This is the third and final installment in the series on Lessons from Architecture School: Lessons for IoT Security. You can also read the first and second installments, or download the presentation. Thank you to the audience at Solid Conference for good questions and lively discussion.

Homes Are More Than Houses

Shop houses are a type of vernacular architecture built throughout Southeast Asia. Vernacular architecture is built using folk knowledge and local customs, typically without the use of an architect.

Shop houses, Singapore.

Shop houses are traditionally two levels with commercial space on the ground floor and a residence above. A typical feature is an awning protecting the street from sun and rain. Local custom, which became law in Singapore in the 1800s, is that the owner maintains the awning over a public passage or sidewalk, creating an interesting interplay between personal responsibility and the common good.

Despite widespread familiarity with the building type, there are better and worse examples of vernacular architecture because, despite having access to good precedents, not everyone does a good job with implementation. For example, an awning may be both legally required and obviously a good idea, and still be leaky or badly constructed.

Different types of knowledge — and different types of professional expertise — are necessary to make a successful building, just as they are for making successful security.

Security Thought-Starter

Don’t roll your own crypto. It’s easy to create a code that you yourself can’t crack that is trivially easy to a pro. Recent threats to Open Smart Grid show that creating a home-grown cryptographic solution leaves big vulnerabilities. Working with standard cryptographic libraries is one way to make sure your applications are using best-in-class security. Using open-source libraries also means that you (or experts) can validate the crypto. One venue for learning more is the Real World Crypto Conference, next held in Stanford, CA in January 2016.

UX Consideration

Exposing underlying systems can teach behavior. When electric cars first reached a mass audience, new dashboard interfaces educated drivers on the basics of how these unfamiliar systems work. Many Prius drivers didn’t know how internal combustion engines worked, which meant an explanation only in terms of difference would not be meaningful. Instead, UX design taught a bunch of people how to think about their car’s power source.

Toyota Prius dashboard

The design decisions in electric car dashboards have changed drivers’ behavior by helping them understand how the system works. Similarly, there is a huge opportunity for designers to create new interfaces to help people communicate securely. For example, simple visualizations of how the internet works could change users’ messaging behavior to become more security aware. The challenge is to show only appropriate complexity and not overwhelm the user with extraneous detail, just as the UX designers for the Prius selected only a few pieces of information that directly respond to changes in driving conditions.

^{Image of Shop houses, Singapore, by Peter Morgan, used under CC-BY-NC-ND}

^{Image of Toyota Prius dashboard, by It's Our City, used under CC-BY 2.0 (cropped)}