On the Case of Privacy in the IoT Ecosystem: A Survey

IoT has enabled the creation of a multitude of personal applications and services for a better understanding of urban environments and our personal lives. These services are driven by the continuous collection and analysis of user data in order to provide personalized experiences. However, there is a strong need to address user privacy concerns as most of the collected data is of sensitive nature. This paper provides an overview of privacy preservation techniques and solutions proposed so far in literature along with the IoT levels at which privacy is addressed by each solution as well as their robustness to privacy breaching attacks. An analysis of functional and non-functional limitations of each solution is done, followed by a short survey of machine learning applications designed with these solutions. We identify open issues in the privacy preserving solutions when used in IoT environments. Moreover, we note that most of the privacy preservation solutions need to be adapted in the light of GDPR to accommodate the right to privacy of the users.

[1]  Nishtha Madaan,et al.  Data integration in IoT ecosystem: Information linkage as a privacy threat , 2018, Comput. Law Secur. Rev..

[2]  Paul Voigt,et al.  The EU General Data Protection Regulation (GDPR) , 2017 .

[3]  Feiyang Sun,et al.  Beyond Open vs. Closed: Balancing Individual Privacy and Public Accountability in Data Sharing , 2019, FAT.

[4]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[5]  Michael Veale,et al.  Algorithms that remember: model inversion attacks and data protection law , 2018, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[6]  Reza Shokri,et al.  Comprehensive Privacy Analysis of Deep Learning: Stand-alone and Federated Learning under Passive and Active White-box Inference Attacks , 2018, ArXiv.

[7]  Prem Prakash Jayaraman,et al.  Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation , 2017, Future Gener. Comput. Syst..

[8]  J. Voelcker,et al.  Stalked by satellite - an alarming rise in GPS-enabled harassment , 2006, IEEE Spectrum.

[9]  Kuan Eeik Tan,et al.  Federated Collaborative Filtering for Privacy-Preserving Personalized Recommendation System , 2019, ArXiv.

[10]  Anne-Marie Kermarrec,et al.  I Know Nothing about You But Here is What You Might Like , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[11]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[12]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[13]  Chin-Chen Chang,et al.  Privacy-Preserving Algorithms for Multiple Sensitive Attributes Satisfying t-Closeness , 2018, Journal of Computer Science and Technology.

[14]  Armando Solar-Lezama,et al.  A language for automatically enforcing privacy policies , 2012, POPL '12.

[15]  Alex Padron,et al.  Multiparty Homomorphic Encryption , 2016 .

[16]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[17]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[18]  Serge Vaudenay,et al.  Cryptanalysis of a homomorphic encryption scheme , 2017, Cryptography and Communications.

[19]  Tsvi Kuflik,et al.  Enhancing privacy and preserving accuracy of a distributed collaborative filtering , 2007, RecSys '07.

[20]  Nuno Santos,et al.  HomePad: A Privacy-Aware Smart Hub for Home Environments , 2018, 2018 IEEE/ACM Symposium on Edge Computing (SEC).

[21]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[22]  Martín Abadi,et al.  Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data , 2016, ICLR.

[23]  H. Jeff Smith,et al.  Information Privacy: Measuring Individuals' Concerns About Organizational Practices , 1996, MIS Q..

[24]  Peter Richtárik,et al.  Federated Learning: Strategies for Improving Communication Efficiency , 2016, ArXiv.

[25]  Angus Roberts,et al.  Development and evaluation of a de-identification procedure for a case register sourced from mental health electronic records , 2013, BMC Medical Informatics and Decision Making.

[26]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[27]  Chen Wang,et al.  On the Performance of $k$ -Anonymity Against Inference Attacks With Background Information , 2019, IEEE Internet of Things Journal.

[28]  Vitaly Shmatikov,et al.  Membership Inference Attacks Against Machine Learning Models , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[29]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[30]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[31]  Nick Feamster,et al.  Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic , 2017, ArXiv.

[32]  Kim-Kwang Raymond Choo,et al.  Privacy-aware smart city: A case study in collaborative filtering recommender systems , 2018, J. Parallel Distributed Comput..

[33]  Taghi M. Khoshgoftaar,et al.  A Survey of Collaborative Filtering Techniques , 2009, Adv. Artif. Intell..

[34]  Sarvar Patel,et al.  Practical Secure Aggregation for Privacy-Preserving Machine Learning , 2017, IACR Cryptol. ePrint Arch..

[35]  Michael P. Wellman,et al.  SoK: Security and Privacy in Machine Learning , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[36]  Ameet Talwalkar,et al.  Federated Multi-Task Learning , 2017, NIPS.

[37]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[38]  Zhenguo Li,et al.  Federated Meta-Learning for Recommendation , 2018, ArXiv.

[39]  Deborah A. Nichols,et al.  Strategies for De-identification and Anonymization of Electronic Health Record Data for Use in Multicenter Research Studies , 2012, Medical care.

[40]  Sachin Shetty,et al.  ProvChain: A Blockchain-Based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability , 2017, 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID).

[41]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[42]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[43]  Charles Elkan,et al.  Differential Privacy and Machine Learning: a Survey and Review , 2014, ArXiv.

[44]  Úlfar Erlingsson,et al.  The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets , 2018, ArXiv.

[45]  Tianjian Chen,et al.  Federated Machine Learning: Concept and Applications , 2019 .

[46]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[47]  Latifur Khan,et al.  Decentralized IoT Data Management Using BlockChain and Trusted Execution Environment , 2018, 2018 IEEE International Conference on Information Reuse and Integration (IRI).

[48]  Raymond Chi-Wing Wong,et al.  (α, k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing , 2006, KDD '06.

[49]  Morteza Zadimoghaddam,et al.  Fast Distributed Submodular Cover: Public-Private Data Summarization , 2016, NIPS.

[50]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[51]  Suman Jana,et al.  On the Connection between Differential Privacy and Adversarial Robustness in Machine Learning , 2018, ArXiv.

[52]  Vitaly Shmatikov,et al.  Chiron: Privacy-preserving Machine Learning as a Service , 2018, ArXiv.

[53]  Anca D. Dragan,et al.  Model Reconstruction from Model Explanations , 2018, FAT.

[54]  Samuel Marchal,et al.  PRADA: Protecting Against DNN Model Stealing Attacks , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[55]  Barbara Carminati,et al.  Decentralizing Privacy Enforcement for Internet of Things Smart Objects , 2018, Comput. Networks.

[56]  Andriy Koval,et al.  "Real-World" De-Identification of High-Dimensional Transactional Health Datasets , 2019, ITCH.

[57]  Chen Wang,et al.  ILLIA: Enabling $k$ -Anonymity-Based Privacy Preserving Against Location Injection Attacks in Continuous LBS Queries , 2018, IEEE Internet of Things Journal.

[58]  Vitaly Feldman,et al.  Privacy-preserving Prediction , 2018, COLT.

[59]  Jimeng Sun,et al.  Publishing data from electronic health records while preserving privacy: A survey of algorithms , 2014, J. Biomed. Informatics.

[60]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[61]  Sampath Kannan,et al.  Privacy-Preserving Data Analysis for the Federal Statistical Agencies , 2017, ArXiv.

[62]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[63]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[64]  Joseph Gray Jackson,et al.  Privacy and Freedom , 1968 .

[65]  Kim-Kwang Raymond Choo,et al.  Blockchain in healthcare applications: Research challenges and opportunities , 2019, J. Netw. Comput. Appl..

[66]  Shafi Goldwasser,et al.  Machine Learning Classification over Encrypted Data , 2015, NDSS.

[67]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[68]  Michael P. Wellman,et al.  Towards the Science of Security and Privacy in Machine Learning , 2016, ArXiv.

[69]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[70]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[71]  Yen-Kuang Chen,et al.  Challenges and opportunities of internet of things , 2012, 17th Asia and South Pacific Design Automation Conference.

[72]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[73]  Jin Wang,et al.  An improved anonymity model for big data security based on clustering algorithm , 2017, Concurr. Comput. Pract. Exp..

[74]  Sachin Shetty,et al.  Towards data assurance and resilience in IoT using blockchain , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[75]  Patrick D. McDaniel,et al.  Program Analysis of Commodity IoT Applications for Security and Privacy , 2018, ACM Comput. Surv..

[76]  Edward W. Felten,et al.  A Precautionary Approach to Big Data Privacy , 2016 .

[77]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[78]  Gregory W. Wornell,et al.  Efficient homomorphic encryption on integer vectors and its applications , 2014, 2014 Information Theory and Applications Workshop (ITA).

[79]  Binghui Wang,et al.  Stealing Hyperparameters in Machine Learning , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[80]  Emiliano De Cristofaro,et al.  LOGAN: Membership Inference Attacks Against Generative Models , 2017, Proc. Priv. Enhancing Technol..