research-article

Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms

Authors:

Charith Perera,

Ciaran McCormick,

Arosha K. Bandara,

Blaine A. Price,

Bashar NuseibehAuthors Info & Claims

IoT '16: Proceedings of the 6th International Conference on the Internet of Things

Pages 83 - 92

https://doi.org/10.1145/2991561.2991566

Published: 07 November 2016 Publication History

Abstract

The Internet of Things (IoT) systems are designed and developed either as standalone applications from the ground-up or with the help of IoT middleware platforms. They are designed to support different kinds of scenarios, such as smart homes and smart cities. Thus far, privacy concerns have not been explicitly considered by IoT applications and middleware platforms. This is partly due to the lack of systematic methods for designing privacy that can guide the software development process in IoT. In this paper, we propose a set of guidelines, a privacy by-design framework, that can be used to assess privacy capabilities and gaps of existing IoT applications as well as middleware platforms. We have evaluated two open source IoT middleware platforms, namely OpenIoT and Eclipse SmartHome, to demonstrate how our framework can be used in this way.

References

[1]

Philip A Bernstein. 1996. Middleware: A Model for Distributed System Services. Commun. ACM 39, 2 (feb 1996), 86--98.

Digital Library

[2]

Ljiljana Brankovic and Vladimir Estivill-castro. 1999. Privacy issues in knowledge discovery and data mining. In In Proc. of Australian Institute of Computer Ethics Conference (AICEC99. 89--99.

[3]

Ann Cavoukian. 2010. Resolution on Privacy by Design. In 32nd International Conference of Data Protection and Privacy Commissioners.

[4]

Amir Chaudhry, Jon Crowcroft, Heidi Howard, Anil Madhavapeddy, Richard Mortier, Hamed Haddadi, and Derek McAuley. 2015. Personal Data: Thinking Inside the Box. In 5th decennial Aarhus conferences (Aarhus 2015 Critical Alternatives).

Digital Library

[5]

Valentina Ciriani, Sabrina De Capitani Di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati. 2010. Combining Fragmentation and Encryption to Protect Privacy in Data Storage. ACM Trans. Inf. Syst. Secur. 13, 3 (jul 2010), 22:1----22:33.

Digital Library

[6]

Chris Clifton, Murat Kantarcio\vglu, AnHai Doan, Gunther Schadow, Jaideep Vaidya, Ahmed Elmagarmid, and Dan Suciu. 2004. Privacy-preserving Data Integration and Sharing. In Proceedings of the 9th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery (DMKD '04). ACM, New York, NY, USA, 19--26.

Digital Library

[7]

European Commission. 2015. Internet Of Things Iot Governance, Privacy And Security Issues European Research Cluster On The Internet Of Things. Technical Report.

[8]

Joan Daemen and Vincent Rijmen. 2002. The design of AES- the Advanced Encryption Standard. Spring{\-}er-Ver{\-}lag. 238 pages.

[9]

George Danezis, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Le Métayer, Rodica Tirtea, and Stefan Schiffner. 2014. Privacy and Data Protection by Design from policy to engineering. Technical Report. European Union Agency for Network and Information Security (ENISA). 1--79 pages.

[10]

Yves-Alexandre de Montjoye, Erez Shmueli, Samuel S Wang, and Alex Sandy Pentland. 2014. openPDS: Protecting the Privacy of Metadata through SafeAnswers. PLoS ONE 9, 7 (2014), e98790.

[11]

Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3--32.

Digital Library

[12]

C Efthymiou and G Kalogridis. 2010. Smart Grid Privacy via Anonymization of Smart Metering Data. In Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on. 238--243.

[13]

Federal Trade Commission. 2015. Internet of Things: Privacy and Security in a Connected World. Ftc staff report. Federal Trade Commission.

[14]

Caroline Fontaine and Fabien Galand. 2007. A Survey of Homomorphic Encryption for Nonspecialists. EURASIP J. Inf. Secur. 15 (jan 2007), 1--15.

[15]

Carl S French. 1996. Data Processing and Information Technology. Cengage Learning Business Press.

[16]

David Gascon. 2015. IoT Security Infographic Privacy, Authenticity, Confidentiality and Integrity of the Sensor Data. The Invisible Asset. Technical Report. Libelium.

[17]

Craig Gentry. 2009. Fully Homomorphic Encryption Using Ideal Lattices. In Proceedings of the 41 Annual ACM Symposium on Theory of Computing (STOC '09). ACM, NY, USA, 169--178.

Digital Library

[18]

Joao Girao, Dirk Westhoff, Einar Mykletun, and Toshinori Araki. 2007. TinyPEDS: Tiny Persistent Encrypted Data Storage in Asynchronous Wireless Sensor Networks. Ad Hoc Netw. 5, 7 (sep 2007), 1073--1089.

Digital Library

[19]

Yuri Gurevich, Efim Hudis, and Jeannette Wing. 2014. Inverse Privacy. Technical Report MSR-TR-2014-100.

[20]

Jaap-Henk Hoepman. 2014. Privacy Design Strategies. In ICT Systems Security and Privacy Protection, Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, and Thierry Sans (Eds.). IFIP Advances in Information and Communication Technology, Vol. 428. Springer Berlin Heidelberg, 446--459.

[21]

Michael Howard and Steve Lipner. 2006. The security development lifecycle: SDL, a process for developing demonstrably more secure software. Microsoft Press.

Digital Library

[22]

Prem Prakash Jayaraman, Charith Perera, Dimitrios Georgakopoulos, Schahram Dustdar, Dhavalkumar Thakker, and Rajiv Ranjan. 2016. Analytics-as-a-service in a multi-cloud environment through semantically-enabled hierarchical data processing. Software: Practice and Experience (aug 2016).

[23]

P Kotzanikolaou. 2008. Data Retention and Privacy in Electronic Communications. Security Privacy, IEEE 6, 5 (sep 2008), 46--52.

Digital Library

[24]

Bingdong Li, Esra Erdin, Mehmet Hadi Güne\cs, George Bebis, and Todd Shipley. 2011. Traffic Monitoring and Analysis: Third International Workshop, TMA 2011, Vienna, Austria, April 27, 2011. Proceedings. Springer Berlin Heidelberg, Berlin, Heidelberg, Chapter An Analysi, 108--121.

[25]

S Lindsey, C Raghavendra, and K M Sivalingam. 2002. Data gathering algorithms in sensor networks using energy metrics. Parallel and Distributed Systems, IEEE Transactions on 13, 9 (sep 2002), 924--935.

Digital Library

[26]

William Lowrance. 2003. Learning from experience: privacy and the secondary use of data in health research. Journal of Health Services Research & Policy 8, suppl 1 (2003), 2--7.

[27]

Y Ma, Y Guo, X Tian, and M Ghanem. 2011. Distributed Clustering-Based Aggregation Algorithm for Spatial Correlated Sensor Networks. IEEE Sensors Journal 11, 3 (mar 2011), 641--648.

[28]

Joe Oates, Chuck Kelley, and Les Barbusinski. 2002. What does granularity mean in the context of a data warehouse and what are the various levels of granularity? information-management.com. SourceMedia.

[29]

Ernesto Damiani; Francesco Pagano; Davide Pagano. 2011. iPrivacy: A Distributed Approach to Privacy on the Cloud. International Journal on Advances in Security 4, 3 (2011).

[30]

Charith Perera, Chi Harold Liu, and Srimal Jayawardena. 2015a. The Emerging Internet of Things Marketplace from an Industrial Perspective: A Survey. IEEE Transactions on Emerging Topics in Computing 3, 4 (2015), 585--598.

Digital Library

[31]

Charith Perera, Rajiv Ranjan, and Lizhe Wang. 2015b. End-to-End Privacy for Open Big Data Markets. IEEE Cloud Computing 2, 4 (jul 2015), 44--53.

[32]

Charith Perera, Rajiv Ranjan, Lizhe Wang, Samee U. Khan, and Albert Y. Zomaya. 2015c. Big data privacy in the internet of things era. IT Professional 17, 3 (2015), 32--39.

Digital Library

[33]

Charith Perera, Dumidu Talagala, Chi Harold Liu, and Julio C. Estrella. 2015d. Energy-Efficient Location and Activity-Aware On-Demand Mobile Distributed Sensing Platform for Sensing as a Service in IoT Clouds. IEEE Transactions on Computational Social Systems 2, 4 (dec 2015), 171--181.

[34]

Charith Perera, Arkady Zaslavsky, Peter Christen, and Dimitrios Georgakopoulos. 2014. Context Aware Computing for The Internet of Things: A Survey. Communications Surveys Tutorials, IEEE 16, 1 (2014), 414--454.

[35]

Shauna Michelle Policicchio and Attila A Yavuz. 2015. Preventing Memory Access Pattern Leakage in Searchable Encryption. In iConference 2015 Proceedings. iSchools.

[36]

Dorian Pyle. 1999. Data preparation for data mining. Morgan Kaufmann Publishers, San Francisco, Calif.

Digital Library

[37]

R Rajagopalan and P K Varshney. 2006. Data-aggregation techniques in sensor networks: A survey. Communications Surveys Tutorials, IEEE 8, 4 (2006), 48--63.

Digital Library

[38]

Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Computer Networks 57, 10 (2013), 2266--2279.

Digital Library

[39]

S. Spiekermann and L.F. Cranor. 2009. Engineering Privacy. IEEE Transactions on Software Engineering 35, 1 (jan 2009), 67--82.

Digital Library

[40]

Mark Stanislav and Tod Beardsley. 2015. HACKING IoT: A Case Study on Baby Monitor Exposures and Vulnerabilities. Technical Report. Rapid7.

[41]

Jun-Zhao Sun. 2009. Adaptive Determination of Data Granularity for QoS-Constraint Data Gathering in Wireless Sensor Networks. In Ubiquitous, Autonomic and Trusted Computing, 2009. UIC-ATC '09. Symposia and Workshops on. 401--405.

Digital Library

[42]

TRUSTe. 2016. Privacy Assessments & Certifications Overview. Datasheets.

Cited By

Del-Real CDe Busser Evan den Berg B(2025)A systematic literature review of security and privacy by design principles, norms, and strategies for digital technologiesInternational Review of Law, Computers & Technology10.1080/13600869.2025.2457227(1-32)Online publication date: 31-Jan-2025
https://doi.org/10.1080/13600869.2025.2457227
Alsayed Kassem JMüller TEsterhuyse CKebede MOsseyran AGrosso P(2025)The EPI frameworkFuture Generation Computer Systems10.1016/j.future.2024.107550165:COnline publication date: 1-Apr-2025
https://dl.acm.org/doi/10.1016/j.future.2024.107550
Doan T(2025)Towards a Privacy Trade-Off AssessmentAdvances in Information and Communication10.1007/978-3-031-85363-0_38(625-637)Online publication date: 5-Mar-2025
https://doi.org/10.1007/978-3-031-85363-0_38
Show More Cited By

Index Terms

Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms

Recommendations

Privacy and Security Challenges in Internet of Things
ICDCIT 2015: Proceedings of the 11th International Conference on Distributed Computing and Internet Technology - Volume 8956

Internet of Things IoT envisions as a global network, connecting any objects around us, ranging from home appliances, wearable things to military applications. With IoT infrastructure, physical objects such as wearable objects, television, refrigerator, ...
Privacy preserving Internet of Things

The Internet of Things (IoT) is the latest web evolution that incorporates billions of devices that are owned by different organisations and people who are deploying and using them for their own purposes. IoT-enabled harnessing of the information that ...
Designing privacy-aware internet of things applications
Highlights
- We evaluate how a proposed set of privacy guidelines can be used to effectively improve the IoT application designs. In support of this, we integrate the ...
Abstract
Internet of Things (IoT) applications typically collect and analyse personal data that can be used to derive sensitive information about individuals. However, thus far, privacy concerns have not been explicitly considered in software ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IoT '16: Proceedings of the 6th International Conference on the Internet of Things

November 2016

186 pages

ISBN:9781450348140

DOI:10.1145/2991561

Conference Chairs:
Albrecht Schmidt
University of Stuttgart, Germany
,
Florian Michahelles
Siemens Corporate Technology, USA
,
Stefan Schneegass
University of Stuttgart, Germany
,
Program Chairs:
Mareike Kritzler
Siemens Corporate Technology, USA
,
Alexander Ilic
University of St. Gallen/ ETH Zurich, CH
,
Kai Kunze
Keio Media Design, JP

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

Universität Stuttgart: Universität Stuttgart

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

European Research Council

Conference

IoT'16

IoT'16: The 6th International Conference on the Internet of Things

November 7 - 9, 2016

Stuttgart, Germany

Acceptance Rates

Overall Acceptance Rate 28 of 84 submissions, 33%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

85
Total Citations
View Citations
1,268
Total Downloads

Downloads (Last 12 months)92
Downloads (Last 6 weeks)6

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Del-Real CDe Busser Evan den Berg B(2025)A systematic literature review of security and privacy by design principles, norms, and strategies for digital technologiesInternational Review of Law, Computers & Technology10.1080/13600869.2025.2457227(1-32)Online publication date: 31-Jan-2025
https://doi.org/10.1080/13600869.2025.2457227
Alsayed Kassem JMüller TEsterhuyse CKebede MOsseyran AGrosso P(2025)The EPI frameworkFuture Generation Computer Systems10.1016/j.future.2024.107550165:COnline publication date: 1-Apr-2025
https://dl.acm.org/doi/10.1016/j.future.2024.107550
Doan T(2025)Towards a Privacy Trade-Off AssessmentAdvances in Information and Communication10.1007/978-3-031-85363-0_38(625-637)Online publication date: 5-Mar-2025
https://doi.org/10.1007/978-3-031-85363-0_38
Shaheen YHornos MRodríguez-Domínguez C(2025)Addressing Privacy Challenges in Internet of Things (IoT) ApplicationsAmbient Intelligence – Software and Applications – 15th International Symposium on Ambient Intelligence10.1007/978-3-031-83117-1_5(45-54)Online publication date: 27-Feb-2025
https://doi.org/10.1007/978-3-031-83117-1_5
Aljeraisy ARana OPerera C(2024)Empowering IoT Developers with Privacy-Preserving End-User Development ToolsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785888:3(1-47)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678588
Turchet L(2024)Entangled Internet of Musical Things and People: A More-Than-Human Design Framework for Networked Musical EcosystemsIEEE Transactions on Technology and Society10.1109/TTS.2024.34435405:4(355-367)Online publication date: Dec-2024
https://doi.org/10.1109/TTS.2024.3443540
Antunes PGuimarães N(2024)Guiding the implementation of data privacy with microservicesInternational Journal of Information Security10.1007/s10207-024-00907-y23:6(3591-3608)Online publication date: 23-Aug-2024
https://doi.org/10.1007/s10207-024-00907-y
Parrilli DParrilli D(2024)An Ethical Approach to Privacy for Service DesignInformational Privacy for Service Design10.1007/978-3-031-76926-9_4(65-88)Online publication date: 10-Nov-2024
https://doi.org/10.1007/978-3-031-76926-9_4
Abdulghani HCollen ANijdam N(2023)Guidance Framework for Developing IoT-Enabled Systems’ CybersecuritySensors10.3390/s2308417423:8(4174)Online publication date: 21-Apr-2023
https://doi.org/10.3390/s23084174
Semantha FAzam SShanmugam BYeo K(2023)PbDinEHR: A Novel Privacy by Design Developed Framework Using Distributed Data Storage and Sharing for Secure and Scalable Electronic Health Records ManagementJournal of Sensor and Actuator Networks10.3390/jsan1202003612:2(36)Online publication date: 13-Apr-2023
https://doi.org/10.3390/jsan12020036
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten