A preview of this full-text is provided by Springer Nature.
Content available from Mobile Networks and Applications
This content is subject to copyright. Terms and conditions apply.
Applying Privacy Patterns to the Internet of Things’(IoT) Architecture
Sebastian Pape
1
&Kai Rannenberg
1
Published online: 2 October 2018
#Springer Science+Business Media, LLC, part of Springer Nature 2018
Abstract
The concept of cloud computing relies on central large datacentres with huge amounts of computational power. The rapidly
growing Internet of Things with its vast amount of data showed that this architecture produces costly, inefficient and in some
cases infeasible communication. Thus, fog computing, a new architecture with distributed computational power closer to the IoT
devices was developed. So far, this decentralised fog-oriented architecture has only been used for performance and resource
management improvements. We show how it could also be used for improving the users’privacy. For that purpose, we map
privacy patterns to the IoT / fog computing / cloud computing architecture. Privacy patterns are software design patterns with the
focus to translate Bprivacy-by-design^into practical advice. As a proof of concept, for each of the used privacy patterns we give
an example from a smart vehicle scenario to illustrate how the patterns could improve the users’privacy.
Keywords Privacy by design .Cloud computing .Fog computi ng .Internet of things .Privacy pat terns .Autonomous cars .Smart
vehicles
1 Introduction
With an estimated number of 50 billion ubiquitous and inter-
connected devices by the year 2020 the Internet of Things
(IoT) is growing rapidly [1]. Since its beginning, the IoT con-
cept has been relying on a strong computing infrastructure
built on cloud computing services [2]. However, new concepts
and technologies to manage the huge amount of devices are
gaining importance. The backbone evolved into a more het-
erogeneous concept which is known as fog (or sometimes
mist or edge) computing. A literature survey by Thien and
Colomo-Palacios [3] showed that the main purposes or devel-
opments of the architecture addressed six different areas: re-
source management, energy efficiency, offloading, data pro-
cessing, performance enhancement and networking. All of
these are merely performance problems.
However, privacy concerns in the IoT are not only a re-
search topic [4], but have arrived at customers which were
spied by their devices [5,6]. Adams [7] notes that due to the
nature of IoT devices and the way they collect information,
their use leads to a higher risk of having information collected
and shared. Often the IoT devices and sensors come together
with mobile apps. Papageorgiou et al. [8] discovered in the
mobile health domain that most of the apps do not follow
well-known practices and guidelines jeopardizing the privacy
of millions of users. Weinberg et al. add that in the IoT envi-
ronment the user faces a trade-off between convenience and
privacy [9]. Moreover, Adams [7] and Walker [10] found that
the regulators cannot keep up with the advances in the market,
e.g. because of the speed with which data is exchanged.
Apparently, privacy notices or policies could reduce the risk
of disclosing personal information, but customers got increas-
ingly frustrated with them [11,12]. Since this discovery, not
much has changed, as a recent study on IoT privacy policies
shows [13].
We argue that in particular with the General Data
Protection Regulation (GDPR) which has just become effec-
tive, more emphasis should be put on designing privacy-
friendly services (privacy by design). Therefore, we investi-
gate how the different characteristics within the IoT / Cloud /
Fog architecture could be used to improve users’privacy.
The remainder of this work is organized as follows.
Section 2gives a brief introduction into fog computing and
describes related work, in particular about privacy in IoT en-
vironments and privacy patterns. In Section 3suitable privacy
patterns are mapped to the IoT / Cloud / Fog architecture.
*Sebastian Pape
sebastian.pape@m-chair.de
Kai Rannenberg
kai.rannenberg@m-chair.de
1
Deutsche Telekom Chair of Mobile Business & Multilateral Security,
Goethe University Frankfurt, Theodor-W.-Adorno-Platz 4,
60323 Frankfurt, Germany
Mobile Networks and Applications (2019) 24:925–933
https://doi.org/10.1007/s11036-018-1148-2
Content courtesy of Springer Nature, terms of use apply. Rights reserved.