A study of Data Privacy in Internet of Things using Privacy Preserving Techniques with its Management

A study of Data Privacy in Internet of Things using Privacy Preserving Techniques with its Management

© 2022 by IJETT Journal
Volume-70 Issue-2
Year of Publication : 2022
Authors : N. Krishnaraj, S. Sangeetha
DOI :  10.14445/22315381/IJETT-V70I2P207

How to Cite?

N. Krishnaraj, S. Sangeetha, "A study of Data Privacy in Internet of Things using Privacy Preserving Techniques with its Management," International Journal of Engineering Trends and Technology, vol. 70, no. 3, pp. 54-65, 2022. Crossref, https://doi.org/10.14445/22315381/IJETT-V70I2P207

The living standards of human lives in societies are enhanced and move towards sophisticated automation by implementing the Internet of Things (IoT) in their daily life. However, limited storage, power and computational capabilities are presented in IoT devices. Hence, users` data are collected using various devices, and they can be modified and sent to the clouds. People can access the data from anywhere and anytime due to access credentials, and this leads to problems such as an explosion of sensitive information and loss of trust between parties. Privacy and security issues are raised from this explosion of users` personal information over the IoT environment, and this must be addressed. However, researchers focused on this as a major concern for IoT. In this research work, the explanation of data privacy is given, and in order to fulfil its requirements, privacy-preserving techniques are studied. Differential privacy is the most widely used technique to ensure the user`s data privacy, which is also discussed in this work. Before uploading any data to cloud storage, it must be encrypted using cryptographic techniques, where the importance of these techniques are also presented in the survey. More data are collected via wearable devices in IoT, and its challenges along with privacy management are given in the study. Finally, the threats and major challenges of privacy with its future directions about IoT based applications` privacy is explained.

Internet of Things, Data Privacy, Security, Privacy Preserving Techniques, Differential Privacy, Challenges.

[1] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, A survey on IoT security: Application areas, security threats, and solution architectures, IEEE Access, 7 (2019) 82721–82743.
[2] K. Jaiswal, S. Sobhanayak, B. K. Mohanta, and D. Jena, IoT-cloud based framework for patient‘s data collection in smart healthcare system using Raspberry-Pi, in Proc. IEEE Int. Conf. Elect. Comput. Technol. Appl. (ICECTA), (2017) 1–4.
[3] U. Satapathy, B. K. Mohanta, D. Jena, and S. Sobhanayak, An ECC based lightweight authentication protocol for mobile phone in smart home, in Proc. IEEE 13th Int. Conf. Ind. Inf. Syst. (ICIIS), (2018) 303–308
[4] J. Wang, Z. Cai, and J. Yu, Achieving personalised-anonymity-based content privacy for autonomous vehicles in CPS, IEEE Trans. Ind. Informat., 16(6) (2020) 4242–4251
[5] G. Xiao, G. Wang and J. Gehrke, Differential privacy via wavelet transforms, IEEE Trans. Knowl. Data Eng., 23(8) (2011) 1200–1214.
[6] M. R. Fouad, K. Elbassioni, and E. Bertino, A supermodularity-based differential privacy-preserving algorithm for data anonymization, IEEE Trans. Knowl. Data Eng., 26(7) (2014) 1591–1601.
[7] J. Soria-Comas, J. Domingo-Ferrer, D. Sanchez, and D. Megias, Individual differential privacy: A utility-preserving formulation of differential privacy guarantees, IEEE Trans. Inf. Forensics Security, 12(6) (2017) 1418–1429.
[8] H. Wang and Z. Xu, CTS-DP: Publishing correlated time-series data via differential privacy, Knowl. Based Syst, 122 (2017) 167–179.
[9] S. Goryczka and L. Xiong, A comprehensive comparison of secure multiparty additions with differential privacy, IEEE Trans. Dependable Secure Comput., 14(5) (2017) 463–477.
[10] T. Zhang and Q. Zhu, Dynamic differential privacy for ADMM-based distributed classification learning, IEEE Trans. Inf. Forensics Security, 12(1) (2017) 172–187.
[11] Y. Cao, M. Yoshikawa, Y. Xiao, and L. Xiong, Quantifying differential privacy in continuous data release under temporal correlations, IEEE Trans. Knowl. Data Eng., 31(7) (2019) 1281–1295.
[12] Q. Geng and P. Viswanath, The optimal noise-adding mechanism in differential privacy, IEEE Trans. Inf. Theory, 62(2) (2016) 925–951.
[13] Li, H. Li, H. Zhu, and M. Huang, The optimal upper bound of the number of queries for laplace mechanism under differential privacy, Inf. Sci., 503 (2019) 219–237.
[14] L. Sweeney, k-Anonymity: A model for protecting privacy, Int. J. Uncertain. Fuzz. Knowl. Based Syst. 10 (05) (2002) 557–570.
[15] J. Domingo-Ferrer, V. Torra, A critique of k-anonymity and some of its enhancements, in Availability, Reliability and Security, 2008. ARES 08. Third International Conference on, IEEE, (2008) 990–993.
[16] N. Shen, J. Yang, K. Yuan, C. Fu, C. Jia, An efficient and privacy-preserving location sharing mechanism, Comput. Stand. Inter. (2015).
[17] B.H. Bloom, Space/time trade-offs in hash coding with allowable errors, Comm. ACM 13 (7) (1970) 422–426.
[18] A.H. Celdran, F.G. Clemente, M.G. Perez, G.M. Perez, Secoman: A semantic-aware policy framework for developing privacy-preserving and context-aware smart applications, IEEE Syst. J (2014).
[19] P. Gope, T. Hwang, Untraceable sensor movement in distributed iot infrastructure, Sensor J. IEEE, 99 (2015), doi:10.1109/JSEN.2015.2441113. 1–1.
[20] P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in Advances in CryptologyEUROCRYPT99, Springer, Berlin Heidelberg, (1999) 223–238.
[21] J. Benaloh, Dense probabilistic encryption, in Proceedings of the Workshop on Selected Areas of Cryptography, (1994) 120–128.
[22] Gentry, S. Halevi, Implementing gentry fully-homomorphic encryption scheme, in Advances in Cryptology–EUROCRYPT, Springer, Berlin Heidelberg, (2011) 129–148.
[23] Z. Brakerski, V. Vaikuntanathan, Efficient fully homomorphic encryption from (standard) lwe, SIAM J. Comput. 43 (2) (2014) 831–871.
[24] J.-S. Coron, D. Naccache, M. Tibouchi, Public key compression and modulus switching for fully homomorphic encryption over the integers, in Advances in Cryptology–EUROCRYPT, Springer, Berlin Heidelberg, (2012) 446–464.
[25] J. Sen, Privacy preservation technologies in the internet of things, in Proceedings of the International Conference on Emerging Trends in Mathematics, Technology and Management, (2010) 496–504.
[26] J. Su, D. Cao, B. Zhao, X. Wang, I. You, ePASS: An expressive attribute-based signature scheme with privacy and a unforgeability guarantee for the internet of things, Future Gener. Comput. Syst. 33 (2014) 11–18.
[27] A. Alcaide, E. Palomar, J. Montero-Castillo, A. Ribagorda, Anonymous authentication for privacy-preserving iot target-driven applications, Comput. Security 37 (2013) 111–123.
[28] X.-J. Lin, L. Sun, H. Qu, Insecurity of an anonymous authentication for privacy-preserving iot target-driven applications, Comput. Security 48 (2015) 142–149.
[29] Rescorla, N. Modadugu, Datagram transport layer security version 1.2 (2012).
[30] S. Raza, Lightweight security solutions for the internet of things, Mälardalen University, Västerås, Sweden, Ph.D. thesis.
[31] M. Vucini, B. Tourancheau, F. Rousseau, A. Duda, L. Damon, R. Guizzetti, Oscar: Object security architecture for the internet of things, Ad Hoc Netw. (2014).
[32] J. Connolly, Wearable Rehabilitative Technology for the Movement Measurement of Patients with Arthritis, Ulster University, February 2015. Available online: https://ethos.bl.uk/OrderDetails.do?did=1&uin=uk.bl.ethos.675471 (accessed on 3 August 2021).
[33] A. Pando, ?Wearable Health Technologies and Their Impact on the Health Industry. Forbes. 2019.
[34] Song, M.-S.; Kang, S.-G.; Lee, K.-T.; Kim, J. Wireless, Skin-Mountable EMG Sensor for Human–Machine Interface Application. Micromachines 10 (2019) 879.
[35] C. Massaroni, P. Saccomandi, E. Schena, Medical Smart Textiles Based on Fiber Optic Technology: An Overview, J. Funct. Biomater., 6 (2015) 204–221.
[36] R. Jouffroy, D. Jost, B. Prunet, Prehospital pulse oximetry: A red flag for early detection of silent hypoxemia in COVID 19 patients,Crit. Care , 24 (2020) 1–2.
[37] Best, J. Wearable technology: Covid-19 and the rise of remote clinical monitoring. BMJ 372 (2021) 413.
[38] Vijayan, V., McKelvey, N., Condell, J.; Gardiner, P.; Connolly, J. Implementing Pattern Recognition and Matching techniques to automatically detect standardized functional tests from wearable technology. In Proceedings of the 2020 31st Irish Signals and Systems Conference (ISSC), Letterkenny, Ireland, (2020) 11–12.
[39] S. Majumder, T. Mondal, M. J. Deen, Wearable Sensors for Remote Health Monitoring,Sensors, 17 (2017) 130.
[40] Cha, J.; Kim, J.; Kim, S. Hands-free user interface for AR/VR devices exploiting wearer‘s facial gestures using unsupervised deep learning. Sensors, 19 (2019) 4441.
[41] Sensoria Fitness: Motion and Activity Tracking Smart Clothing for Sports and Fitness. (2021).
[42] TEKSCAN. Gait Mat|HR Mat|Tekscan. Photo Courtesy of Tekscan™, Inc. Available online: www.tekscan.com/productssolutions/systems/hr-mat.
[43] Image Courtesy 5DT.com; DT Technologies Home—5DT. Available online: https://5dt.com/ (accessed on 29 July 2020).
[44] NEXGEN. NexGen Ergonomics–Products–Biometrics–Goniometers and Torsiometers. Available online: www.nexgenergo.com/ergonomics/biosensors.html (accessed on 3 August 2021).
[45] L. Cilliers, Wearable devices in healthcare: Privacy and information security issues. Health Information Management Journal. 49 (2019) 150–156.
[46] L. Tawalbeh, F. Muheidat, M. Tawalbeh, M. Quwaider, IoT Privacy and Security: Challenges and Solutions, Appl. Sci. 10 (2020) 4102.
[47] Kapoor, V., Singh, R.; Reddy, R.; Churi, P. Privacy Issues in Wearable Technology: An Intrinsic Review. In Proceedings of the International Conference on Innovative Computing and Communication (ICICC-2020), New Delhi, India, (2020) 21–23.
[48] Sankar, R., Le, X.; Lee, S., Wang, D. Protection of data confidentiality and patient privacy in medical sensor networks. In Implantable Sensor Systems for Medical Applications; Woodhead Publishing: Sawston, UK, (2013) 279–298.
[49] Alrababah, Z. Privacy and Security of Wearable Devices. (2020).
[50] Paul, G., Irvine, J. Privacy Implications of Wearable Health Devices. In Proceedings of the 7th International Conference on Security of Information and Networks, Glasgow, Scotland, UK, Association for Computing Machinery: New York, NY, USA, (2014) 9–11.
[51] Gellman, Fair Information Processing Practices, (2012).
[52] NIST (National Institute of Standards and Technology) (2014) Privacy Engineering Objectives and Risk Model. Kantara Initiative IoT workshop
[53] European Parliament and Council, General Data Protection Regulation. Official Journal of the European Union, Brussels (2016).
[54] https://iot.ieee.org/newsletter/september-2016/ [ Accessed on 25th November 2020]
[55] OFCOM, Promoting investment and innovation in the Internet of Things. OFCOM, London (2015).
[56] European Parliament and Council, General Data Protection Regulation. Official Journal of the European Union, Brussels (2016). https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELE X%3A32016R0679.
[57] NIST (National Institute of Standards and Technology), NIST Big Data Interoperability Framework: 1, Definitions, Special Publication (NIST SP) - 1500-1. https://www.nist.gov/publications/nist-big-data-interoperability-framework-volume-1-definitions.
[58] Hsu, Chin-Lung, and Judy Chuan-Chuan Lin., An Empirical Examination of Consumer Adoption of Internet of Things Services: Network Externalities and Concern for Information Privacy Perspectives. Computers in Human Behavior 62 (2016) 516–527.
[59] Belanger, France, and Robert E. Crossler. 2011. Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems. MIS Quarterly 35 (4) (2011) 1017–1042.
[60] Culnan, Mary J., How Did They Get My Name?: An Exploratory Investigation of Consumer Attitudes Toward Secondary Information Use. MIS Quarterly 17 (1993) 341–363.
[61] Culnan, Mary J., and Pamela K. Armstrong., Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: An Empirical Investigation. Organization Science 10 (1) (1999) 104–115.
[62] Kim, Min Sung, and Seongcheol Kim., Factors Influencing Willingness to Provide Personal Information for Personalized Recommendations. Computers in Human Behavior 88 (2018) 143–152.
[63] Xu, Heng, Tamara Dinev, Jeff Smith, and Paul Hart.., Information Privacy Concerns: Linking Individual Perceptions with Institutional Privacy Assurances. Journal of the Association for Information Systems 12 (12) (2011) 1.
[64] Kelley, Patrick Gage, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor. Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. Proceedings of the SIGCHI Conference on Human factors in Computing Systems, (2010) 1573–1582. ACM.
[65] Park, Yong Jin, Scott W. Campbell, and Nojin Kwak.. Affect, Cognition and Reward: Predictors of Privacy Protection Online. Computers in Human Behavior 28 (3) (2012) 1019–1027.
[66] Kelley, Patrick Gage, Joanna Bresee, Lorrie Faith Cranor, and Robert W. Reeder. A Nutrition Label for Privacy. Proceedings of the 5th Symposium on Usable Privacy and Security, 4. ACM, (2009).
[67] van der Werff, Lisa, Grace Fox, Ieva Masevic, Vincent C. Emeakaroha, John P. Morrison, and Theo Lynn., Building Consumer Trust in the Cloud: An Experimental Analysis of the Cloud Trust Label Approach. Journal of Cloud Computing 8 (1) (2019) 6.
[68] Fox, Grace, Colin Tonge, Theo Lynn, and John Mooney., Communicating Compliance, Developing a GDPR Privacy Label. Proceedings of the 24th Americas Conference on Information Systems (2018).
[69] ICO. Privacy Notices, Transparency and Control. A Code of Practice on Communicating Privacy Information to Individuals. (2017).
[70] J. H. Ziegeldorf, O. G. Morchon, and K. Wehrle, Privacy in the Internet of Things : Threats and Challenges, Secur. Commun. Networks, (2014) 2728–2742
[71] N. Aleisa and K. Renaud, Privacy of the Internet of Things: A Systematic Literature Review,Proc. 50th Hawaii Int. Conf. Syst. Sci., (2017), doi: 10.24251/hicss.2017.717.
[72] S. Fischer-Hübner, P. Duquenoy, M. Hansen, R. Leenes, and G. Zhang, IFIP Advances in Information and Communication Technology: Preface, IFIP Adv. Inf. Commun. Technol., 352 (2011), doi: 10.1007/978-3-642-20769-3.
[73] A. Dean and M. O. Agyeman, A study of the advances in IoT security,‘‘ in Proc. 2nd Int. Symp. Comput. Sci. Intell. Control, (2018) 15.
[74] C.T. Li, C.-C. Lee, C.-Y. Weng, and C.-M. Chen, Towards secure authenticating of cache in the reader for RFID-based IoT systems, PeerPeer Netw. Appl., 11(1) (2018) 198–208.
[75] C.T. Li, T.-Y. Wu, C.-L. Chen, C.-C. Lee, and C.-M. Chen, An efficient user authentication and user anonymity scheme with provably security for IoT-based medical care system, Sensors, 17(7) (2017) 1482.
[76] X. Su, Z. Wang, X. Liu, C. Choi, and D. Choi, Study to improve security for IoT smart device controller: Drawbacks and countermeasures,‘‘ Secur. Commun. Netw., (2018) 1–14.
[77] M. Togan, B.-C. Chifor, I. Florea, and G. Gugulea, A smart-phone based privacy-preserving security framework for IoT devices, in Proc. 9th Int. Conf. Electron., Comput. Artif. Intell. (ECAI), (2017) 1–7.
[78] A. Alshahwan, Adaptive security framework in the Internet of Things (IoT) for providing mobile cloud computing, in Mobile Computing— Technology and Applications. London, U.K.: IntechOpen, (2018).
[79] W. Xi and L. Ling, Research on IoT privacy security risks, in Proc. Int. Conf. Ind. Informat.-Comput. Technol., Intell. Technol., Ind. Inf. Integr. (ICIICII), (2016) 259–262.
[80] R. Romaen-Castro, J. López, and S. Gritzalis, Evolution and trends in IoT security, Computer, 51(7) (2018) 16–25.