ABSTRACT
The Internet of Things (IoT) systems are designed and developed either as standalone applications from the ground-up or with the help of IoT middleware platforms. They are designed to support different kinds of scenarios, such as smart homes and smart cities. Thus far, privacy concerns have not been explicitly considered by IoT applications and middleware platforms. This is partly due to the lack of systematic methods for designing privacy that can guide the software development process in IoT. In this paper, we propose a set of guidelines, a privacy by-design framework, that can be used to assess privacy capabilities and gaps of existing IoT applications as well as middleware platforms. We have evaluated two open source IoT middleware platforms, namely OpenIoT and Eclipse SmartHome, to demonstrate how our framework can be used in this way.
- Philip A Bernstein. 1996. Middleware: A Model for Distributed System Services. Commun. ACM 39, 2 (feb 1996), 86--98. Google ScholarDigital Library
- Ljiljana Brankovic and Vladimir Estivill-castro. 1999. Privacy issues in knowledge discovery and data mining. In In Proc. of Australian Institute of Computer Ethics Conference (AICEC99. 89--99.Google Scholar
- Ann Cavoukian. 2010. Resolution on Privacy by Design. In 32nd International Conference of Data Protection and Privacy Commissioners.Google Scholar
- Amir Chaudhry, Jon Crowcroft, Heidi Howard, Anil Madhavapeddy, Richard Mortier, Hamed Haddadi, and Derek McAuley. 2015. Personal Data: Thinking Inside the Box. In 5th decennial Aarhus conferences (Aarhus 2015 Critical Alternatives). Google ScholarDigital Library
- Valentina Ciriani, Sabrina De Capitani Di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati. 2010. Combining Fragmentation and Encryption to Protect Privacy in Data Storage. ACM Trans. Inf. Syst. Secur. 13, 3 (jul 2010), 22:1----22:33. Google ScholarDigital Library
- Chris Clifton, Murat Kantarcio\vglu, AnHai Doan, Gunther Schadow, Jaideep Vaidya, Ahmed Elmagarmid, and Dan Suciu. 2004. Privacy-preserving Data Integration and Sharing. In Proceedings of the 9th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery (DMKD '04). ACM, New York, NY, USA, 19--26. Google ScholarDigital Library
- European Commission. 2015. Internet Of Things Iot Governance, Privacy And Security Issues European Research Cluster On The Internet Of Things. Technical Report.Google Scholar
- Joan Daemen and Vincent Rijmen. 2002. The design of AES- the Advanced Encryption Standard. Spring{\-}er-Ver{\-}lag. 238 pages.Google Scholar
- George Danezis, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Le Métayer, Rodica Tirtea, and Stefan Schiffner. 2014. Privacy and Data Protection by Design from policy to engineering. Technical Report. European Union Agency for Network and Information Security (ENISA). 1--79 pages.Google Scholar
- Yves-Alexandre de Montjoye, Erez Shmueli, Samuel S Wang, and Alex Sandy Pentland. 2014. openPDS: Protecting the Privacy of Metadata through SafeAnswers. PLoS ONE 9, 7 (2014), e98790.Google ScholarCross Ref
- Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3--32. Google ScholarDigital Library
- C Efthymiou and G Kalogridis. 2010. Smart Grid Privacy via Anonymization of Smart Metering Data. In Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on. 238--243.Google ScholarCross Ref
- Federal Trade Commission. 2015. Internet of Things: Privacy and Security in a Connected World. Ftc staff report. Federal Trade Commission.Google Scholar
- Caroline Fontaine and Fabien Galand. 2007. A Survey of Homomorphic Encryption for Nonspecialists. EURASIP J. Inf. Secur. 15 (jan 2007), 1--15.Google Scholar
- Carl S French. 1996. Data Processing and Information Technology. Cengage Learning Business Press.Google Scholar
- David Gascon. 2015. IoT Security Infographic Privacy, Authenticity, Confidentiality and Integrity of the Sensor Data. The Invisible Asset. Technical Report. Libelium.Google Scholar
- Craig Gentry. 2009. Fully Homomorphic Encryption Using Ideal Lattices. In Proceedings of the 41 Annual ACM Symposium on Theory of Computing (STOC '09). ACM, NY, USA, 169--178. Google ScholarDigital Library
- Joao Girao, Dirk Westhoff, Einar Mykletun, and Toshinori Araki. 2007. TinyPEDS: Tiny Persistent Encrypted Data Storage in Asynchronous Wireless Sensor Networks. Ad Hoc Netw. 5, 7 (sep 2007), 1073--1089. Google ScholarDigital Library
- Yuri Gurevich, Efim Hudis, and Jeannette Wing. 2014. Inverse Privacy. Technical Report MSR-TR-2014-100.Google Scholar
- Jaap-Henk Hoepman. 2014. Privacy Design Strategies. In ICT Systems Security and Privacy Protection, Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, and Thierry Sans (Eds.). IFIP Advances in Information and Communication Technology, Vol. 428. Springer Berlin Heidelberg, 446--459.Google Scholar
- Michael Howard and Steve Lipner. 2006. The security development lifecycle: SDL, a process for developing demonstrably more secure software. Microsoft Press. Google ScholarDigital Library
- Prem Prakash Jayaraman, Charith Perera, Dimitrios Georgakopoulos, Schahram Dustdar, Dhavalkumar Thakker, and Rajiv Ranjan. 2016. Analytics-as-a-service in a multi-cloud environment through semantically-enabled hierarchical data processing. Software: Practice and Experience (aug 2016).Google Scholar
- P Kotzanikolaou. 2008. Data Retention and Privacy in Electronic Communications. Security Privacy, IEEE 6, 5 (sep 2008), 46--52. Google ScholarDigital Library
- Bingdong Li, Esra Erdin, Mehmet Hadi Güne\cs, George Bebis, and Todd Shipley. 2011. Traffic Monitoring and Analysis: Third International Workshop, TMA 2011, Vienna, Austria, April 27, 2011. Proceedings. Springer Berlin Heidelberg, Berlin, Heidelberg, Chapter An Analysi, 108--121.Google Scholar
- S Lindsey, C Raghavendra, and K M Sivalingam. 2002. Data gathering algorithms in sensor networks using energy metrics. Parallel and Distributed Systems, IEEE Transactions on 13, 9 (sep 2002), 924--935. Google ScholarDigital Library
- William Lowrance. 2003. Learning from experience: privacy and the secondary use of data in health research. Journal of Health Services Research & Policy 8, suppl 1 (2003), 2--7.Google ScholarCross Ref
- Y Ma, Y Guo, X Tian, and M Ghanem. 2011. Distributed Clustering-Based Aggregation Algorithm for Spatial Correlated Sensor Networks. IEEE Sensors Journal 11, 3 (mar 2011), 641--648.Google ScholarCross Ref
- Joe Oates, Chuck Kelley, and Les Barbusinski. 2002. What does granularity mean in the context of a data warehouse and what are the various levels of granularity? information-management.com. SourceMedia.Google Scholar
- Ernesto Damiani; Francesco Pagano; Davide Pagano. 2011. iPrivacy: A Distributed Approach to Privacy on the Cloud. International Journal on Advances in Security 4, 3 (2011).Google Scholar
- Charith Perera, Chi Harold Liu, and Srimal Jayawardena. 2015a. The Emerging Internet of Things Marketplace from an Industrial Perspective: A Survey. IEEE Transactions on Emerging Topics in Computing 3, 4 (2015), 585--598. Google ScholarDigital Library
- Charith Perera, Rajiv Ranjan, and Lizhe Wang. 2015b. End-to-End Privacy for Open Big Data Markets. IEEE Cloud Computing 2, 4 (jul 2015), 44--53.Google ScholarCross Ref
- Charith Perera, Rajiv Ranjan, Lizhe Wang, Samee U. Khan, and Albert Y. Zomaya. 2015c. Big data privacy in the internet of things era. IT Professional 17, 3 (2015), 32--39.Google ScholarDigital Library
- Charith Perera, Dumidu Talagala, Chi Harold Liu, and Julio C. Estrella. 2015d. Energy-Efficient Location and Activity-Aware On-Demand Mobile Distributed Sensing Platform for Sensing as a Service in IoT Clouds. IEEE Transactions on Computational Social Systems 2, 4 (dec 2015), 171--181.Google ScholarCross Ref
- Charith Perera, Arkady Zaslavsky, Peter Christen, and Dimitrios Georgakopoulos. 2014. Context Aware Computing for The Internet of Things: A Survey. Communications Surveys Tutorials, IEEE 16, 1 (2014), 414--454.Google Scholar
- Shauna Michelle Policicchio and Attila A Yavuz. 2015. Preventing Memory Access Pattern Leakage in Searchable Encryption. In iConference 2015 Proceedings. iSchools.Google Scholar
- Dorian Pyle. 1999. Data preparation for data mining. Morgan Kaufmann Publishers, San Francisco, Calif. Google ScholarDigital Library
- R Rajagopalan and P K Varshney. 2006. Data-aggregation techniques in sensor networks: A survey. Communications Surveys Tutorials, IEEE 8, 4 (2006), 48--63. Google ScholarDigital Library
- Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Computer Networks 57, 10 (2013), 2266--2279. Google ScholarDigital Library
- S. Spiekermann and L.F. Cranor. 2009. Engineering Privacy. IEEE Transactions on Software Engineering 35, 1 (jan 2009), 67--82. Google ScholarDigital Library
- Mark Stanislav and Tod Beardsley. 2015. HACKING IoT: A Case Study on Baby Monitor Exposures and Vulnerabilities. Technical Report. Rapid7.Google Scholar
- Jun-Zhao Sun. 2009. Adaptive Determination of Data Granularity for QoS-Constraint Data Gathering in Wireless Sensor Networks. In Ubiquitous, Autonomic and Trusted Computing, 2009. UIC-ATC '09. Symposia and Workshops on. 401--405. Google ScholarDigital Library
- TRUSTe. 2016. Privacy Assessments & Certifications Overview. Datasheets.Google Scholar
Index Terms
- Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms
Recommendations
Privacy and Security Challenges in Internet of Things
ICDCIT 2015: Proceedings of the 11th International Conference on Distributed Computing and Internet Technology - Volume 8956Internet of Things IoT envisions as a global network, connecting any objects around us, ranging from home appliances, wearable things to military applications. With IoT infrastructure, physical objects such as wearable objects, television, refrigerator, ...
Privacy preserving Internet of Things
The Internet of Things (IoT) is the latest web evolution that incorporates billions of devices that are owned by different organisations and people who are deploying and using them for their own purposes. IoT-enabled harnessing of the information that ...
Designing privacy-aware internet of things applications
Highlights- We evaluate how a proposed set of privacy guidelines can be used to effectively improve the IoT application designs. In support of this, we integrate the ...
AbstractInternet of Things (IoT) applications typically collect and analyse personal data that can be used to derive sensitive information about individuals. However, thus far, privacy concerns have not been explicitly considered in software ...
Comments