User-centric Privacy Engineering for the Internet of Things

User privacy concerns are widely regarded as a key obstacle to the success of modern smart cyber-physical systems. In this paper, we analyse, through an example, some of the requirements that future data collection architectures of these systems should implement to provide effective privacy protection for users. Then, we give an example of how these requirements can be implemented in a smart home scenario. Our example architecture allows the user to balance the privacy risks with the potential benefits and take a practical decision determining the extent of the sharing. Based on this example architecture, we identify a number of challenges that must be addressed by future data processing systems in order to achieve effective privacy management for smart cyber-physical systems.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[3]  Bashar Nuseibeh,et al.  Adaptive Sharing for Online Social Networks: A Trade-off Between Privacy Risk and Social Benefit , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Athman Bouguettaya,et al.  RATEWeb: Reputation Assessment for Trust Establishment among Web services , 2009, The VLDB Journal.

[5]  Stephen B. Wicker,et al.  Inferring Personal Information from Demand-Response Systems , 2010, IEEE Security & Privacy.

[6]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[7]  Soma Bandyopadhyay,et al.  IoT-Privacy: To be private or not to be private , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[8]  Daniele Miorandi,et al.  A security-and quality-aware system architecture for Internet of Things , 2014, Information Systems Frontiers.

[9]  J. Murphy The General Data Protection Regulation (GDPR) , 2018, Irish medical journal.

[10]  Roger Clarke,et al.  Internet privacy concerns confirm the case for intervention , 1999, CACM.

[11]  Angela Sasse,et al.  Humans in the Loop Human – Computer Interaction and Security , 2022 .

[12]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[13]  Claude Castelluccia,et al.  Enhancing Transparency and Consent in the IoT , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[14]  Dan Suciu,et al.  A theory of pricing private data , 2012, ICDT '13.

[15]  Stephen S. Yau,et al.  A Reference Architecture for Improving Security and Privacy in Internet of Things Applications , 2014, 2014 IEEE International Conference on Mobile Services.