A data privacy model based on internet of things and cyber-physical systems reference architectures

Data privacy concerns in the Internet of Things (IoT) and cyber - physical systems (CPS) are real, valid and accentuated. In this paper it is argued that data privacy compliance in IoT and CPS should be addressed at both technical and non-technical levels. Methods to ensure data privacy protection based on both system and organisational reference architectures are therefore required. Based on an analysis of existing reference architectures for IoT and CPS, this paper proposes a consolidated architecture relevant for ensuring data privacy for both IoT and CPS. The proposed architecture is then combined with an enterprise architecture reference framework to propose a data privacy model for IoT and CPS with a focus on both organisational and technological features and positioned to guide compliance with the South African Protection of Personal Information Act 4 of 2013 (POPI Act).1

[1]  Ilya Kabanov Effective frameworks for delivering compliance with personal data privacy regulatory requirements , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[2]  Jay Lee,et al.  A Cyber-Physical Systems architecture for Industry 4.0-based manufacturing systems , 2015 .

[3]  Saraswathy Shamini Gunasekaran,et al.  A conceptual privacy framework for privacy-aware IoT health applications , 2017 .

[4]  Bruce Murphy,et al.  Enterprise Security Architecture , 2000, Inf. Secur. J. A Glob. Perspect..

[5]  George R. Milne,et al.  Internet of Things: Convenience vs. privacy and secrecy , 2015 .

[6]  Towards a definition of the Internet of Things ( IoT ) , 2015 .

[7]  Jayashree Agarkhed SECURITY AND PRIVACY OF CYBER PHYSICAL SYSTEMS IN IOT USING CLOUD INFRASTRUCTURE , 2017 .

[8]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[9]  Peter M. Corcoran,et al.  A privacy framework for the Internet of Things , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[10]  N. Jazdi,et al.  Cyber physical systems in the context of Industry 4.0 , 2014, 2014 IEEE International Conference on Automation, Quality and Testing, Robotics.

[11]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[12]  F. Cate The Failure of Fair Information Practice Principles , 2006 .

[13]  Sadie Creese,et al.  Human Aspects of Information Security, Privacy, and Trust , 2015, Lecture Notes in Computer Science.

[14]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[15]  David Billard,et al.  PISCES: A framework for privacy by design in IoT , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[16]  Lihui Wang,et al.  Current status and advancement of cyber-physical systems in manufacturing , 2015 .

[17]  Michael Weyrich,et al.  Reference Architectures for the Internet of Things , 2016, IEEE Software.

[18]  Alexander Verl,et al.  Making existing production systems Industry 4.0-ready , 2015, Prod. Eng..

[19]  Benjamin Gerber,et al.  Conceptualizing privacy , 2010, CSOC.

[20]  Anitha Varghese,et al.  Wireless requirements and challenges in Industry 4.0 , 2014, 2014 International Conference on Contemporary Computing and Informatics (IC3I).

[21]  Andreas Jacobsson,et al.  Towards a model of privacy and security for smart homes , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[22]  Atefeh Torkaman,et al.  Analyzing IoT Reference Architecture Models , 2016 .

[23]  Luming Tan,et al.  Future internet: The Internet of Things , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[24]  Stephen S. Yau,et al.  A Reference Architecture for Improving Security and Privacy in Internet of Things Applications , 2014, 2014 IEEE International Conference on Mobile Services.

[25]  Philip N. Howard,et al.  A Case of Mistaken Identity? News Accounts of Hacker, Consumer, and Organizational Responsibility for Compromised Digital Records , 2007, J. Comput. Mediat. Commun..

[26]  F BabiceanuRadu,et al.  Big Data and virtualization for manufacturing cyber-physical systems , 2016 .

[27]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[28]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[29]  Bashar Nuseibeh,et al.  Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms , 2016, IOT.

[30]  Kush Wadhwa,et al.  Privacy Impact Assessment and Risk Management , 2013 .

[31]  Manfred Broy Cyber-Physical Systems , 2010 .

[32]  Miao Wu,et al.  Research on the architecture of Internet of Things , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[33]  Zhendong Ma,et al.  Security Viewpoint in a Reference Architecture Model for Cyber-Physical Production Systems , 2017, 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[34]  Joseph Gray Jackson,et al.  Privacy and Freedom , 1968 .

[35]  Maarten H. Everts,et al.  Designing Privacy-by-Design , 2012, APF.

[36]  Manfred Broy,et al.  Cyber-physical systems : Innovation durch softwareintensive eingebettete systeme , 2010 .

[37]  Paula Kotzé,et al.  Are organisations in South Africa ready to comply with personal data protection or privacy legislation and regulations? , 2017, 2017 IST-Africa Week Conference (IST-Africa).

[38]  Liviu Miclea,et al.  About dependability in cyber-physical systems , 2011, 2011 9th East-West Design & Test Symposium (EWDTS).

[39]  Max Mühlhäuser,et al.  End-2-End privacy architecture for IoT , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[40]  Malte Brettel,et al.  How Virtualization, Decentralization and Network Building Change the Manufacturing Landscape: An Industry 4.0 Perspective , 2014 .

[41]  The Industrial Internet of Things Volume G1: Reference Architecture , 2019 .

[42]  Mumbai,et al.  Internet of Things (IoT): A Literature Review , 2015 .

[43]  Sarah Spiekermann,et al.  Privacy-by-Design through Systematic Privacy Impact Assessment - a Design Science Approach , 2012, ECIS.

[44]  Remzi Seker,et al.  Big Data and virtualization for manufacturing cyber-physical systems: A survey of the current status and future outlook , 2016, Comput. Ind..

[45]  Ulrich Lang,et al.  A Cybermodel for Privacy by Design: Building privacy protection into consumer electronics , 2015, IEEE Consumer Electronics Magazine.

[46]  Ilaria Torre,et al.  A framework for personal data protection in the IoT , 2016, 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST).

[47]  D. Davis The Constitution of the Republic of South Africa, 1993, Act 108 of 1996 , 1997 .

[48]  Thomas Magedanz,et al.  TRESCIMO: European union and South African Smart City contextual dimensions , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[49]  Ramjee Prasad,et al.  Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) , 2010, CNSA.

[50]  Athanasios V. Vasilakos,et al.  The Quest for Privacy in the Internet of Things , 2016, IEEE Cloud Computing.

[51]  Virgílio A. F. Almeida,et al.  Governance Challenges for the Internet of Things , 2015, IEEE Internet Computing.

[52]  John A. Stankovic,et al.  Research Directions for the Internet of Things , 2014, IEEE Internet of Things Journal.