SecureTAP: a conversational agent for secure and privacy-aware smart home automations

The rapid growth of Internet of Things (IoT) devices in smart homes presents significant opportunities for enhanced convenience and automation but also introduces notable challenges, particularly in terms of security, privacy, and understandability for non-expert users. This paper presents SecureTAP, a conversational agent designed to assist users in creating and modifying trigger-action programming (TAP) automations in smart home environments. The system leverages GPT-4o's capabilities to identify potential security vulnerabilities and privacy concerns in automation rules, offering users proactive mitigation strategies. Through an iterative process of prompt engineering, we developed a system that analyses automations, identifies risks, and suggests safer configurations to safeguard user privacy and security in IoT smart spaces. A user study with 15 participants evaluated the effectiveness of SecureTAP in addressing security and privacy issues, as well as user trust in the assistant's recommendations. Results indicated that SecureTAP effectively simplified the automation process while raising users' awareness of potential security and privacy concerns.