Smart home systems suffer from inadequate protection of user and device identity data privacy, coupled with fragmented threat analysis and risk management practices. Method: This paper proposes the first privacy engineering framework that centrally incorporates device identity privacy. It integrates Data Flow Diagrams (DFDs) with LINDDUN PRO for end-to-end threat modeling, and combines Privacy Impact Assessments (PIAs) with Privacy-Enhancing Technologies (PETs) to systematically identify, quantitatively assess, and prioritize privacy risks. Contributions: (1) It establishes— for the first time—the critical role of device identity privacy within smart home privacy engineering; (2) it introduces an actionable risk prioritization matrix and standardized mitigation strategies; and (3) it delivers implementable privacy governance pathways for device manufacturers, cloud service providers, end users, and regulatory authorities.

Addressing trust concerns in Smart Home (SH) systems is imperative due to the limited study on preservation approaches that focus on analyzing and evaluating privacy threats for effective risk management. While most research focuses primarily on user privacy, device data privacy, especially identity privacy, is almost neglected, which can significantly impact overall user privacy within the SH system. To this end, our study incorporates privacy engineering (PE) principles in the SH system that consider user and device data privacy. We start with a comprehensive reference model for a typical SH system. Based on the initial stage of LINDDUN PRO for the PE framework, we present a data flow diagram (DFD) based on a typical SH reference model to better understand SH system operations. To identify potential areas of privacy threat and perform a privacy threat analysis (PTA), we employ the LINDDUN PRO threat model. Then, a privacy impact assessment (PIA) was carried out to implement privacy risk management by prioritizing privacy threats based on their likelihood of occurrence and potential consequences. Finally, we suggest possible privacy enhancement techniques (PETs) that can mitigate some of these threats. The study aims to elucidate the main threats to privacy, associated risks, and effective prioritization of privacy control in SH systems. The outcomes of this study are expected to benefit SH stakeholders, including vendors, cloud providers, users, researchers, and regulatory bodies in the SH systems domain.