Data Privacy in Wearable IoT Devices: Anonymization and Deanonymization

With the development of IoT devices, wearable devices are being used to record various types of information. Wearable IoT devices are attached to the user and can collect and transmit user data at all times along with a smartphone. In particular, sensitive information such as location information has an essential value in terms of privacy, and therefore some IoT devices implement data protection by introducing methods such as masking. However, masking can only protect privacy to a certain extent in logs having large numbers of recorded data. However, the effectiveness may decrease if we are linked with other information collected from within the device. Herein, a scenario-based case study on deanonymizing anonymized location information based on logs stored in wearable devices is described. As a result, we combined contextual and direct evidence from the collected information. It was possible to obtain the result in which the user could effectively identify the actual location. Through this study, not only can a deanonymized user location be identified but we can also confirm that cross-validation is possible even when dealing with modified GPS coordinates.

Download Full-text

Detecting IoT User Behavior and Sensitive Information in Encrypted IoT-App Traffic

Sensors ◽

10.3390/s19214777 ◽

2019 ◽

Vol 19 (21) ◽

pp. 4777 ◽

Cited By ~ 1

Author(s):

Alanoud Subahi ◽

George Theodorakopoulos

Keyword(s):

Network Traffic ◽

User Behavior ◽

Learning Algorithm ◽

User Interaction ◽

Active Role ◽

Supervised Machine Learning ◽

Sensitive Information ◽

Content Type ◽

Iot Devices ◽

Types Of Information

Many people use smart-home devices, also known as the Internet of Things (IoT), in their daily lives. Most IoT devices come with a companion mobile application that users need to install on their smartphone or tablet to control, configure, and interface with the IoT device. IoT devices send information about their users from their app directly to the IoT manufacturer’s cloud; we call this the ”app-to-cloud way”. In this research, we invent a tool called IoT-app privacy inspector that can automatically infer the following from the IoT network traffic: the packet that reveals user interaction type with the IoT device via its app (e.g., login), the packets that carry sensitive Personal Identifiable Information (PII), the content type of such sensitive information (e.g., user’s location). We use Random Forest classifier as a supervised machine learning algorithm to extract features from network traffic. To train and test the three different multi-class classifiers, we collect and label network traffic from different IoT devices via their apps. We obtain the following classification accuracy values for the three aforementioned types of information: 99.4%, 99.8%, and 99.8%. This tool can help IoT users take an active role in protecting their privacy.

Download Full-text

Data privacy protection technology of wearable-devices

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-189336 ◽

2020 ◽

pp. 1-8

Author(s):

Shuangxia Tang ◽

Kunquan Shi

Keyword(s):

Privacy Protection ◽

Data Privacy ◽

Differential Privacy ◽

Information Leakage ◽

Wearable Devices ◽

Security And Privacy ◽

Information Distortion ◽

Protection Method ◽

User Data ◽

Property Losses

Wearable-devices have developed rapidly. Meanwhile, the security and privacy protection of user data has also occurred frequently. Aiming at the process of privacy protection of wearable-device data release, based on the conventional V-MDAV algorithm, this paper proposes a WSV-MDAV micro accumulation method based on weight W and susceptible attribute value sensitivity parameter S and introduces differential-privacy after micro accumulation operating. By simulating the Starlog dataset and the Adult dataset, the results show that, compared with the conventional multi-variable variable-length algorithm, the privacy protection method proposed in this paper has improved the privacy protection level of related devices, and the information distortion has been properly resolved. The construction of the release model can prevent susceptible data with identity tags from being tampered with, stolen, and leaked by criminals. It can avoid causing great spiritual and property losses to individuals, and avoid harming public safety caused by information leakage.

Download Full-text

Ciphertext-policy attribute-based encryption with hidden sensitive policy from keyword search techniques in smart city

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-020-01875-2 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Fei Meng ◽

Leixiao Cheng ◽

Mingqiang Wang

Keyword(s):

Smart City ◽

Keyword Search ◽

Sensitive Information ◽

Security Model ◽

Computational Overhead ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Iot Devices ◽

Ciphertext Policy ◽

Access Policies

AbstractCountless data generated in Smart city may contain private and sensitive information and should be protected from unauthorized users. The data can be encrypted by Attribute-based encryption (CP-ABE), which allows encrypter to specify access policies in the ciphertext. But, traditional CP-ABE schemes are limited because of two shortages: the access policy is public i.e., privacy exposed; the decryption time is linear with the complexity of policy, i.e., huge computational overheads. In this work, we introduce a novel method to protect the privacy of CP-ABE scheme by keyword search (KS) techniques. In detail, we define a new security model called chosen sensitive policy security: two access policies embedded in the ciphertext, one is public and the other is sensitive and hidden. If user's attributes don't satisfy the public policy, he/she cannot get any information (attribute name and its values) of the hidden one. Previous CP-ABE schemes with hidden policy only work on the “AND-gate” access structure or their ciphertext size or decryption time maybe super-polynomial. Our scheme is more expressive and compact. Since, IoT devices spread all over the smart city, so the computational overhead of encryption and decryption can be shifted to third parties. Therefore, our scheme is more applicable to resource-constrained users. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Device-Based Security to Improve User Privacy in the Internet of Things †

Sensors ◽

10.3390/s18082664 ◽

2018 ◽

Vol 18 (8) ◽

pp. 2664 ◽

Cited By ~ 4

Author(s):

Luis Belem Pacheco ◽

Eduardo Pelinson Alchieri ◽

Priscila Mendez Barreto

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Single Point ◽

Data Access ◽

Cloud Services ◽

Sensitive Information ◽

User Privacy ◽

Privacy And Security ◽

Iot Devices ◽

And Control

The use of Internet of Things (IoT) is rapidly growing and a huge amount of data is being generated by IoT devices. Cloud computing is a natural candidate to handle this data since it has enough power and capacity to process, store and control data access. Moreover, this approach brings several benefits to the IoT, such as the aggregation of all IoT data in a common place and the use of cloud services to consume this data and provide useful applications. However, enforcing user privacy when sending sensitive information to the cloud is a challenge. This work presents and evaluates an architecture to provide privacy in the integration of IoT and cloud computing. The proposed architecture, called PROTeCt—Privacy aRquitecture for integratiOn of internet of Things and Cloud computing, improves user privacy by implementing privacy enforcement at the IoT devices instead of at the gateway, as is usually done. Consequently, the proposed approach improves both system security and fault tolerance, since it removes the single point of failure (gateway). The proposed architecture is evaluated through an analytical analysis and simulations with severely constrained devices, where delay and energy consumption are evaluated and compared to other architectures. The obtained results show the practical feasibility of the proposed solutions and demonstrate that the overheads introduced in the IoT devices are worthwhile considering the increased level of privacy and security.

Download Full-text

A Performance Analysis of Lightweight Cryptography Algorithm for Data Privacy in IoT Devices

2018 International Conference on Information and Communication Technology Convergence (ICTC) ◽

10.1109/ictc.2018.8539592 ◽

2018 ◽

Cited By ~ 1

Author(s):

Young-Sae Kim ◽

Geonwoo Kim

Keyword(s):

Performance Analysis ◽

Data Privacy ◽

Lightweight Cryptography ◽

Iot Devices ◽

A Performance

Download Full-text

IoT Notary : Attestable Sensor Data Capture in IoT Environments

ACM Transactions on Internet of Things ◽

10.1145/3478290 ◽

2022 ◽

Vol 3 (1) ◽

pp. 1-30

Author(s):

Nisha Panwar ◽

Shantanu Sharma ◽

Guoxi Wang ◽

Sharad Mehrotra ◽

Nalini Venkatasubramanian ◽

...

Keyword(s):

Real Time ◽

Location Based Services ◽

Third Party ◽

Sensor Data ◽

Published Data ◽

Resource Limited ◽

User Data ◽

Data Capturing ◽

Iot Devices ◽

The University

Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced—IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals’ privacy or service integrity. To address such concerns, we propose IoT Notary , a framework to ensure trust in IoT systems and applications. IoT Notary provides secure log sealing on live sensor data to produce a verifiable “proof-of-integrity,” based on which a verifier can attest that captured sensor data adhere to the published data-capturing rules. IoT Notary is an integral part of TIPPERS, a smart space system that has been deployed at the University of California, Irvine to provide various real-time location-based services on the campus. We present extensive experiments over real-time WiFi connectivity data to evaluate IoT Notary , and the results show that IoT Notary imposes nominal overheads. The secure logs only take 21% more storage, while users can verify their one day’s data in less than 2 s even using a resource-limited device.

Download Full-text

Impact of User Data Privacy Management Controls on Mobile Device Investigations

IFIP Advances in Information and Communication Technology - Advances in Digital Forensics XII ◽

10.1007/978-3-319-46279-0_5 ◽

2016 ◽

pp. 89-105 ◽

Cited By ~ 4

Author(s):

Panagiotis Andriotis ◽

Theo Tryfonas

Keyword(s):

Mobile Device ◽

Data Privacy ◽

Privacy Management ◽

User Data ◽

Management Controls ◽

User Data Privacy

Download Full-text

Blockchain-Based Security Model for LoRaWAN Firmware Updates

Journal of Sensor and Actuator Networks ◽

10.3390/jsan11010005 ◽

2022 ◽

Vol 11 (1) ◽

pp. 5

Author(s):

Njabulo Sakhile Mtetwa ◽

Paul Tarwireyi ◽

Cecilia Nombuso Sibeko ◽

Adnan Abu-Mahfouz ◽

Matthew Adigun

Keyword(s):

Use Cases ◽

Smart Devices ◽

Area Network ◽

Sensitive Information ◽

Security Model ◽

Functional Requirements ◽

Wide Area Network ◽

Proposed Model ◽

Attack Surface ◽

Iot Devices

The Internet of Things (IoT) is changing the way consumers, businesses, and governments interact with the physical and cyber worlds. More often than not, IoT devices are designed for specific functional requirements or use cases without paying too much attention to security. Consequently, attackers usually compromise IoT devices with lax security to retrieve sensitive information such as encryption keys, user passwords, and sensitive URLs. Moreover, expanding IoT use cases and the exponential growth in connected smart devices significantly widen the attack surface. Despite efforts to deal with security problems, the security of IoT devices and the privacy of the data they collect and process are still areas of concern in research. Whenever vulnerabilities are discovered, device manufacturers are expected to release patches or new firmware to fix the vulnerabilities. There is a need to prioritize firmware attacks, because they enable the most high-impact threats that go beyond what is possible with traditional attacks. In IoT, delivering and deploying new firmware securely to affected devices remains a challenge. This study aims to develop a security model that employs Blockchain and the InterPlanentary File System (IPFS) to secure firmware transmission over a low data rate, constrained Long-Range Wide Area Network (LoRaWAN). The proposed security model ensures integrity, confidentiality, availability, and authentication and focuses on resource-constrained low-powered devices. To demonstrate the utility and applicability of the proposed model, a proof of concept was implemented and evaluated using low-powered devices. The experimental results show that the proposed model is feasible for constrained and low-powered LoRaWAN devices.

Download Full-text

Privacy in Control and Dynamical Systems

Annual Review of Control Robotics and Autonomous Systems ◽

10.1146/annurev-control-060117-105018 ◽

2018 ◽

Vol 1 (1) ◽

pp. 309-332 ◽

Cited By ~ 10

Author(s):

Shuo Han ◽

George J. Pappas

Keyword(s):

Dynamical Systems ◽

Smart Grids ◽

Differential Privacy ◽

Side Information ◽

Sensitive Information ◽

Efficient Operation ◽

The Public ◽

Rigorous Approach ◽

Trade Offs ◽

User Data

Many modern dynamical systems, such as smart grids and traffic networks, rely on user data for efficient operation. These data often contain sensitive information that the participating users do not wish to reveal to the public. One major challenge is to protect the privacy of participating users when utilizing user data. Over the past decade, differential privacy has emerged as a mathematically rigorous approach that provides strong privacy guarantees. In particular, differential privacy has several useful properties, including resistance to both postprocessing and the use of side information by adversaries. Although differential privacy was first proposed for static-database applications, this review focuses on its use in the context of control systems, in which the data under processing often take the form of data streams. Through two major applications—filtering and optimization algorithms—we illustrate the use of mathematical tools from control and optimization to convert a nonprivate algorithm to its private counterpart. These tools also enable us to quantify the trade-offs between privacy and system performance.

Download Full-text

Towards Indonesia’s integrated broadcast-broadband implementation policy: A comparative analysis of Singapore, Japan and Malaysia

Journal of Digital Media & Policy ◽

10.1386/jdmp_00041_1 ◽

2021 ◽

Vol 00 (00) ◽

pp. 1-19

Author(s):

Diah Yuniarti ◽

Sri Ariyanti

Keyword(s):

Data Privacy ◽

Comparative Method ◽

Personal Data ◽

Personal Data Protection ◽

User Data ◽

Implementation Policy ◽

Digital Terrestrial Television ◽

The Government ◽

Broadcast Programme ◽

Over The Top

This study aims to provide recommendations to the government on regulating licence, content and data privacy and protection for integrated broadcast-broadband (IBB) operations in Indonesia, by referencing Singapore, Japan and Malaysia as case studies, considering the need for umbrella regulations for IBB implementation. Singapore and Japan were chosen as countries that have deployed IBB since they have been using hybrid broadcast broadband television (HbbTV) and Hybridcast standards, respectively. Malaysia was chosen because it is a neighbouring country that has conducted trials of the IBB service, bundled with its digital terrestrial television (DTT) service. The qualitative data are analysed using a comparative method. The results show that Indonesia needs to immediately revise its existing Broadcasting Law to accommodate DTT implementation, which is the basis for IBB and the expansion of the broadcaster’s TV business. Learning from Singapore, Indonesia could include over-the-top (OTT) content in its ‘Broadcast Behaviour Guidelines’ and ‘Broadcast Programme Standards’. Data privacy and protection requirements for each entity involved in the IBB ecosystem are necessary due to the vulnerability of IBB service user data leakage. In light of this, the ratification of the personal data protection law, as a legal umbrella, needs to be accelerated.

Download Full-text