Preventing Disclosure of Personal Data in IoT Networks

Sharing data among applications is a growing phenomenon. With the IoT, this phenomenon becomes more significant. As already studied in social networks, data sharing has the drawback of privacy risks. Authorization protocols and cryptographic systems may not be enough to ensure that user data and metadata are not used for non-legitimate purposes. There are different scenarios and several personal data management proposals aimed to improve privacy protection. However, a risk that is always present is related to the possibility of processing and aggregating public and authorized data to infer sensitive information and data that the user may not want to share. These approaches, often called inference attacks, concern the disclosure of personal user data and have been widely studied in social networks. In this paper we describe the problem and some techniques to face it, showing its relevance in the IoT. Then we present the concept of an Adaptive Inference Discovery Service AID-S, conceived as a service that may support users to prevent this kind of information leakage and that can be integrated into personal data managers.

[1]  Hongyang Zhang,et al.  Square-root unscented Kalman filtering-based localization and tracking in the Internet of Things , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[2]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[3]  Yunchuan Sun,et al.  Constructing the Web of Events from raw data in the Web of Things , 2014, Mob. Inf. Syst..

[4]  Gary Steri,et al.  Privacy leakages in Smart Home wireless technologies , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[5]  Nan Zhang,et al.  Privacy Disclosure from Wearable Devices , 2015, PAMCO '15.

[6]  Bhavani M. Thuraisingham,et al.  Preventing Private Information Inference Attacks on Social Networks , 2013, IEEE Transactions on Knowledge and Data Engineering.

[7]  G. Singaravel,et al.  AN ANALYSIS OF PRIVACY RISKS AND DESIGN PRINCIPLES FOR DEVELOPING COUNTERMEASURES IN PRIVACY PRESERVING SENSITIVE DATA PUBLISHING , 2014 .

[8]  Mohamed Shehab,et al.  Policy-by-example for online social networks , 2012, SACMAT '12.

[9]  Andy Crabtree Enabling the New Economic Actor: Personal Data Regulation and the Digital Economy , 2016, 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW).

[10]  Roksana Boreli,et al.  On the Effectiveness of Obfuscation Techniques in Online Social Networks , 2014, Privacy Enhancing Technologies.

[11]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[12]  Dorothy E. Denning,et al.  Inference Controls for Statistical Databases , 1983, Computer.

[13]  Reihaneh Safavi-Naini,et al.  Privacy and Utility of Inference Control Mechanisms for Social Computing Applications , 2016, AsiaCCS.

[14]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[15]  Ilaria Torre,et al.  Escaping the Big Brother: An empirical study on factors influencing identification and information leakage on the Web , 2014, J. Inf. Sci..

[16]  Corrado Moiso,et al.  Building an Eco-System of Trusted Services via User Control and Transparency on Personal Data , 2015, IFIPTM.

[17]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[18]  Mahmoud Elkhodr,et al.  A semantic obfuscation technique for the Internet of Things , 2014, 2014 IEEE International Conference on Communications Workshops (ICC).

[19]  Bhavani M. Thuraisingham,et al.  Secure Data Provenance and Inference Control with Semantic Web , 2014 .

[20]  Esma Aïmeur,et al.  Privacy Framework for Peer Affective Feedback , 2013, 2013 International Conference on Signal-Image Technology & Internet-Based Systems.

[21]  Mary Beth Rosson,et al.  Paradox of the active user , 1987 .

[22]  Ilaria Torre,et al.  User data discovery and aggregation: The CS-UDD algorithm , 2014, Inf. Sci..

[23]  Simon Thiel,et al.  di.me: Ontologies for a Pervasive Information System , 2014, ESWC.

[24]  Hao Chen,et al.  On the Practicality of Motion Based Keystroke Inference Attack , 2012, TRUST.

[25]  Riaan Rudman,et al.  Web 3.0: Governance, Risks and Safeguards , 2015 .

[26]  Maria E. Niessen,et al.  Monitoring Activities of Daily Living in Smart Homes: Understanding human behavior , 2016, IEEE Signal Processing Magazine.

[27]  Mani B. Srivastava,et al.  Inference management, trust and obfuscation principles for quality of information in emerging pervasive environments , 2014, Pervasive Mob. Comput..

[28]  Hamed Haddadi,et al.  Privacy-Aware Infrastructure for Managing Personal Data , 2016, SIGCOMM.

[29]  Hamed Haddadi,et al.  Personal Data: Thinking Inside the Box , 2015, Aarhus Conference on Critical Alternatives.

[30]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).