Security and privacy in smart cities: challenges and opportunities

Smart cities are expected to improve the quality of daily life, promote sustainable development, and improve the functionality of urban systems. Now that many smart systems have been implemented, security and privacy issues have become a major challenge that requires effective countermeasures. However, traditional cybersecurity protection strategies cannot be applied directly to these intelligent applications because of the heterogeneity, scalability, and dynamic characteristics of smart cities. Furthermore, it is necessary to be aware of security and privacy threats when designing and implementing new mechanisms or systems. Motivated by these factors, we survey the current situations of smart cities with respect to security and privacy to provide an overview of both the academic and industrial fields and to pave the way for further exploration. Specifically, this survey begins with an overview of smart cities to provide an integrated context for readers. Then, we discuss the privacy and security issues in current smart applications along with the corresponding requirements for building a stable and secure smart city. In the next step, we summarize the existing protection technologies. Finally, we present open research challenges and identify some future research directions

A Privacy-Enhancing Framework for Mobile Devices

The use of mobile devices in daily life has increased exponentially, leading to them occupying many essential aspects of people’s lives, such as replacing credit cards to make payments, and for various forms of entertainment and social activities. Therefore, users have installed an enormous number of apps. These apps can collect and share a large amount of data, such as location data, images, videos, health data, and call logs, which are highly valuable and sensitive for users. Consequently, the use of apps raises a variety of privacy concerns regarding which app is allowed to access and share; to what degree of granularity, and how to manage and limit the disclosure of this data. Accordingly, it is imperative to develop and design a holistic solution for enhancing privacy on mobile apps to meet users’ privacy preferences. The research design in this study involved an attempt to address the problem in a coherent and logical way. Therefore, the research involved different phases, starting with identifying potential user requirements based on the literature, and then designing a participatory study to explore whether the initial requirements and design meet users’ preferences, which in turn led to the design of a final artefact. Design science requires the creation of a viable artefact for the current problem in the field. Thus, this study reviews the current use of privacy technologies and critically analyses the available solutions in order to investigate whether these solutions have the capability to meet personal privacy preferences and maximise users’ satisfaction. It is evident that most of the prior studies assume the homogeneity of privacy preferences across users, yet users’ privacy preferences differ from one user to another in the context of how to control and manage their data, prioritisation of information, personalised notifications, and levels of knowledge. Moreover, solutions with a user interface designed according to the users’ perceptions and based on HCI principles are not readily available. Therefore, it is paramount to meet and adopt user’s need and requirements to enhance privacy technology for mobile apps. A survey of 407 mobile users was undertaken to discover users’ privacy preferences. The outcome of the survey shows that it is possible to prioritise information into 10 unique profiles. Each profile effectively represents a cluster of likeminded users and captures their privacy-related information preferences. The outcomes of the analysis also revealed that users differ not only in the context of prioritisation of their information, but also regarding design, protection settings, responses, and level of knowledge. This, in turn, emphasises the need to develop and design a holistic solution for users, considering all these dimensions. As such, the thesis proposes a novel framework for enhancing privacy technology in a modular and robust manner that would support such a system in practice. This system provides a comprehensive solution that has been developed by considering different dimensions, and it includes a personalised response, prioritisation of privacy-related information, multilevel privacy controls, and also considers users’ varying levels of knowledge. As a result, this approach should enhance users’ privacy awareness and meet their needs to protect their privacy. Additionally, the proposed of the system consists of user interfaces designed according to the users’ perceptions and based on HCI principles to overcome the usability issues without compromising the users’ convenience. Ultimately, the evaluation of the effectiveness of the proposed approach shows that it is feasible and would enhance privacy technology as well as user convenience. This, in turn, would increase trust in the system and reduce privacy concerns