Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Reviewing Two Decades of Security, Privacy, Accessibility, and Usability Studies on Internet of Things for Older Adults

Suleiman Saka, Sanchari Das

TL;DR

This SoK analyzes two decades of IoT research for older adults through a novel SPAU‑IoT Framework and age‑aware threat model. It systematically reviews 44 peer‑reviewed studies (2004–2024) to quantify penetration of security, privacy, accessibility, and usability controls, revealing strong emphasis on authentication and encryption but persistent gaps in accessibility and usability integration. The authors introduce 27 SPAU criteria, map threats via STRIDE/LINDDUN, and propose standards‑aligned, practical design guidelines (including edge gateways and caregiver controls) to secure IoT deployments for older adults. The work highlights systemic fragmentation in SPAU considerations and provides a reproducible blueprint to guide secure, inclusive IoT design for aging populations, with implications for policy, standardization, and future empirical validation.

Abstract

The Internet of Things (IoT) has the potential to enhance older adults' independence and quality of life, but it also exposes them to security, privacy, accessibility, and usability (SPAU) risks. We conducted a systematic review of 44 peer-reviewed studies published between 2004 and 2024 using a five-phase screening pipeline. From each study, we extracted data on study design, IoT type, SPAU measures, and identified research gaps. We introduce the SPAU-IoT Framework, which comprises 27 criteria across four dimensions: security (e.g., resilience to cyber threats, secure authentication, encrypted communication, secure-by-default settings, and guardianship features), privacy (e.g., data minimization, explicit consent, and privacy-preserving analytics), accessibility (e.g., compliance with ADA/WCAG standards and assistive-technology compatibility), and usability (e.g., guided interaction, integrated assistance, and progressive learning). Applying this framework revealed that more than 70% of studies implemented authentication and encryption mechanisms, whereas fewer than 50% addressed accessibility or usability concerns. We further developed a threat model that maps IoT assets, networks, and backend servers to exploit vectors such as phishing, caregiver exploitation, and weak-password attacks, explicitly accounting for age-related vulnerabilities including cognitive decline and sensory impairment. Our results expose a systemic lack of integrated SPAU approaches in existing IoT research and translate these gaps into actionable, standards-aligned design guidelines for IoT systems designed for older adults.

SoK: Reviewing Two Decades of Security, Privacy, Accessibility, and Usability Studies on Internet of Things for Older Adults

TL;DR

This SoK analyzes two decades of IoT research for older adults through a novel SPAU‑IoT Framework and age‑aware threat model. It systematically reviews 44 peer‑reviewed studies (2004–2024) to quantify penetration of security, privacy, accessibility, and usability controls, revealing strong emphasis on authentication and encryption but persistent gaps in accessibility and usability integration. The authors introduce 27 SPAU criteria, map threats via STRIDE/LINDDUN, and propose standards‑aligned, practical design guidelines (including edge gateways and caregiver controls) to secure IoT deployments for older adults. The work highlights systemic fragmentation in SPAU considerations and provides a reproducible blueprint to guide secure, inclusive IoT design for aging populations, with implications for policy, standardization, and future empirical validation.

Abstract

The Internet of Things (IoT) has the potential to enhance older adults' independence and quality of life, but it also exposes them to security, privacy, accessibility, and usability (SPAU) risks. We conducted a systematic review of 44 peer-reviewed studies published between 2004 and 2024 using a five-phase screening pipeline. From each study, we extracted data on study design, IoT type, SPAU measures, and identified research gaps. We introduce the SPAU-IoT Framework, which comprises 27 criteria across four dimensions: security (e.g., resilience to cyber threats, secure authentication, encrypted communication, secure-by-default settings, and guardianship features), privacy (e.g., data minimization, explicit consent, and privacy-preserving analytics), accessibility (e.g., compliance with ADA/WCAG standards and assistive-technology compatibility), and usability (e.g., guided interaction, integrated assistance, and progressive learning). Applying this framework revealed that more than 70% of studies implemented authentication and encryption mechanisms, whereas fewer than 50% addressed accessibility or usability concerns. We further developed a threat model that maps IoT assets, networks, and backend servers to exploit vectors such as phishing, caregiver exploitation, and weak-password attacks, explicitly accounting for age-related vulnerabilities including cognitive decline and sensory impairment. Our results expose a systemic lack of integrated SPAU approaches in existing IoT research and translate these gaps into actionable, standards-aligned design guidelines for IoT systems designed for older adults.

Paper Structure

This paper contains 35 sections, 2 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background and Motivation
  3. '' SPAU--IoT Framework''
  4. Framework Development
  5. Security Criteria
  6. Privacy Criteria
  7. Accessibility Criteria
  8. Usability Criteria
  9. Method
  10. Search Strategy (Keywords & Database)
  11. Keywords-based Search
  12. Title and Abstract Screening
  13. Full-Text Screening
  14. Data Analysis and Synthesis
  15. Results and Discussion
  16. ...and 20 more sections

Figures (2)

  • Figure 1: PRISMA Diagram Summarizing Study Design
  • Figure 2: IoT Threat Model for Older Adults derived from 44 peer-reviewed studies (2004–2024).