Abstract
The world has seen an influx of connected devices through both smart devices and smart cities, paving the path forward for the Internet of Things (IoT). These emerging intelligent infrastructures and applications based on IoT can be beneficial to users only if essential private and secure features are assured. However, with constrained devices being the norm in IoT, security and privacy are often minimized. In this paper, we first categorize various existing privacy-enhancing technologies (PETs) and assessment of their suitability for privacy-requiring services within IoT. We also categorize potential privacy risks, threats, and leakages related to various IoT use cases. Furthermore, we propose a simple novel privacy-preserving framework based on a set of suitable privacy-enhancing technologies in order to maintain security and privacy within IoT services. Our study can serve as a baseline of privacy-by-design strategies applicable to IoT based services, with a particular focus on smart things, such as safety equipment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Alpár, G., et al.: New directions in IoT privacy using attribute-based authentication: position paper (2016)
Atamli, A.W., Martin, A.: Threat-based security analysis for the internet of things. In: International Workshop on Secure Internet of Things, pp. 35–43. IEEE (2014)
Baumann, F.W., Odefey, U., Hudert, S., Falkenthal, M., Breitenbücher, U.: Utilising the tor network for IoT addressing and connectivity. In: Proceedings of the 8th International Conference on Cloud Computing and Services Science (CLOSER 2018), pp. 27–34. SciTePress, March 2018
Bernal Bernabe, J., Hernandez-Ramos, J.L., Skarmeta Gomez, A.F.: Holistic privacy-preserving identity management system for the internet of things. Mob. Inf. Syst. 2017, 6384186:1 (2017)
Camenisch, J., Drijvers, M., Dzurenda, P., Hajny, J.: Fast keyed-verification anonymous credentials on standard smart cards. In: Dhillon, G., Karlsson, F., Hedström, K., Zúquete, A. (eds.) SEC 2019. IAICT, vol. 562, pp. 286–298. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22312-0_20
Cha, S.C., Hsu, T.Y., Xiang, Y., Yeh, K.H.: Privacy enhancing technologies in the internet of things: perspectives and challenges. IEEE Internet Things J. 6, 2159–2187 (2018)
Chatzigiannakis, I., Vitaletti, A., Pyrgelis, A.: A privacy-preserving smart parking system using an IoT elliptic curve based security platform. Comput. Commun. 89, 165–177 (2016)
Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)
Debnath, A., Singaravelu, P., Verma, S.: Privacy in wireless sensor networks using ring signature. J. King Saud Univ.-Comput. Inf. Sci. 26(2), 228–236 (2014)
Derler, D., Slamanig, D.: Highly-efficient fully-anonymous dynamic group signatures. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 551–565. ACM (2018)
Dwivedi, A.D., Srivastava, G., Dhar, S., Singh, R.: A decentralized privacy-preserving healthcare blockchain for IoT. Sensors 19(2), 326 (2019)
Emura, K., Hayashi, T.: A light-weight group signature scheme with time-token dependent linking. In: Güneysu, T., Leander, G., Moradi, A. (eds.) LightSec 2015. LNCS, vol. 9542, pp. 37–57. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29078-2_3
Finn, R.L., Wright, D., Friedewald, M.: Seven types of privacy. In: Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (eds.) European Data Protection: Coming of Age, pp. 3–32. Springer, Heidelberg (2013). https://doi.org/10.1007/978-94-007-5170-5_1
Hajny, J., Dzurenda, P., Malina, L.: Attribute-based credentials with cryptographic collusion prevention. Secur. Commun. Netw. 8(18), 3836–3846 (2015)
He, D., Chen, C., Bu, J., Chan, S., Zhang, Y., Guizani, M.: Secure service provision in smart grid communications. IEEE Commun. Mag. 50(8), 53–61 (2012)
Henze, M., Hermerschmidt, L., Kerpen, D., Häußling, R., Rumpe, B., Wehrle, K.: User-driven privacy enforcement for cloud-based services in the internet of things. In: 2014 International Conference on Future Internet of Things and Cloud, pp. 191–196. IEEE (2014)
Hoang, N.P., Pishva, D.: A TOR-based anonymous communication approach to secure smart home appliances. In: 2015 17th International Conference on Advanced Communication Technology (ICACT), pp. 517–525. IEEE (2015)
Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38
Jahan, M., Seneviratne, S., Chu, B., Seneviratne, A., Jha, S.: Privacy preserving data access scheme for IoT devices. In: 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA), pp. 1–10. IEEE (2017)
Kelarev, A.V., Yi, X., Cui, H., Rylands, L.J., Jelinek, H.F.: A survey of state-of-the-art methods for securing medical databases. AIMS Med. Sci. 5(1), 1–22 (2018)
Kong, Q., Lu, R., Ma, M., Bao, H.: A privacy-preserving sensory data sharing scheme in internet of vehicles. Futur. Gener. Comput. Syst. 92, 644–655 (2019)
Li, C., Palanisamy, B.: Privacy in internet of things: from principles to technologies. IEEE Internet Things J. 6(1), 488–505 (2019)
Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., Zhao, W.: A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125–1142 (2017)
Liu, F., Li, T.: A clustering-anonymity privacy-preserving method for wearable IoT devices. Secur. Commun. Netw. 2018, 1–8 (2018)
Lopez, J., Rios, R., Bao, F., Wang, G.: Evolving privacy: from sensors to the internet of things. Future Gener. Comput. Syst. 75, 46–57 (2017)
Ma, M., He, D., Kumar, N., Choo, K.K.R., Chen, J.: Certificateless searchable public key encryption scheme for industrial internet of things. IEEE Trans. Ind. Inform. 14(2), 759–767 (2017)
Ma, Y., Wu, Y., Li, J., Ge, J.: APCN: a scalable architecture for balancing accountability and privacy in large-scale content-based networks. Inf. Sci. (2019)
Mai, V., Khalil, I.: Design and implementation of a secure cloud-based billing model for smart meters as an internet of things using homomorphic cryptography. Future Gener. Comput. Syst. 72, 327–338 (2017)
Malina, L., Hajny, J., Fujdiak, R., Hosek, J.: On perspective of security and privacy-preserving solutions in the internet of things. Comput. Netw. 102, 83–95 (2016)
Malina, L., Srivastava, G., Dzurenda, P., Hajny, J., Fujdiak, R.: A secure publish/subscribe protocol for internet of things. In: Proceedings of the ARES 2019. ACM (2019)
Malina, L., Vives-Guasch, A., Castellà -Roca, J., Viejo, A., Hajny, J.: Efficient group signatures for privacy-preserving vehicular networks. Telecommun. Syst. 58(4), 293–311 (2015)
von Maltitz, M., Carle, G.: Leveraging secure multiparty computation in the internet of things. arXiv preprint arXiv:1806.02144 (2018)
Medaglia, C.M., Serbanati, A.: An overview of privacy and security issues in the internet of things. The Internet of Things, pp. 389–395. Springer, New York (2010). https://doi.org/10.1007/978-1-4419-1674-7_38
Nieto, A., Rios, R., Lopez, J.: Digital witness and privacy in IoT: anonymous witnessing approach. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 642–649. IEEE (2017)
Patton, M., Gross, E., Chinn, R., Forbis, S., Walker, L., Chen, H.: Uninvited connections: a study of vulnerable devices on the internet of things (IoT). In: IEEE Joint Intelligence and Security Informatics Conference, pp. 232–235. IEEE (2014)
Porambage, P., Ylianttila, M., Schmitt, C., Kumar, P., Gurtov, A., Vasilakos, A.V.: The quest for privacy in the internet of things. IEEE Cloud Comput. 3(2), 36–45 (2016)
Put, A., De Decker, B.: Attribute-based privacy-friendly access control with context. In: Obaidat, M.S. (ed.) ICETE 2016. CCIS, vol. 764, pp. 291–315. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67876-4_14
Ramos, J.L.H., Bernabé, J.B., Skarmeta, A.F.: Towards privacy-preserving data sharing in smart environments. In: Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 334–339. IEEE (2014)
Raza, S., Trabalza, D., Voigt, T.: 6LoWPAN compressed DTLS for CoAP. In: 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems, pp. 287–289. IEEE (2012)
Gómez RodrÃguez, C.R., Barrantes S., E.G.: Using differential privacy for the internet of things. In: Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C. (eds.) Privacy and Identity 2016. IAICT, vol. 498, pp. 201–211. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-55783-0_14
Rodriguez, J.D.P., Schreckling, D., Posegga, J.: Addressing data-centric security requirements for IoT-based systems. In: 2016 International Workshop on Secure Internet of Things (SIoT), pp. 1–10. IEEE (2016)
Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57(10), 2266–2279 (2013)
Rothenpieler, P., Altakrouri, B., Kleine, O., Ruge, L.: Distributed crowd-sensing infrastructure for personalized dynamic IoT spaces. In: Proceedings of the First International Conference on IoT in Urban Space, pp. 90–92. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2014)
Seliem, M., Elgazzar, K., Khalil, K.: Towards privacy preserving IoT environments: a survey. Wireless Communications and Mobile Computing 2018 (2018)
Sen, A.A.A., Eassa, F.A., Jambi, K., Yamin, M.: Preserving privacy in internet of things: a survey. Int. J. Inf. Technol. 10(2), 189–200 (2018)
Sene, I., Ciss, A.A., Niang, O.: I2PA: an efficient abc for IoT. Cryptography 3(2), 16 (2019)
Shafagh, H., Hithnawi, A., Droescher, A., Duquennoy, S., Hu, W.: Talos: encrypted query processing for the internet of things. In: Proceedings of the 13th ACM Conference on Embedded Networked Sensor Systems, pp. 197–210. ACM (2015)
Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in internet of things: the road ahead. Comput. Netw. 76, 146–164 (2015)
Solanas, A., et al.: Smart health: a context-aware health paradigm within smart cities. IEEE Commun. Mag. 52(8), 74–81 (2014)
Srinivasan, V., Stankovic, J., Whitehouse, K.: Protecting your daily in-home activity information from a wireless snooping attack. In: Proceedings of the 10th International Conference on Ubiquitous Computing, pp. 202–211. ACM (2008)
Staudemeyer, R.C., Pöhls, H.C., Wójcik, M.: The road to privacy in IoT: beyond encryption and signatures, towards unobservable communication. In: 2018 IEEE 19th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 14–20. IEEE (2018)
Tso, R., Alelaiwi, A., Rahman, S.M.M., Wu, M.E., Hossain, M.S.: Privacy-preserving data communication through secure multi-party computation in healthcare sensor cloud. J. Signal Process. Syst. 89(1), 51–59 (2017)
Ullah, I., Shah, M.A., Wahid, A., Mehmood, A., Song, H.: ESOT: a new privacy model for preserving location privacy in internet of things. Telecommun. Syst. 67(4), 553–575 (2018)
Vance, N., Zhang, D.Y., Zhang, Y., Wang, D.: Privacy-aware edge computing in social sensing applications using ring signatures. In: IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), pp. 755–762. IEEE (2018)
Vasilomanolakis, E., Daubert, J., Luthra, M., Gazis, V., Wiesmaier, A., Kikiras, P.: On the security and privacy of internet of things architectures and systems. In: Proceedings of SIoT, pp. 49–57. IEEE (2015)
Verheul, E.R., Jacobs, B., Meijer, C., Hildebrandt, M., de Ruiter, J.: Polymorphic encryption and pseudonymisation for personalised healthcare. IACR Cryptology ePrint Archive 2016/411 (2016)
Voigt, P., Von dem Bussche, A.: The EU General Data Protection Regulation (GDPR) A Practical Guide, 1st edn. Springer International Publishing, Cham (2017). https://doi.org/10.1007/978-3-319-57959-7
Wang, X., Jiang, J., Zhao, S., Bai, L.: A fair blind signature scheme to revoke malicious vehicles in vanets. Comput. Mater. Contin. 58(1), 249–262 (2019)
Xu, W., et al.: Internet of vehicles in big data era. IEEE/CAA J. Autom. Sin. 5(1), 19–35 (2017)
Yang, Y., Wu, L., Yin, G., Li, L., Zhao, H.: A survey on security and privacy issues in internet-of-things. IEEE Internet Things J. 4(5), 1250–1258 (2017)
Yao, Z., Ge, J., Wu, Y., Jian, L.: A privacy preserved and credible network protocol. J. Parallel Distrib. Comput. (2019)
Yavari, A., Panah, A.S., Georgakopoulos, D., Jayaraman, P.P., van Schyndel, R.: Scalable role-based data disclosure control for the internet of things. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2226–2233. IEEE (2017)
Zhou, R., Zhang, X., Wang, X., Yang, G., Wang, H., Wu, Y.: Privacy-preserving data search with fine-grained dynamic search right management in fog-assisted internet of things. Inf. Sci. 491, 251–264 (2019)
Ziegeldorf, J.H., Morchon, O.G., Wehrle, K.: Privacy in the internet of things: threats and challenges. Secur. Commun. Netw. 7(12), 2728–2742 (2014)
Acknowledgment
This paper is supported by the Ministry of Industry and Trade grant # FV20354, the TACR project TL02000398 and European Union’s Horizon 2020 research and innovation programme under grant agreement No 830892, project SPARTA. For the research, infrastructure of the SIX Center supported by National Sustainability Program under grant LO1401 was used.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Malina, L., Srivastava, G., Dzurenda, P., Hajny, J., Ricci, S. (2019). A Privacy-Enhancing Framework for Internet of Things Services. In: Liu, J., Huang, X. (eds) Network and System Security. NSS 2019. Lecture Notes in Computer Science(), vol 11928. Springer, Cham. https://doi.org/10.1007/978-3-030-36938-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-36938-5_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36937-8
Online ISBN: 978-3-030-36938-5
eBook Packages: Computer ScienceComputer Science (R0)