A Reference Architecture for Improving Security and Privacy in Internet of Things Applications

As the promise of the Internet of Things (IoT) materializes in our everyday lives, we are often challenged with a number of concerns regarding the efficacy of the current data privacy solutions that support the pervasive components at play in IoT. The privacy and security concerns surrounding IoT often manifests themselves as a treat to end-user adoption and negatively impacts trust among end-users in these solutions. In this paper, we present a reference software architecture for building cloud-enabled IoT applications in support of collaborative pervasive systems aimed at achieving trustworthiness among end-users in IoT scenarios. We present a case study that leverages this reference architecture to protect sensitive user data in an IoT application implementation and evaluate the response of an end-user study accomplished through a survey.

[1]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[2]  Promise Mvelase,et al.  Custom-Made Cloud Enterprise Architecture for Small Medium and Micro Enterprises , 2011, Int. J. Cloud Appl. Comput..

[3]  Low Tang Jung,et al.  Hybrid scheme for trust management in pervasive computing , 2012, 2012 International Conference on Information Retrieval & Knowledge Management.

[4]  Ann Cavoukian,et al.  Privacy in the clouds , 2008 .

[5]  William C. Chu,et al.  Toward Collective Intelligence for Fighting Obesity , 2013, 2013 IEEE 37th Annual Computer Software and Applications Conference.

[6]  Ramjee Prasad,et al.  Proposed embedded security framework for Internet of Things (IoT) , 2011, 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE).

[7]  Christian Damsgaard Jensen,et al.  Trading Privacy for Trust , 2004, iTrust.

[8]  Marc Langheinrich,et al.  Privacy in Ubiquitous Computing , 2014 .

[9]  Yong Tang,et al.  Privacy Enhancing Framework on PaaS , 2012, 2012 International Conference on Cloud and Service Computing.

[10]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[11]  Richard C. Holt,et al.  A reference architecture for Web servers , 2000, Proceedings Seventh Working Conference on Reverse Engineering.

[12]  A. Behl,et al.  An analysis of cloud computing security issues , 2012, 2012 World Congress on Information and Communication Technologies.

[13]  Adam N. Joinson,et al.  Privacy, Trust, and Self-Disclosure Online , 2010, Hum. Comput. Interact..

[14]  Michael D. Hogan,et al.  NIST Cloud Computing Standards Roadmap , 2013 .

[15]  Elizabeth Papadopoulou,et al.  A Privacy Framework for Personal Self-Improving Smart Spaces , 2009, 2009 International Conference on Computational Science and Engineering.

[16]  Vijay Varadharajan,et al.  Mobile Agent and Web Service Integration Security Architecture , 2007, IEEE International Conference on Service-Oriented Computing and Applications (SOCA '07).

[17]  Stephen S. Yau,et al.  An Adaptive Approach to Optimizing Tradeoff Between Service Performance and Security in Service-Based Systems , 2011, Int. J. Web Serv. Res..

[18]  Siani Pearson,et al.  Privacy, Security and Trust in Cloud Computing , 2013 .

[19]  Sheikh Iqbal Ahamed,et al.  Ubicomp secretary: a web service based ubiquitous computing application , 2008, SAC '08.