Empirical Research on Security and Privacy by Design

The Internet of Things (IoT) makes our lives much easier, more valuable, and less stressful due to the development of many applications around us including smart cities, smart cars, and smart grids, offering endless services and solutions. Protecting IoT data of such applications at rest either on the objects or in the cloud is an indispensable requirement for achieving a symmetry in the handling and protection of the IoT, as we do with data created by persons and applications. This is because unauthorised access to such data may lead to harmful consequences such as linkage attacks, loss of privacy, and data manipulation. Such undesired implications may jeopardise the existence of IoT applications if protection measures are not taken, and they stem from two main factors. One is that IoT objects have limited capabilities in terms of memory capacity, battery life, and computational power that hamper the direct implementation of conventional Internet security solutions without some modifications (e.g., traditional symmetric algorithms). Another factor is the absence of widely accepted IoT security and privacy guidelines for IoT data at rest and their appropriate countermeasures, which would help IoT stakeholders (e.g., developers, manufacturers) to develop secure IoT systems and therefore enhance IoT security and privacy by design. Toward this end, we first briefly describe the main IoT security goals and identify IoT stakeholders. Moreover, we briefly discuss the most well-known data protection frameworks (e.g., General Data Protection Regulation (GDPR), Health Insurance Portability (HIPAA)). Second, we highlight potential attacks and threats against data at rest and show their violated security goals (e.g., confidentiality and integrity). Third, we review a list of protection measures by which our proposed guidelines can be accomplished. Fourth, we propose a framework of security and privacy guidelines for IoT data at rest that can be utilised to enhance IoT security and privacy by design and establish a symmetry with the protection of user-created data. Our framework also presents the link between the suggested guidelines, mitigation techniques, and attacks. Moreover, we state those IoT stakeholders (e.g., manufacturers, developers) who will benefit most from these guidelines. Finally, we suggest several open issues requiring further investigation in the future, and we also discuss the limitations of our suggested framework.

Download Full-text

Security and Privacy for Mobile IoT Applications Using Blockchain

Sensors ◽

10.3390/s21175931 ◽

2021 ◽

Vol 21 (17) ◽

pp. 5931

Author(s):

Kevin Carvalho ◽

Jorge Granjal

Keyword(s):

Security Requirements ◽

Security And Privacy ◽

Privacy By Design ◽

Privacy And Security ◽

Daily Lives ◽

Smart Vehicles ◽

Iot Applications ◽

Application Data ◽

Viable Approach ◽

Edge Layer

Internet of Things (IoT) applications are becoming more integrated into our society and daily lives, although many of them can expose the user to threats against their privacy. Therefore, we find that it is crucial to address the privacy requirements of most of such applications and develop solutions that implement, as far as possible, privacy by design in order to mitigate relevant threats. While in the literature we may find innovative proposals to enhance the privacy of IoT applications, many of those only focus on the edge layer. On the other hand, privacy by design approaches are required throughout the whole system (e.g., at the cloud layer), in order to guarantee robust solutions to privacy in IoT. With this in mind, we propose an architecture that leverages the properties of blockchain, integrated with other technologies, to address security and privacy in the context of IoT applications. The main focus of our proposal is to enhance the privacy of the users and their data, using the anonymisation properties of blockchain to implement user-controlled privacy. We consider an IoT application with mobility for smart vehicles as our usage case, which allows us to implement and experimentally evaluate the proposed architecture and mechanisms as a proof of concept. In this application, data related to the user’s identity and location needs to be shared with security and privacy. Our proposal was implemented and experimentally validated in light of fundamental privacy and security requirements, as well as its performance. We found it to be a viable approach to security and privacy in IoT environments.

Download Full-text

Incorporating privacy by design in body sensor networks for medical applications: A privacy and data protection framework

Computer Science and Information Systems ◽

10.2298/csis200922057k ◽

2020 ◽

pp. 57-57

Author(s):

Christos Kalloniatis ◽

Costas Lambrinoudakis ◽

Mathias Musahl ◽

Athanasios Kanatas ◽

Stefanos Gritzalis

Keyword(s):

Sensor Networks ◽

Impact Assessment ◽

Data Protection ◽

Security And Privacy ◽

Body Sensor Networks ◽

Medical Applications ◽

Privacy By Design ◽

Privacy Requirements ◽

Legal Obligations ◽

Elicitation Process

Privacy and Data protection are highly complex issues within eHealth/M-Health systems. These systems should meet specific requirements deriving from the organizations and users, as well as from the variety of legal obligations deriving from GDPR that dictate protection rights of data subjects and responsibilities of data controllers. To address that, this paper proposes a Privacy and Data Protection Framework that provides the appropriate steps so as the proper technical, organizational and procedural measures to be undertaken. The framework, beyond previous literature, supports the combination of privacy by design principles with the newly introduced GDPR requirements in order to create a strong elicitation process for deriving the set of the technical security and privacy requirements that should be addressed. It also proposes a process for validating that the elicited requirements are indeed fulfilling the objectives addressed during the Data Protection Impact Assessment (DPIA), carried out according to the GDPR.

Download Full-text

Co-creating Security-and-Privacy-by-Design Systems

2016 11th International Conference on Availability, Reliability and Security (ARES) ◽

10.1109/ares.2016.74 ◽

2016 ◽

Cited By ~ 3

Author(s):

Sauro Vicini ◽

Francesco Alberti ◽

Nicolas Notario ◽

Alberto Crespo ◽

Juan Ramon Troncoso Pastoriza ◽

...

Keyword(s):

Security And Privacy ◽

Privacy By Design ◽

Design Systems

Download Full-text

The real-world dilemma of security and privacy by design

Communications of the ACM ◽

10.1145/3481040 ◽

2021 ◽

Vol 64 (10) ◽

pp. 84-84

Author(s):

Ahmad-Reza Sadeghi

Keyword(s):

Real World ◽

Security And Privacy ◽

Privacy By Design ◽

The Real

Download Full-text

Selecting the Optimal FM System for Children With Cochlear Implants

Perspectives on Hearing and Hearing Disorders in Childhood ◽

10.1044/hhdc18.1.19 ◽

2008 ◽

Vol 18 (1) ◽

pp. 19-24

Author(s):

Erin C. Schafer

Keyword(s):

Speech Recognition ◽

Cochlear Implants ◽

Empirical Research ◽

Background Noise ◽

Signal To Noise Ratio ◽

Evidence Based ◽

Signal To Noise ◽

Speech Processor ◽

System Input ◽

Optimal Type

Children who use cochlear implants experience significant difficulty hearing speech in the presence of background noise, such as in the classroom. To address these difficulties, audiologists often recommend frequency-modulated (FM) systems for children with cochlear implants. The purpose of this article is to examine current empirical research in the area of FM systems and cochlear implants. Discussion topics will include selecting the optimal type of FM receiver, benefits of binaural FM-system input, importance of DAI receiver-gain settings, and effects of speech-processor programming on speech recognition. FM systems significantly improve the signal-to-noise ratio at the child's ear through the use of three types of FM receivers: mounted speakers, desktop speakers, or direct-audio input (DAI). This discussion will aid audiologists in making evidence-based recommendations for children using cochlear implants and FM systems.

Download Full-text

The Impact of Visual Feedback Type on the Mastery of Visuo-Motor Transformations

Zeitschrift für Psychologie ◽

10.1027/2151-2604/a000084 ◽

2012 ◽

Vol 220 (1) ◽

pp. 3-9 ◽

Cited By ~ 4

Author(s):

Sandra Sülzenbrück

Keyword(s):

Empirical Research ◽

Visual Feedback ◽

Closed Loop ◽

Motor Planning ◽

Visual Input ◽

Closed Loop Control ◽

Loop Control ◽

Feedback Type ◽

Effective Use ◽

The Impact

For the effective use of modern tools, the inherent visuo-motor transformation needs to be mastered. The successful adjustment to and learning of these transformations crucially depends on practice conditions, particularly on the type of visual feedback during practice. Here, a review about empirical research exploring the influence of continuous and terminal visual feedback during practice on the mastery of visuo-motor transformations is provided. Two studies investigating the impact of the type of visual feedback on either direction-dependent visuo-motor gains or the complex visuo-motor transformation of a virtual two-sided lever are presented in more detail. The findings of these studies indicate that the continuous availability of visual feedback supports performance when closed-loop control is possible, but impairs performance when visual input is no longer available. Different approaches to explain these performance differences due to the type of visual feedback during practice are considered. For example, these differences could reflect a process of re-optimization of motor planning in a novel environment or represent effects of the specificity of practice. Furthermore, differences in the allocation of attention during movements with terminal and continuous visual feedback could account for the observed differences.

Download Full-text