Big data privacy in the Internet of Things era

Over the last few years, we've seen a plethora of Internet of Things (IoT) solutions, products, and services make their way into the industry's marketplace. All such solutions will capture large amounts of data pertaining to the environment as well as their users. The IoT's objective is to learn more and better serve system users. Some IoT solutions might store data locally on devices ('things'), whereas others might store it in the cloud. The real value of collecting data comes through data processing and aggregation on a large scale, where new knowledge can be extracted. However, such procedures can lead to user privacy issues. This article discusses some of the main challenges of privacy in the IoT as well as opportunities for research and innovation. The authors also introduce some of the ongoing research efforts that address IoT privacy issues

Increasing user controllability on device specific privacy in the Internet of Things

With recent advancements in information technology more and more devices are integrated in the Internet of Things. These devices gather significant amount of private information pertinent to a user and while, in some cases it helps in improving the life style of an individual, in others it raises major privacy concerns. This trade-off between utility and privacy is highly dependent upon the devices in consideration and as the utility of the generated data increases, the privacy of an individual decreases. In this paper, we formulate a utility-privacy trade-off that enables a user to make appliance specific decisions as to how much data can be shared. This is achieved by parametrizing the degree of privacy allowed for each device and enabling the user to configure the parameter of each device. We use the smart metering application as the test case scenario for the proposed approach. We evaluate its performance using simulations conducted on the ECO data set. Our results indicate that, the proposed approach is successful in identifying appliances with an accuracy of 81.8% and a precision of 70.1%. In addition, it is demonstrated that device specific changes of the configuration parameters allow the degree of privacy achieved for the particular device and the utility to be well controlled, thus demonstrating the effectiveness of the proposed approach. Moreover, it is shown that, as expected, devices with higher power consumption contribute more to the overall privacy and utility achieved. A comparative study is also conducted and the proposed approach is shown to outperform the existing ElecPrivacy approach by producing a trace that is harder to identify, as reported after testing the Weiss’ and Baranski’s algorithm, both of which are well known Non-Intrusive Load Monitoring algorithms. Finally, it is demonstrated that the addition of noise, which is an integral part of the propose approach, can greatly improve performance

Security and Privacy in the Internet of Things

The Internet of Things (IoT) is an emerging paradigm that seamlessly integrates electronic devices with sensing and computing capability into the Internet to achieve intelligent processing and optimized controlling. In a connected world built through IoT, where interconnected devices are extending to every facet of our lives, including our homes, offices, utility infrastructures and even our bodies, we are able to do things in a way that we never before imagined. However, as IoT redefines the possibilities in environment, society and economy, creating tremendous benefits, significant security and privacy concerns arise such as personal information confidentiality, and secure communication and computation. Theoretically, when everything is connected, everything is at risk. The ubiquity of connected things gives adversaries more attack vectors and more possibilities, and thus more catastrophic consequences by cybercrimes. Therefore, it is very critical to move fast to address these rising security and privacy concerns in IoT systems before severe disasters happen. In this dissertation, we mainly address the challenges in two domains: (1) how to protect IoT devices against cyberattacks; (2) how to protect sensitive data during storage, dissemination and utilization for IoT applications. In the first part, we present how to leverage anonymous communication techniques, particularly Tor, to protect the security of IoT devices. We first propose two schemes to enhance the security of smart home by integrating Tor hidden services into IoT gateway for users with performance preference. Then, we propose a multipath-routing based architecture for Tor hidden services to enhance its resistance against traffic analysis attacks, and thus improving the protection for smart home users who desire very strong security but care less about performance. In the second part of this dissertation, we explore the solutions to protect the data for IoT applications. First, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Then, we turn our attention to the data analysis in IoT applications, which is one of the core components of IoT applications. We propose a cloud-assisted, privacy-preserving machine learning classification scheme over encrypted data for IoT devices. Our scheme is based on a three-party model coupled with a two-stage decryption Paillier-based cryptosystem, which allows a cloud server to interact with machine learning service providers (MLSPs) and conduct computation intensive classification on behalf of the resourced-constrained IoT devices in a privacy-preserving manner. Finally, we explore the problem of privacy-preserving targeted broadcast in IoT, and propose two multi-cloud-based outsourced-ABE (attribute-based encryption) schemes. They enable the receivers to partially outsource the computationally expensive decryption operations to the clouds, while preventing attributes from being disclosed

On Communication Privacy in the Internet of Things

We tackle the problem of privacy breaching in IPv6 Low power Wireless Personal Area Networks (6LoWPAN)-based Internet of Things (IoT) networks where an attacker may be able to identify the communicating entities. We propose three contributions which are: (i) survey: we thoroughly expose the prime focus of the existing solutions on communication identifiers privacy in 6LoWPANs, clarifying the important information about: at which layer the solutions operate, based on which protocol, against which attack, for which application, based on simulations or real prototypes, which sensitive information or communication identifiers are protected, which Privacy-Preserving Technique (PPT) is used, and how long is the duration of the protection against privacy attacks. (ii) uOTA: based on the One Time Address (OTA) approach proposed for the traditional Internet, with a focus on low complexity, memory footprint, and energy consumption, uOTA uses just one IPv6 address to send or to receive one packet. (iii) ACFI which is based on: (1) anonymizing both IP and MAC addresses, as well as port number at the source host, using a random pseudonyming scheme, and (2) anonymizing the IP address and port number of the destination host, using a Tor-like network. We analysed the effect of the Tor entry node location on the performance of our solution in three different scenarios: the Tor entry node is located (a) inside the 6LoWPAN, (b) at the 6LBR gateway, or (c) completely outside the 6LoWPAN. Using Cooja simulator, we showed that our solutions (uOTA and ACFI) outperformed stateof-the-art solutions by making it more difficult to identify communication flows by improving the anonymity and unlinkability of the communicating entities without significantly affecting energy consumption, communication delay, and network bandwidth

Privacy in the internet of Things. Fostering user empowerment fhrough digital literacy

Os dispositivos da Internet das Coisas estão por todo o lado, desde o nascimento da computação ubíqua que se prevê que a vida quotidiana do ser humano contenha milhões de dispositivos que con trolam todos os aspectos da nossa vida. Hoje em dia, temos veículos inteligentes, casas inteligentes, cidades inteligentes, dispositivos vestíveis, entre outros, que utilizam vários tipos de dispositivos e vários tipos de redes para comunicar. Estes dispositivos criam novas formas de recolha e tratamento de dados pessoais de utilizadores e não utilizadores. A maioria dos utilizadores nais nem sequer tem conhecimento ou tem pouco controlo sobre a informação que está a ser recolhida por estes sistemas. Este trabalho adopta uma abordagem holística a este problema, começando por realizar uma revisão da literatura para compilar as soluções actuais, os desa os e as oportunidades de investigação futura. Realizando, em seguida, um inquérito para saber mais sobre o conhecimento geral dos indivíduos acerca da privacidade, da Internet das Coisas e hábitos online e, nalmente, com base na informação recolhida, é proposta uma aplicação móvel que fornece aos utilizadores informações sobre os dispositivos que estão próximos e como proteger os dados que não querem partilhar com estes dispositivos. Os testes com utilizadores revelaram que os participantes val orizam ter acesso a mais informações sobre termos relacionados com a privacidade. Esta aplicação é capaz de detetar que tipo de dispositivos estão próximos, que tipo de dados são recolhidos por esses dispositivos e apresentar opções de privacidade ao utilizador, quando possível, com o objetivo de fornecer aos indivíduos uma ferramenta para tomarem decisões informadas sobre os seus dados privados.Internet of Things devices are everywhere, since the birth of ubiquitous computing, human everyday life is expected to contain millions of devices that control every aspect of our lives. Today we have smart vehicles, smart houses, smart cities, wearables among other things that use various types of devices, and various types of networks to communicate. These devices create new ways of collecting and processing personal data from users, and non-users. Most end users are not even aware or have little control over the information that is being collected by these systems. This work takes a holistic approach to this problem by rst conducting a literature review to compile current solutions, challenges and future research opportunities. Then conducting a survey to learn more about the general knowledge of individuals about privacy, the Internet of Things and online habits, and nally, based on the information gathered, a mobile application is proposed that gives users information about nearby devices, and how to protect the data that they do not want to share with them. User testing revealed that participants valued having access to more information about privacy related terms. This application is capable of detecting what type of devices are nearby, what kind of data is collected by these devices, and displaying privacy options to the user, when it is possible to do so, with the goal of providing individuals a tool to make informed decisions about their private data

Solution to ensure privacy in the internet of things

New products and services offered by the “internet of things” will make us more efficient, more able to understand our environment and take action, and new assistive technologies will allow us to extend our working lives. Nonetheless, we will coexist with a large number of devices collecting information about our activities, habits, preferences, etc. This situation could threaten our privacy. Distrust could be a barrier to the full development of these new products and services. This article offers a possible solution to ensure security and privacy for personal data on the internet of things, using techniques that result from a collaboration between the business, legislative and technological areas and are designed to build trust with all stakeholders

Fog computing, applications , security and challenges, review

The internet of things originates a world where on daily basis objects can join the internet and interchange information and in addition process, store, gather them from the nearby environment, and effectively mediate on it. A remarkable number of services might be imagined by abusing the internet of things. Fog computing which is otherwise called edge computing was introduced in 2012 as a considered is a prioritized choice for the internet of things applications. As fog computing extend services of cloud near to the edge of the network and make possible computations, communications, and storage services in proximity to the end user. Fog computing cannot only provide low latency, location awareness but also enhance real-time applications, quality of services, mobility, security and privacy in the internet of things applications scenarios. In this paper, we will summarize and overview fog computing model architecture, characteristic, similar paradigm and various applications in real-time scenarios such as smart grid, traffic control system and augmented reality. Finally, security challenges are presented