PSSST! The Privacy System for Smart Service Platforms: An Enabler for Confidable Smart Environments

The Internet of Things and its applications are becoming increasingly popular. Especially Smart Service Platforms like Alexa are in high demand. Such a platform retrieves data from sensors, processes them in a back-end, and controls actuators in accordance with the results. Thereby, all aspects of our everyday life can be managed. In this paper, we reveal the downsides of this technology by identifying its privacy threats based on a real-world application. Our studies show that current privacy systems do not tackle these issues adequately. Therefore, we introduce PSSST!, a user-friendly and comprehensive privacy system for Smart Service Platforms limiting the amount of disclosed private information while maximizing the quality of service at the same time.

[1]  Frank Dürr,et al.  Preserving Privacy and Quality of Service in Complex Event Processing through Event Reordering , 2018, DEBS.

[2]  Menno D. T. de Jong,et al.  The privacy paradox - Investigating discrepancies between expressed privacy concerns and actual online behavior - A systematic literature review , 2017, Telematics Informatics.

[3]  Lorrie Faith Cranor,et al.  Designing Effective Privacy Notices and Controls , 2017, IEEE Internet Computing.

[4]  Osman Abul,et al.  A top-down k-anonymization implementation for apache spark , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[5]  Bernhard Mitschang,et al.  Curator --- a secure shared object store: design, implementation, and evaluation of a manageable, secure, and performant data exchange mechanism for smart devices , 2018, SAC.

[6]  Kian-Lee Tan,et al.  ACStream: Enforcing Access Control over Data Streams , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[7]  Rafik A. Goubran,et al.  Privacy versus autonomy: A tradeoff model for smart home monitoring technologies , 2011, 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[8]  Bernhard Mitschang,et al.  BRAID - A Hybrid Processing Architecture for Big Data , 2018, DATA.

[9]  Refik Molva,et al.  CHARIOT: Cloud-Assisted Access Control for the Internet of Things , 2018, 2018 16th Annual Conference on Privacy, Security and Trust (PST).

[10]  Kevin R. B. Butler,et al.  PAL: A pseudo assembly language for optimizing secure function evaluation in mobile devices , 2018, J. Inf. Secur. Appl..

[11]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[12]  Bernhard Mitschang,et al.  ACCESSORS - A Data-Centric Permission Model for the Internet of Things , 2018, ICISSP.

[13]  Stefan Wagner,et al.  Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to Elicit Privacy Risks in eHealth , 2017, 2017 IEEE 25th International Requirements Engineering Conference Workshops (REW).

[14]  Hua Wang,et al.  Privacy-Preserving Task Recommendation Services for Crowdsourcing , 2021, IEEE Transactions on Services Computing.

[15]  Christoph Reich,et al.  Access Rules Enhanced by Dynamic IIoT Context , 2018, IoTBDS.

[16]  Douglas A. Orr,et al.  Alexa, did you get that? Determining the evidentiary value of data stored by the Amazon® Echo , 2018, Digit. Investig..

[17]  S. Sudarshan,et al.  Redundancy and information leakage in fine-grained access control , 2006, SIGMOD Conference.

[18]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[19]  David M. Eyers,et al.  DEFCON: High-Performance Event Processing with Information Security , 2010, USENIX Annual Technical Conference.

[20]  Bernhard Mitschang,et al.  THOR - Ein Datenschutzkonzept für die Industrie 4.0 , 2018, GI-Jahrestagung.

[21]  Todd D. Millstein,et al.  Dr. Android and Mr. Hide: fine-grained permissions in android applications , 2012, SPSM '12.

[22]  Pascal Hirmer,et al.  Towards a Rule-based Manufacturing Integration Assistant☆ , 2016 .

[23]  Refik Molva,et al.  Privacy-preserving delegable authentication in the internet of things , 2019, SAC.

[24]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[25]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[26]  Nick Feamster,et al.  User Perceptions of Smart Home IoT Privacy , 2018, Proc. ACM Hum. Comput. Interact..

[27]  Sanjay Garg,et al.  Preserving output-privacy in data stream classification , 2017, Progress in Artificial Intelligence.

[28]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[29]  Silvia Santini,et al.  Predicting household occupancy for smart heating control: A comparative performance analysis of state-of-the-art approaches , 2014 .

[30]  Shruti Sannon,et al.  "Alexa is my new BFF": Social Roles, User Satisfaction, and Personification of the Amazon Echo , 2017, CHI Extended Abstracts.

[31]  Christoph Stach,et al.  Recommender-based privacy requirements elicitation - EPICUREAN: an approach to simplify privacy settings in IoT applications with respect to the GDPR , 2019, SAC.

[32]  Christoph Stach Big Brother is Smart Watching You - Privacy Concerns about Health and Fitness Applications , 2018, ICISSP.

[33]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[34]  Sangjin Lee,et al.  Digital Forensic Approaches for Amazon Alexa Ecosystem , 2017, Digit. Investig..

[35]  Stefanie Betz,et al.  Citizen Empowerment by a Technical Approach for Privacy Enforcement , 2018, CLOSER.

[36]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[37]  Ji Zhang,et al.  On Efficient and Robust Anonymization for Privacy Protection on Massive Streaming Categorical Information , 2017, IEEE Transactions on Dependable and Secure Computing.

[38]  Frank Dürr,et al.  How a Pattern-based Privacy System Contributes to Improve Context Recognition , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[39]  Diane J. Cook,et al.  Keeping the Resident in the Loop: Adapting the Smart Home to the User , 2009, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[40]  Bernhard Mitschang,et al.  Privacy Management for Mobile Platforms -- A Review of Concepts and Approaches , 2013, 2013 IEEE 14th International Conference on Mobile Data Management.

[41]  Bernhard Mitschang,et al.  The AVARE PATRON - A Holistic Privacy Approach for the Internet of Things , 2018, ICETE.

[42]  Jeffrey M. Voas,et al.  “Alexa, Can I Trust You?” , 2017, Computer.

[43]  Bernhard Mitschang,et al.  The AVARE PATRON - A Holistic Privacy Approach for the Internet of Things , 2018 .

[44]  Dawn Xiaodong Song,et al.  Towards Practical Differential Privacy for SQL Queries , 2017, Proc. VLDB Endow..