effective mitigations targeting the home are still too few. Approaches have been proposed to holistically secure the home network, but such proposals also face a number of challenges in their practical uptake. More empirical research needs to be done to understand the context of use and needs of the stakeholders involved in securing home networks in order to rigorously evaluate and inform these solutions. As a step in this direction, we conduct a Grounded Theory exploration of context aimed at 1) understanding current security practice in the home to identify the areas that need improvement or support, and 2) identifying security-related practices in the home that could be leveraged to improve network security. We found evidence that current security practices in the home are focussed on securing endpoints; home users assess risk by evaluating the impact of a successful attack, and also the value of gain for the attacker; identification of security problems in the home is done through visibility of harm, security alerts and warnings, and intuition; incident management in the home is mostly done through social networks and often undertaken by trusted individuals as an informal duty of care. We discuss these findings and provide recommendations for improving network security in the home.