Performance Evaluation of the Policy Enforcement Fog Module for Protecting Privacy of IoT Data

The rapid development of the Internet of Things (IoT) results in generating massive amounts of data. Significant portions of these data are sensitive since they reflect (directly or indirectly) peoples' behaviors, interests, lifestyles, etc. Protecting sensitive IoT data from privacy violations is a challenge since these data need to be communicated, processed, analyzed, and stored by public networks, servers, and clouds; most of them are untrusted parties for data owners. We propose a solution for protecting sensitive IoT data called Policy Enforcement Fog Module (PEFM). The major task of the PEFM solution is mandatory enforcement of privacy policies for sensitive IoT data—wherever these data are accessed throughout their entire lifecycle. The key feature of PEFM is its placement within the fog computing infrastructure, which assures that PEFM operates as closely as possible to data sources within the edge. PEFM enforces policies directly for local IoT applications. In contrast, for remote applications, PEFM provides a self-protecting mechanism based on creating and disseminating Active Data Bundles (ADBs). ADBs are software constructs bundling inseparably sensitive data, their privacy policies, and an execution engine able to enforce privacy policies. To prove effectiveness and efficiency of the proposed module, we developed a smart home proof-of-concept scenario. We investigate privacy threats for sensitive IoT data. We run simulation experiments, based on network calculus, for testing performance of the PEFM controls for different network configurations. The results of the simulation show that—even with using from 1 to 5 additional privacy policies for improved data privacy—penalties in terms of execution time and delay are reasonable (approx. 12-15% and 13-19%, respectively). The results also show that PEFM is scalable regarding the number of the real-time constraints for real-time IoT applications.

[1]  Ramaswamy Chandramouli,et al.  Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) , 2016, ABAC '16.

[2]  Deborah Estrin,et al.  Personal data vaults: a locus of control for personal data streams , 2010, CoNEXT.

[3]  Weisong Shi,et al.  Edge Computing: Vision and Challenges , 2016, IEEE Internet of Things Journal.

[4]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[5]  Ken Barker,et al.  A Data Privacy Taxonomy , 2009, BNCOD.

[6]  Joao P. S. Catalao,et al.  Smart Home Communication Technologies and Applications: Wireless Protocol Assessment for Home Area Network Resources , 2015 .

[7]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[8]  Mahadev Satyanarayanan,et al.  Privacy Mediators: Helping IoT Cross the Chasm , 2016, HotMobile.

[9]  Jim Kurose,et al.  Computer Networking: A Top-Down Approach , 1999 .

[10]  Leszek Lilien,et al.  Protecting Privacy of Sensitive Data Dissemination Using Active Bundles , 2009, 2009 World Congress on Privacy, Security, Trust and the Management of e-Business.

[11]  Nigel Davies,et al.  Preserving Privacy in Environments with Location-Based Applications , 2003, IEEE Pervasive Comput..

[12]  Raja Lavanya,et al.  Fog Computing and Its Role in the Internet of Things , 2019, Advances in Computer and Electrical Engineering.

[13]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[14]  Leszek Lilien,et al.  Active bundles for protecting confidentiality of sensitive data throughout their lifecycle , 2010 .

[15]  Hamid Reza Arkian,et al.  MIST: Fog-based data analytics scheme with cost-efficient resource provisioning for IoT crowdsensing applications , 2017, J. Netw. Comput. Appl..

[16]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[17]  Leszek Lilien,et al.  Pushing Data Privacy Control to the Edge in IoT Using Policy Enforcement Fog Module , 2017, UCC.

[18]  Susana Alcalde Bagüés,et al.  Sentry@Home - Leveraging the Smart Home for Privacy in Pervasive Computing , 2007 .

[19]  Stéphane Betgé-Brezetz,et al.  Privacy control in the cloud based on multilevel policy enforcement , 2012, 2012 IEEE 1st International Conference on Cloud Networking (CLOUDNET).

[20]  Marthony Taguinod,et al.  Policy-driven security management for fog computing: Preliminary framework and a case study , 2014, Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014).

[21]  Helen J. Wang,et al.  Enabling Fine-Grained Permissions for Augmented Reality Applications with Recognizers , 2013, USENIX Security Symposium.