A Privacy-Enhancing Framework for Internet of Things Services

The world has seen an influx of connected devices through both smart devices and smart cities, paving the path forward for the Internet of Things (IoT). These emerging intelligent infrastructures and applications based on IoT can be beneficial to users only if essential private and secure features are assured. However, with constrained devices being the norm in IoT, security and privacy are often minimized. In this paper, we first categorize various existing privacy-enhancing technologies (PETs) and assessment of their suitability for privacy-requiring services within IoT. We also categorize potential privacy risks, threats, and leakages related to various IoT use cases. Furthermore, we propose a simple novel privacy-preserving framework based on a set of suitable privacy-enhancing technologies in order to maintain security and privacy within IoT services. Our study can serve as a baseline of privacy-by-design strategies applicable to IoT based services, with a particular focus on smart things, such as safety equipment.

[1]  Michael Friedewald,et al.  Seven Types of Privacy , 2013, European Data Protection.

[2]  Thiemo Voigt,et al.  6LoWPAN Compressed DTLS for CoAP , 2012, 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems.

[3]  Athanasios V. Vasilakos,et al.  The Quest for Privacy in the Internet of Things , 2016, IEEE Cloud Computing.

[4]  Jiri Hosek,et al.  On perspective of security and privacy-preserving solutions in the internet of things , 2016, Comput. Networks.

[5]  Jun Li,et al.  APCN: A scalable architecture for balancing accountability and privacy in large-scale content-based networks , 2020, Inf. Sci..

[6]  Prem Prakash Jayaraman,et al.  Scalable Role-Based Data Disclosure Control for the Internet of Things , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[7]  Ioannis Chatzigiannakis,et al.  A privacy-preserving smart parking system using an IoT elliptic curve based security platform , 2016, Comput. Commun..

[8]  Antonio F. Gómez-Skarmeta,et al.  Holistic Privacy-Preserving Identity Management System for the Internet of Things , 2017, Mob. Inf. Syst..

[9]  Shekhar Verma,et al.  Privacy in wireless sensor networks using ring signature , 2014, J. King Saud Univ. Comput. Inf. Sci..

[10]  Jianhua Chen,et al.  Certificateless Searchable Public Key Encryption Scheme for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[11]  Chao Li,et al.  Privacy in Internet of Things: From Principles to Technologies , 2018, IEEE Internet of Things Journal.

[12]  Xinyu Yang,et al.  A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications , 2017, IEEE Internet of Things Journal.

[13]  Antonio F. Gómez-Skarmeta,et al.  Towards Privacy-Preserving Data Sharing in Smart Environments , 2014, IMIS.

[14]  Alexandre Viejo,et al.  Efficient group signatures for privacy-preserving vehicular networks , 2015, Telecommun. Syst..

[15]  Sebastian Hudert,et al.  Utilising the Tor Network for IoT Addressing and Connectivity , 2018, CLOSER.

[16]  Davar Pishva,et al.  A TOR-based anonymous communication approach to secure smart home appliances , 2015, 2015 17th International Conference on Advanced Communication Technology (ICACT).

[17]  Petr Dzurenda,et al.  Attribute-based credentials with cryptographic collusion prevention , 2015, Secur. Commun. Networks.

[18]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[19]  Roberto Di Pietro,et al.  Smart health: A context-aware health paradigm within smart cities , 2014, IEEE Communications Magazine.

[20]  Oliver Kleine,et al.  Distributed crowd-sensing infrastructure for personalized dynamic IoT spaces , 2014, Urb-IoT.

[21]  Lejla Batina,et al.  New directions in IoT privacy using attribute-based authentication , 2016, Conf. Computing Frontiers.

[22]  Yang Xiang,et al.  Privacy Enhancing Technologies in the Internet of Things: Perspectives and Challenges , 2019, IEEE Internet of Things Journal.

[23]  Josep Domingo-Ferrer,et al.  Privacy and Data Protection by Design - from policy to engineering , 2014, ArXiv.

[24]  Kamal Jambi,et al.  Preserving privacy in internet of things: a survey , 2018, International Journal of Information Technology.

[25]  Sanjay Jha,et al.  Privacy preserving data access scheme for IoT devices , 2017, 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA).

[26]  Daniel Slamanig,et al.  Highly-Efficient Fully-Anonymous Dynamic Group Signatures , 2018, AsiaCCS.

[27]  Georg Carle,et al.  Leveraging Secure Multiparty Computation in the Internet of Things , 2018, MobiSys.

[28]  Ralf C. Staudemeyer,et al.  The Road to Privacy in IoT: Beyond Encryption and Signatures, Towards Unobservable Communication , 2018, 2018 IEEE 19th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[29]  Longfei Wu,et al.  A Survey on Security and Privacy Issues in Internet-of-Things , 2017, IEEE Internet of Things Journal.

[30]  Paul Voigt,et al.  The EU General Data Protection Regulation (GDPR) , 2017 .

[31]  Paul Voigt,et al.  The Eu General Data Protection Regulation (Gdpr): A Practical Guide , 2017 .

[32]  Carlo Maria Medaglia,et al.  An Overview of Privacy and Security Issues in the Internet of Things , 2010 .

[33]  Ibrahim Khalil,et al.  Design and implementation of a secure cloud-based billing model for smart meters as an Internet of things using homomorphic cryptography , 2017, Future Gener. Comput. Syst..

[34]  Herbert F. Jelinek,et al.  A survey of state-of-the-art methods for securing medical databases , 2018 .

[35]  Yulei Wu,et al.  A privacy preserved and credible network protocol , 2019, J. Parallel Distributed Comput..

[36]  Kamin Whitehouse,et al.  Protecting your daily in-home activity information from a wireless snooping attack , 2008, UbiComp.

[37]  Gautam Srivastava,et al.  A Secure Publish/Subscribe Protocol for Internet of Things , 2019, IACR Cryptol. ePrint Arch..

[38]  Klaus Wehrle,et al.  User-Driven Privacy Enforcement for Cloud-Based Services in the Internet of Things , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[39]  Qinglei Kong,et al.  A privacy-preserving sensory data sharing scheme in Internet of Vehicles , 2017, Future Gener. Comput. Syst..

[40]  Mohsen Guizani,et al.  Secure service provision in smart grid communications , 2012, IEEE Communications Magazine.

[41]  Kasem Khalil,et al.  Towards Privacy Preserving IoT Environments: A Survey , 2018, Wirel. Commun. Mob. Comput..

[42]  Juan D. Parra Rodriguez,et al.  Addressing Data-Centric Security Requirements for IoT-Based Systems , 2016, 2016 International Workshop on Secure Internet of Things (SIoT).

[43]  Houbing Song,et al.  ESOT: a new privacy model for preserving location privacy in Internet of Things , 2018, Telecommun. Syst..

[44]  Fang Liu,et al.  A Clustering k-Anonymity Privacy-Preserving Method for Wearable IoT Devices , 2018, Secur. Commun. Networks.

[45]  Keita Emura,et al.  A Light-Weight Group Signature Scheme with Time-Token Dependent Linking , 2015, LightSec.

[46]  Bart De Decker,et al.  Attribute-Based Privacy-Friendly Access Control with Context , 2016, ICETE.

[47]  Wenchao Xu,et al.  Internet of vehicles in big data era , 2018, IEEE/CAA Journal of Automatica Sinica.

[48]  Javier López,et al.  Digital Witness and Privacy in IoT: Anonymous Witnessing Approach , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[49]  Jan Camenisch,et al.  Fast Keyed-Verification Anonymous Credentials on Standard Smart Cards , 2019, IACR Cryptol. ePrint Arch..

[50]  Gautam Srivastava,et al.  A Decentralized Privacy-Preserving Healthcare Blockchain for IoT , 2019, Sensors.

[51]  Carlos Rodrigo Gómez Rodríguez,et al.  Using Differential Privacy for the Internet of Things , 2016, Privacy and Identity Management.

[52]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[53]  Bart Jacobs,et al.  Polymorphic Encryption and Pseudonymisation for Personalised Healthcare , 2016, IACR Cryptol. ePrint Arch..

[54]  Hao Wang,et al.  Privacy-preserving data search with fine-grained dynamic search right management in fog-assisted Internet of Things , 2019, Inf. Sci..

[55]  Feng Bao,et al.  Evolving privacy: From sensors to the Internet of Things , 2017, Future Gener. Comput. Syst..

[56]  Jörg Daubert,et al.  On the Security and Privacy of Internet of Things Architectures and Systems , 2015, 2015 International Workshop on Secure Internet of Things (SIoT).

[57]  Hsinchun Chen,et al.  Uninvited Connections: A Study of Vulnerable Devices on the Internet of Things (IoT) , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[58]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[59]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[60]  M. Shamim Hossain,et al.  Privacy-Preserving Data Communication Through Secure Multi-Party Computation in Healthcare Sensor Cloud , 2017, J. Signal Process. Syst..

[61]  Wen Hu,et al.  Talos: Encrypted Query Processing for the Internet of Things , 2015, SenSys.

[62]  Dong Wang,et al.  Privacy-Aware Edge Computing in Social Sensing Applications Using Ring Signatures , 2018, 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS).

[63]  Xiaoliang Wang,et al.  A Fair Blind Signature Scheme to Revoke Malicious Vehicles in VANETs , 2019, Computers, Materials & Continua.

[64]  Andrew P. Martin,et al.  Threat-Based Security Analysis for the Internet of Things , 2014, 2014 International Workshop on Secure Internet of Things.

[65]  Abdoul Aziz Ciss,et al.  I2PA : An Efficient ABC for IoT , 2019, Cryptogr..