research-article

Open access

A Blockchain-Based Privacy-Preserving Model for Consent and Transparency in Human-Centered Internet of Things

Authors:

Jorge Eduardo Rivadeneira,

María B. Jiménez,

Radu Marculescu,

André Rodrigues,

Fernando Boavida,

Jorge Sá SilvaAuthors Info & Claims

IoTDI '23: Proceedings of the 8th ACM/IEEE Conference on Internet of Things Design and Implementation

Pages 301 - 314

https://doi.org/10.1145/3576842.3582379

Published: 09 May 2023 Publication History

All formats PDF

Abstract

The inclusion of human-related aspects in the Internet of Things paradigm leads to the development of models and solutions that address several challenges of our society. The adoption of these novel approaches is expanding rapidly on the road to what is now termed Society 5.0. However, leaving aside all the potential benefits that come from the interaction with these novel systems, an increasing number of people are concerned with the amount of data these systems can collect and share with data requesters. Several legal frameworks call for the adoption of practices regarding data protection and pushing for data control by the data owners. Unfortunately, most human-centric IoT-based systems lack mechanisms for managing resources and data in the user domain. Moreover, these tasks are typically delegated to a central entity; this necessarily implies a relationship of trust and can lead to problems related to transparency. To cope with these issues in this paper we present a privacy-preserving model that leverages the intrinsic features of the blockchain technology for consent management and transparency in Human-Centered Internet of Things environments. To show the feasibility of our approach, the proposed model is implemented, deployed in a test environment, and assessed using realistic scenarios.

References

[1]

Rishav Raj Agarwal, Dhruv Kumar, Lukasz Golab, and Srinivasan Keshav. 2020. Consentio: Managing Consent to Data Access using Permissioned Blockchains. IEEE International Conference on Blockchain and Cryptocurrency, ICBC 2020 (5 2020). https://doi.org/10.1109/ICBC48266.2020.9169432

[2]

Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Communications Surveys and Tutorials 17 (10 2015), 2347–2376. Issue 4. https://doi.org/10.1109/COMST.2015.2444095

Digital Library

[3]

May Alhajri, Carsten Rudolph, and Ahmad Salehi Shahraki. 2022. A Blockchain-Based Consent Mechanism for Access to Fitness Data in the Healthcare Context. IEEE Access 10 (2022), 22960–22979. https://doi.org/10.1109/ACCESS.2022.3154106

[4]

Elli Androulaki, Artem Barger, Vita Bortnikov, Srinivasan Muralidharan, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Chet Murthy, Christopher Ferris, Gennady Laventman, Yacov Manevich, Binh Nguyen, Manish Sethi, Gari Singh, Keith Smith, Alessandro Sorniotti, Chrysoula Stathakopoulou, Marko Vukolić, Sharon Weed Cocco, and Jason Yellick. 2018. Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains. Proceedings of the 13th EuroSys Conference, EuroSys 2018 2018-January (4 2018). https://doi.org/10.1145/3190508.3190538

Digital Library

[5]

Kartikeya Bhardwaj, Wei Chen, and Radu Marculescu. 2020. INVITED: New directions in distributed deep learning: Bringing the network at forefront of iot design. Proceedings - Design Automation Conference 2020-July (7 2020). https://doi.org/10.1109/DAC18072.2020.9218628

[6]

Claude Castelluccia, Mathieu Cunche, Daniel Le Metayer, and Victor Morel. 2018. Enhancing Transparency and Consent in the IoT. Proceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018, 116–119. https://doi.org/10.1109/EuroSPW.2018.00023

[7]

Ann Cavoukian. 2009. Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5 (2009).

[8]

Shi Cho Cha, Ming Shiung Chuang, Kuo Hui Yeh, Zi Jia Huang, and Chunhua Su. 2018. A User-Friendly Privacy Framework for Users to Achieve Consents With Nearby BLE Devices. IEEE Access 6 (3 2018), 20779–20787. https://doi.org/10.1109/ACCESS.2018.2820716

[9]

European Commission. 2018. Article 29 Newsroom - Guidelines on Consent under Regulation 2016/679 (wp259rev.01) - European Commission. https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=623051

[10]

Federico Daidone, Barbara Carminati, and Elena Ferrari. 2021. Blockchain-based Privacy Enforcement in the IoT domain. IEEE Transactions on Dependable and Secure Computing (2021). https://doi.org/10.1109/TDSC.2021.3110181

[11]

Thomas K. Dasaklis, Fran Casino, and Constantinos Patsakis. 2021. SoK: Blockchain Solutions for Forensics. (2021), 21–40. https://doi.org/10.1007/978-3-030-69460-9_2/COVER/

[12]

Jos Dumortier. 2016. Evaluation and Review of the ePrivacy Directive. European Data Protection Law Review (EDPL) 2 (2016). https://heinonline.org/HOL/Page?handle=hein.journals/edpl2&id=262&div=&collection=

[13]

J. Fernandes, D. Raposo, N. Armando, S. Sinche, J. Sá Silva, A. Rodrigues, V. Pereira, H. Gonçalo Oliveira, Luís Macedo, and F. Boavida. 2020. ISABELA – A Socially-Aware Human-in-the-Loop Advisor System. Online Social Networks and Media 16 (3 2020), 100060. https://doi.org/10.1016/j.osnem.2020.100060

[14]

Christian Gorenflo, Stephen Lee, Lukasz Golab, and Srinivasan Keshav. 2020. FastFabric. International Journal of Network Management 30 (2 2020). Issue 5. https://doi.org/10.1002/NEM.2099

Digital Library

[15]

Hui Guo, Zhenfeng Zhang, Jing Xu, Ningyu An, and Xiao Lan. 2021. Accountable Proxy Re-Encryption for Secure Data Sharing. IEEE Transactions on Dependable and Secure Computing 18 (1 2021), 145–159. Issue 1. https://doi.org/10.1109/TDSC.2018.2877601

Digital Library

[16]

Abdul Rehman Javed, Muhammad Usman Sarwar, Saif ur Rehman, Habib Ullah Khan, Yasser D Al-Otaibi, and Waleed S Alnumay. 2021. PP-SPA: Privacy Preserved Smartphone-Based Personal Assistant to Improve Routine Life Functioning of Cognitive Impaired Individuals. Neural Processing Letters (2021). https://doi.org/10.1007/s11063-020-10414-5

Digital Library

[17]

Jacob Kröger. 2019. Unexpected Inferences from Sensor Data: A Hidden Privacy Threat in the Internet of Things. IFIP Advances in Information and Communication Technology 548, 147–159. https://doi.org/10.1007/978-3-030-15651-0_13

[18]

Jacob Leon Kröger, Leon Gellrich, Sebastian Pape, Saba Rebecca Brause, and Stefan Ullrich. 2022. Personal information inference from voice recordings: User awareness and privacy concerns. Proceedings on Privacy Enhancing Technologies (2022), 6–27. Issue 1. https://doi.org/10.2478/popets-2022-0002

[19]

David J. Langley, Jenny van Doorn, Irene C.L. Ng, Stefan Stieglitz, Alexander Lazovik, and Albert Boonstra. 2021. The Internet of Everything: Smart things and their impact on business models. Journal of Business Research 122 (1 2021), 853–863. https://doi.org/10.1016/J.JBUSRES.2019.12.035

[20]

Goo Yeon Lee, Kyung Jin Cha, and Hwa Jong Kim. 2019. Designing the GDPR compliant consent procedure for personal information collection in the IoT environment. Proceedings - 2019 IEEE International Congress on Internet of Things, ICIOT 2019 - Part of the 2019 IEEE World Congress on Services, 79–81. https://doi.org/10.1109/ICIOT.2019.00025

[21]

Hosub Lee, Richard Chow, Mohammad R. Haghighat, Heather M. Patterson, and Alfred Kobsa. 2018. IoT Service Store: A Web-based System for Privacy-aware IoT Service Discovery and Interaction. 2018 IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2018, 107–112. https://doi.org/10.1109/PERCOMW.2018.8480260

[22]

Dongcheng Li, W. Eric Wong, and Jincui Guo. 2020. A Survey on Blockchain for Enterprise Using Hyperledger Fabric and Composer. Proceedings - 2019 6th International Conference on Dependable Systems and Their Applications, DSA 2019 (1 2020), 71–80. https://doi.org/10.1109/DSA.2019.00017

[23]

Chao Lin, Debiao He, Sherali Zeadally, Xinyi Huang, and Zhe Liu. 2021. Blockchain-based Data Sharing System for Sensing-as-a-Service in Smart Cities. ACM Transactions on Internet Technology (TOIT) 21 (3 2021). Issue 2. https://doi.org/10.1145/3397202

Digital Library

[24]

Gaofan Lin, Haijiang Wang, Jian Wan, Lei Zhang, and Jie Huang. 2022. A blockchain-based fine-grained data sharing scheme for e-healthcare system. Journal of Systems Architecture 132 (11 2022). https://doi.org/10.1016/J.SYSARC.2022.102731

Digital Library

[25]

Heather Richter Lipford, Madiha Tabassum, Paritosh Bahirat, Yaxing Yao, Bart P Knijnenburg, H R Lipford, · M Tabassum, P Bahirat, · B P Knijnenburg, and Y Yao. 2022. Privacy and the Internet of Things. Modern Socio-Technical Perspectives on Privacy (2022), 233–264. https://doi.org/10.1007/978-3-030-82786-1_11

[26]

Victor Morel, Mathieu Cunche, and Daniel Le Metayer. 2019. A generic information and consent framework for the IoT. Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019, 366–373. https://doi.org/10.1109/TrustCom/BigDataSE.2019.00056

[27]

Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review (2008), 21260.

[28]

Sheikh Nooruddin, Md Milon Islam, and Falguni Ahmed Sharna. 2020. An IoT based device-type invariant fall detection system. Internet of Things 9 (3 2020), 100130. https://doi.org/10.1016/J.IOT.2019.100130

[29]

Nicolás Notario, Alberto Crespo, Antonio Kung, Inga Kroener, Daniel Le Métayer, Carmela Troncoso, José M. Del Álamo, and Yod Samuel Martín. 2014. Pripare: A new vision on engineering privacy and security by design. Communications in Computer and Information Science 470 (2014), 65–76. https://doi.org/10.1007/978-3-319-12574-9_6

[30]

David Sousa Sousa Nunes, Pei Zhang, and Jorge Sa Silva. 2015. A Survey on Human-in-the-Loop applications towards an Internet of All. IEEE Communications Surveys and Tutorials 17 (4 2015), 944–965. Issue 2. https://doi.org/10.1109/COMST.2015.2398816

Digital Library

[31]

Primal Pappachan, Martin Degeling, Roberto Yus, Anupam Das, Sruti Bhagavatula, William Melicher, Pardis Emami Naeini, Shikun Zhang, Lujo Bauer, Alfred Kobsa, Sharad Mehrotra, Norman Sadeh, and Nalini Venkatasubramanian. 2017. Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences. Proceedings - IEEE 37th International Conference on Distributed Computing Systems Workshops, ICDCSW 2017, 193–198. https://doi.org/10.1109/ICDCSW.2017.52

[32]

European Parliament. 2018. Art. 12 GDPR – Transparent information, communication and modalities for the exercise of the rights of the data subject - General Data Protection Regulation (GDPR). https://gdpr-info.eu/art-12-gdpr/

[33]

European Parliament. 2018. Art. 15 GDPR – Right of access by the data subject - General Data Protection Regulation (GDPR). https://gdpr-info.eu/art-15-gdpr/

[34]

Konstantinos Rantos, George Drosatos, Konstantinos Demertzis, Christos Ilioudis, Alexandros Papanikolaou, and Antonios Kritsas. 2019. ADvoCATE: A consent management platform for personal data processing in the IoT using blockchain technology. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11359 LNCS, 300–313. https://doi.org/10.1007/978-3-030-12942-2_23

[35]

Jorge Eduardo Rivadeneira, Jorge Sa Silva, Ricardo Colomo-Palacios, Andre Rodrigues, Jose Marcelo Fernandes, and Fernando Boavida. 2021. A privacy-aware framework integration into a human-in-the-loop IoT system. IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2021 (5 2021). https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484634

[36]

Alia Al Sadawi, Mohamed S. Hassan, and Malick Ndiaye. 2021. A Survey on the Integration of Blockchain with IoT to Enhance Performance and Eliminate Challenges. IEEE Access 9 (2021), 54478–54497. https://doi.org/10.1109/ACCESS.2021.3070555

[37]

Cristiana Santos, Midas Nouwens, Michael Toth, Nataliia Bielova, and Vincent Roca. 2021. Consent Management Platforms Under the GDPR: Processors and/or Controllers?Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 12703 LNCS (2021), 47–69. https://doi.org/10.1007/978-3-030-76663-4_3

Digital Library

[38]

Soraya Sinche, Duarte Raposo, Ngombo Armando, Andre Rodrigues, Fernando Boavida, Vasco Pereira, and Jorge Sa Silva. 2020. A Survey of IoT Management Protocols and Frameworks. IEEE Communications Surveys and Tutorials 22 (4 2020), 1168–1190. Issue 2. https://doi.org/10.1109/COMST.2019.2943087

[39]

Chathurangi Ishara Wickramasinghe and Delphine Reinhardt. 2022. A User-Centric Privacy-Preserving Approach to Control Data Collection, Storage, and Disclosure in Own Smart Home Environments. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST 419 LNICST (2022), 190–206. https://doi.org/10.1007/978-3-030-94822-1_11

[40]

Yang Yang, Xianghan Zheng, Wenzhong Guo, Ximeng Liu, and Victor Chang. 2019. Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system. Information Sciences 479 (4 2019), 567–592. https://doi.org/10.1016/j.ins.2018.02.005

Cited By

Taherdoost H(2025)Blockchain for security and privacy in the smart healthcareSensor Networks for Smart Hospitals10.1016/B978-0-443-36370-2.00019-0(411-433)Online publication date: 2025
https://doi.org/10.1016/B978-0-443-36370-2.00019-0
Alabdulkreem EAlduhayyem MAl-Hagery MMotwakel AHamza MMarzouk R(2024)Artificial Rabbit Optimizer with deep learning for fall detection of disabled people in the IoT EnvironmentAIMS Mathematics10.3934/math.20247499:6(15486-15504)Online publication date: 2024
https://doi.org/10.3934/math.2024749
Rivadeneira JSánchez ODias MRodrigues ABoavida FSilva J(2024)CONFLUENCE: An Integration Model for Human-in-the-Loop IoT Privacy-Preserving Solutions Toward Sustainability in a Smart CityIEEE Internet of Things Journal10.1109/JIOT.2023.332177811:5(8690-8714)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3321778
Show More Cited By

Index Terms

A Blockchain-Based Privacy-Preserving Model for Consent and Transparency in Human-Centered Internet of Things
1. Human-centered computing
  1. Ubiquitous and mobile computing
    1. Ubiquitous and mobile computing systems and tools
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
    2. Usability in security and privacy

Recommendations

Privacy preserving Internet of Things

The Internet of Things (IoT) is the latest web evolution that incorporates billions of devices that are owned by different organisations and people who are deploying and using them for their own purposes. IoT-enabled harnessing of the information that ...
Authenticated and Privacy-Preserving Consent Management in the Internet of Things
Abstract
As the Internet of Things (IoT) starts providing meaningful solutions in multiple domains, users expect to take full advantage of the features and benefits of smart devices, but not at the cost of privacy loss. They want to keep control over their ...
Secure and Privacy-Preserving RFID Authentication Scheme for Internet of Things Applications
Abstract
Privacy issue has become a crucial concern in internet of things (IoT) applications ranging from home appliances to vehicular networks. RFID system has found enormous scope in IoT applications such as consumer electronics, healthcare, tracking ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IoTDI '23: Proceedings of the 8th ACM/IEEE Conference on Internet of Things Design and Implementation

May 2023

514 pages

ISBN:9798400700378

DOI:10.1145/3576842

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 May 2023

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

UT Austin ? Portugal Program / INESC TEC and FCT - Foundation for Science and Technology
Secretaría de Educación Superior, Ciencia, Tecnología e Innovación | SENESCYT

Conference

IoTDI '23

Sponsor:

SIGBED

IoTDI '23: International Conference on Internet-of-Things Design and Implementation

May 9 - 12, 2023

TX, San Antonio, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
822
Total Downloads

Downloads (Last 12 months)467
Downloads (Last 6 weeks)47

Reflects downloads up to 29 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Taherdoost H(2025)Blockchain for security and privacy in the smart healthcareSensor Networks for Smart Hospitals10.1016/B978-0-443-36370-2.00019-0(411-433)Online publication date: 2025
https://doi.org/10.1016/B978-0-443-36370-2.00019-0
Alabdulkreem EAlduhayyem MAl-Hagery MMotwakel AHamza MMarzouk R(2024)Artificial Rabbit Optimizer with deep learning for fall detection of disabled people in the IoT EnvironmentAIMS Mathematics10.3934/math.20247499:6(15486-15504)Online publication date: 2024
https://doi.org/10.3934/math.2024749
Rivadeneira JSánchez ODias MRodrigues ABoavida FSilva J(2024)CONFLUENCE: An Integration Model for Human-in-the-Loop IoT Privacy-Preserving Solutions Toward Sustainability in a Smart CityIEEE Internet of Things Journal10.1109/JIOT.2023.332177811:5(8690-8714)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3321778
Wang L(2024)Investigation on Human-Centric Security Based on Understanding the Role of User Behavior in Information Security2024 International Conference on Electronics and Devices, Computational Science (ICEDCS)10.1109/ICEDCS64328.2024.00205(1115-1122)Online publication date: 23-Sep-2024
https://doi.org/10.1109/ICEDCS64328.2024.00205
Rivadeneira JFernandes JRodrigues ABoavida FSilva J(2024)An Evaluation of Unobtrusive Sensing in a Healthcare Case StudyIEEE Access10.1109/ACCESS.2024.341955512(89405-89417)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3419555
Rivadeneira JSá Silva JColomo-Palacios RRodrigues ABoavida F(2023)User-centric privacy preserving models for a new era of the Internet of ThingsJournal of Network and Computer Applications10.1016/j.jnca.2023.103695217:COnline publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103695

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten