Permissão para partilha seletiva em ambientes IoT

The increasing use of smart devices for monitoring spaces has caused an increase in concerns about the privacy of users of these spaces. Given this problem, the legislation on the right to privacy has been worked to ensure that the existing laws on this subject are sufficiently comprehensive to preserve the privacy of users. In this way, research on this topic evolves in the sense of creating systems that ensure compliance with these laws, that is, increase transparency in the treatment of user data. In the context of this dissertation, a demonstrator-based strategy is presented to provide users control over their stored data during the temporary use of an intelligent environment. In addition, this strategy includes transparency guarantees, highlights the right to forgetting, provides the ability to consent and proof of that consent. A strategy for privacy control in such environments is also mentioned in this paper. This dissertation was developed within the CASSIOPEIA project where the case study focuses on the SmartBnB problem where a user rents a smart home for a limited time. This paper presents the developed system that ensures the user’s privacy and control over their data.O uso crescente de dispositivos inteligentes para monitorização de espaços tem provocado um aumento das preocupações sobre a privacidade dos utilizadores destes espaços. Face a este problema, a legislação sobre o direito à privacidade tem sido trabalhada de forma a garantir que as leis existentes sobre este tema são suficientemente abrangentes para preservar a privacidade dos utilizadores. Desta forma, a investigação neste tópico evolui no sentido de criar sistemas que garantam o cumprimento destas leis, ou seja aumentam a transparência no tratamentos dos dados dos utilizadores. No contexto desta dissertação, é apresentada uma estratégia baseado num demonstrador para fornecer um controlo ao utilizador sobre os seus dados armazenados durante a utilização temporária de um ambiente inteligente. Para além disso, esta estratégia inclui garantias de transparência, evidencia o direito ao esquecimento, fornece a capacidade de consentimento e prova desse consentimento. É também mencionada neste documento uma estratégia para um controlo de privacidade neste tipo de ambientes. Esta dissertação foi desenvolvida no âmbito do projeto CASSIOPEIA onde o caso de estudo se foca no SmartBnB problem onde um utilizador arrenda uma casa inteligente durante um tempo limitado. Este documento apresenta o sistema desenvolvido que garante a privacidade e controlo do utilizador sobre os seus próprios dados.This work is partially funded by NGI Trust, with number 3.85, Pro-ject CASSIOPEIA.Mestrado em Engenharia de Computadores e Telemátic

Effective authorization for the Web of Things

The momentum gained by the Internet of Things (IoT) has lead technology to be sufficiently mature to finally reach the market. The expectations and concerns of users around new products are primarily related to the possibility to interact with things in a seamless and effective way and, above all, to do so securely. Within this context, the main pillars required to support a sustainable and practical IoT are: interoperability, discoverability, and authorization. Based on the concepts and experience gained with the traditional Internet, the Web of Things (WoT) paradigm is chartered to address the former two issues. However, fast-developed and simplistic vertical approaches, due to the rush to launch IoT products, have not considered authorization adequately. Access to smart objects typically occurs through product-bound Cloud platforms, which mediate between vendor-specific smartphone apps and objects. Notwithstanding, effective mechanisms to manage authorized access to resources are required to really make simple and safe to use and share things. In this paper, we propose a standard-based authorization framework for WoT applications, which allows to effectively enforce fine-grained access policies to authorized parties. An implementation is presented to highlight the simplicity of the proposed approach and the benefits that it can introduce