ArticlePublisher preview available

Applying Privacy Patterns to the Internet of Things’ (IoT) Architecture

Authors:
  • Continental Automotive Technologies GmbH
To read the full-text of this research, you can request a copy directly from the authors.

Abstract and Figures

The concept of cloud computing relies on central large datacentres with huge amounts of computational power. The rapidly growing Internet of Things with its vast amount of data showed that this architecture produces costly, inefficient and in some cases infeasible communication. Thus, fog computing, a new architecture with distributed computational power closer to the IoT devices was developed. So far, this decentralised fog-oriented architecture has only been used for performance and resource management improvements. We show how it could also be used for improving the users’ privacy. For that purpose, we map privacy patterns to the IoT / fog computing / cloud computing architecture. Privacy patterns are software design patterns with the focus to translate “privacy-by-design” into practical advice. As a proof of concept, for each of the used privacy patterns we give an example from a smart vehicle scenario to illustrate how the patterns could improve the users’ privacy.
This content is subject to copyright. Terms and conditions apply.
Applying Privacy Patterns to the Internet of Things(IoT) Architecture
Sebastian Pape
1
&Kai Rannenberg
1
Published online: 2 October 2018
#Springer Science+Business Media, LLC, part of Springer Nature 2018
Abstract
The concept of cloud computing relies on central large datacentres with huge amounts of computational power. The rapidly
growing Internet of Things with its vast amount of data showed that this architecture produces costly, inefficient and in some
cases infeasible communication. Thus, fog computing, a new architecture with distributed computational power closer to the IoT
devices was developed. So far, this decentralised fog-oriented architecture has only been used for performance and resource
management improvements. We show how it could also be used for improving the usersprivacy. For that purpose, we map
privacy patterns to the IoT / fog computing / cloud computing architecture. Privacy patterns are software design patterns with the
focus to translate Bprivacy-by-design^into practical advice. As a proof of concept, for each of the used privacy patterns we give
an example from a smart vehicle scenario to illustrate how the patterns could improve the usersprivacy.
Keywords Privacy by design .Cloud computing .Fog computi ng .Internet of things .Privacy pat terns .Autonomous cars .Smart
vehicles
1 Introduction
With an estimated number of 50 billion ubiquitous and inter-
connected devices by the year 2020 the Internet of Things
(IoT) is growing rapidly [1]. Since its beginning, the IoT con-
cept has been relying on a strong computing infrastructure
built on cloud computing services [2]. However, new concepts
and technologies to manage the huge amount of devices are
gaining importance. The backbone evolved into a more het-
erogeneous concept which is known as fog (or sometimes
mist or edge) computing. A literature survey by Thien and
Colomo-Palacios [3] showed that the main purposes or devel-
opments of the architecture addressed six different areas: re-
source management, energy efficiency, offloading, data pro-
cessing, performance enhancement and networking. All of
these are merely performance problems.
However, privacy concerns in the IoT are not only a re-
search topic [4], but have arrived at customers which were
spied by their devices [5,6]. Adams [7] notes that due to the
nature of IoT devices and the way they collect information,
their use leads to a higher risk of having information collected
and shared. Often the IoT devices and sensors come together
with mobile apps. Papageorgiou et al. [8] discovered in the
mobile health domain that most of the apps do not follow
well-known practices and guidelines jeopardizing the privacy
of millions of users. Weinberg et al. add that in the IoT envi-
ronment the user faces a trade-off between convenience and
privacy [9]. Moreover, Adams [7] and Walker [10] found that
the regulators cannot keep up with the advances in the market,
e.g. because of the speed with which data is exchanged.
Apparently, privacy notices or policies could reduce the risk
of disclosing personal information, but customers got increas-
ingly frustrated with them [11,12]. Since this discovery, not
much has changed, as a recent study on IoT privacy policies
shows [13].
We argue that in particular with the General Data
Protection Regulation (GDPR) which has just become effec-
tive, more emphasis should be put on designing privacy-
friendly services (privacy by design). Therefore, we investi-
gate how the different characteristics within the IoT / Cloud /
Fog architecture could be used to improve usersprivacy.
The remainder of this work is organized as follows.
Section 2gives a brief introduction into fog computing and
describes related work, in particular about privacy in IoT en-
vironments and privacy patterns. In Section 3suitable privacy
patterns are mapped to the IoT / Cloud / Fog architecture.
*Sebastian Pape
sebastian.pape@m-chair.de
Kai Rannenberg
kai.rannenberg@m-chair.de
1
Deutsche Telekom Chair of Mobile Business & Multilateral Security,
Goethe University Frankfurt, Theodor-W.-Adorno-Platz 4,
60323 Frankfurt, Germany
Mobile Networks and Applications (2019) 24:925933
https://doi.org/10.1007/s11036-018-1148-2
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
... Approaches of trying to trick users into disclosing personal data or giving consent against their real interest, are captured as privacy dark patterns [7], i. e., malicious patterns that deliberately weaken users' privacy. In the context of the Internet of Things, there has also been some work on the development [4] and application [25] of privacy patterns. Yet, the repository privacypatterns.org ...
... Security on IoT components is required to enhance users' privacy and protect sensitive information. Pape et al., 19 demonstrated how applying privacy patterns to the IoT architecture can improve users' privacy. They mapped the privacy patterns onto IoT, fog computing, and cloud computing architectures. ...
Preprint
The Internet of Things (IoT) has given rise to numerous security issues that require effective solutions. IoT security patterns have been suggested as an effective approach to address recurrent security design issues. Although several IoT security patterns are proposed in the literature, it remains unclear how they impact the energy consumption and CPU usage of IoT-edge-based applications. We conducted an empirical study using three testbed IoT applications (i.e., smart home, smart city, and healthcare) to shed light on this issue. We evaluated the impact of six IoT security patterns, including Personal Zone Hub, Trusted Communication Partner, Outbound-Only Connection, Blacklist, Whitelist, and Secure Sensor Node, both in pairs and in combination (i.e., all patterns). Specifically, we conducted multiple penetration tests to first assess the pattern’s effectiveness against attacks. Then, we conducted a comprehensive analysis of the energy consumption and CPU usage of the applications with/without the implemented security patterns, aiming to evaluate the potential impact of these patterns on energy efficiency and CPU usage. Our findings demonstrate a statistically significant increase in energy consumption and CPU usage. Based on these findings, we provide guidelines for IoT developers to follow when implementing IoT-edge-based applications.
... 46 Design patterns are also known for security and privacy. 47 We have identified two collections of patterns to be interesting for our purposes: Coleski et al. 48 provide 68 privacy patterns which are divided into seven categories: control, abstract, separate, hide, minimise, inform, and enforce. ...
Article
European Journal of Consumer Law - Revue européenne de droit de la consommation (R.E.D.C.)
... Initially, patterns were developed to address security issues by Yoder and Baraclow who were the first to develop information security pattern solutions [69]. In spite of some contributions not using the term "privacy pattern, " it has gained increasing attention as the privacy concept has gained importance [49]. For example, Graf et al. presented the development of User Interface Patterns for Privacy Enhancing Technologies (PET) [27]. ...
Article
Internet of Things (IoT) applications (apps) are challenging to design because of the heterogeneous systems on which they are deployed. IoT devices and apps may collect and analyse sensitive personal data, which is often protected by data privacy laws, some within highly regulated domains such as healthcare. Privacy-by-design (PbD) schemes can be used by developers to consider data privacy at the design stage. However, software developers are not widely adopting these approaches due to difficulties in understanding and interpreting them. There are currently a limited number of tools available for developers to use in this context. We believe that a successful privacy-by-design tool should be able to (i) assist developers in addressing privacy requirements in less regulated domains, as well as (ii) help them learn about privacy as they use the tool. The findings of two controlled lab studies are presented, involving 42 developers. We discuss how such a PbD tool can help novice IoT developers comply with privacy laws (such as GDPR) and follow privacy guidelines (such as privacy patterns). Based on our findings, such tools can help raise awareness of data privacy requirements at design. This increases the likelihood that subsequent designs will be more aware of data privacy requirements.
... Since IoT offers a wide range of applications and services, IoT solutions architectures support system design and development. Several IoT architectures and related security concepts have been developed in the last few years [16][17][18][19]. They all have four major building blocks or layers in common: ...
Chapter
Entrepreneurship and innovation are thriving in the Internet of Things (IoT) era. IoT can enable businesses to discover new opportunities and create IoT-based solutions or services. The IoT is a major technological transformation impacting various domains, such as healthcare, transportation, manufacturing, and agriculture. The IoT is a fast-growing field with many job prospects. Therefore, it is essential to integrate IoT technologies and their industrial applications into the Higher Vocational Education curriculum, as the graduates will be the future workforce. In Austria, some departments of Higher Vocational Colleges have introduced IoT technologies. To ensure practical implementation, seminars were developed to provide lecturers with comprehensive knowledge and training materials. The main goal of this study is to examine the students’ perception of IoT education. To collect empirical data a questionnaire was developed based on hypotheses to gather empirical data, which will be analyzed using statistical methods. According to the findings, IoT is generally well-received by students as a component of their vocational education. The analysis highlighted the positive attitude of students from various departments regarding IoT education. Students also expressed some interest in pursuing their diploma thesis in this domain. But it is necessary to conduct a more extensive examination of the variations between departments. The insights gained from this research can then be utilized to tailor and enhance the work of lecturers, curriculum, and instructional resources.
Article
Full-text available
Cutting-edge technologies, with a special emphasis on the Internet of Things (IoT), tend to operate as game changers, generating enormous alterations in both traditional and modern enterprises. Understanding multiple uses of IoT has become vital for effective financial management, given the ever-changing nature of organizations and the technological disruptions that come with this paradigm change. IoT has proven to be a powerful tool for improving operational efficiency, decision-making processes, overall productivity, and data management. As a result of the continuously expanding data volume, there is an increasing demand for a robust IT system capable of adeptly handling all enterprise processes. Consequently, businesses must develop suitable IoT architectures that can efficiently address these continually evolving requirements. This research adopts an incremental explanatory approach, guided by the principles of the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA). A rigorous examination of 84 research papers has allowed us to delve deeply into the current landscape of IoT research. This research aims to provide a complete and cohesive overview of the existing body of knowledge on IoT. This is accomplished by combining a rigorous empirical approach to categorization with ideas from specialized literature in the IoT sector. This study actively contributes to the ongoing conversation around IoT by recognizing and critically examining current difficulties. This, consequently, opens new research possibilities and promotes future developments in this ever-changing sector.
Article
Full-text available
Integrating Internet of Things (IoT) technologies in art design has created new possibilities for artists to create immersive and interactive experiences. However, data collection, analysis, and utilization in IoT art installations raise significant security and privacy concerns. Additionally, incorporating differential privacy techniques in IoT art installations poses optimization challenges. This paper explores optimizing differential privacy budgets based on deep learning in IoT art installations. By leveraging deep learning models, privacy budgets can be dynamically allocated to preserve individual privacy while maintaining the aesthetic integrity of the artwork. In light of this, a deep learning-based differential privacy budget optimization strategy for IoT art installations is suggested. This method adaptively distributes various budgets by the iterative change law of parameters. A regularization term is provided to limit the disturbance term to avoid the issue of excessive noise. This stops the neural network from overfitting and also assists in learning the model's salient characteristics. The capacity of the model to generalize is effectively improved by the suggested strategy, according to experiments. The accuracy difference between the model trained with noise and the model trained with original data is less than 0.5% as the number of iterations increases. Therefore, the proposed method can protect the user's privacy, effectively ensure the model's availability, and achieve the balance between privacy and availability. This accuracy ensures that the installation functions as intended and delivers the desired aesthetic impact, enabling artists to convey their artistic message effectively.
Article
Full-text available
Recent advances in hardware and telecommunications have enabled the development of low cost mobile devices equipped with a variety of sensors. As a result, new functionalities, empowered by emerging mobile platforms, allow millions of applications to take advantage of vast amounts of data. Following this trend, mobile health applications collect users health-related information to help them better comprehend their health status and to promote their overall wellbeing. Nevertheless, healthrelated information is by nature and by law deemed sensitive and, therefore, its adequate protection is of substantial importance. In this article we provide an in-depth security and privacy analysis of some of the most popular freeware mobile health applications. We have performed both static and dynamic analysis of selected mobile health applications, along with tailored testing of each application’s functionalities. Long term analyses of the life cycle of the reviewed apps and our GDPR compliance auditing procedure are unique features of the present article. Our findings reveal that the majority of the analyzed applications does not follow well-known practices and guidelines, not even legal restrictions imposed by contemporary data protection regulations, thus jeopardizing the privacy of millions of users.
Article
Internet of Things (IoT) allows billions of physical objects to be connected to collect and exchange data for offering various applications, such as environmental monitoring, infrastructure management and home automation. On the other hand, IoT has unsupported features (e.g., low latency, location awareness and geographic distribution) that are critical for some IoT applications, including smart traffic lights, home energy management and augmented reality. To support these features, fog computing is integrated into IoT to extend computing, storage and networking resources to the network edge. Unfortunately, it is confronted with various security and privacy risks, which raise serious concerns towards users. In this survey, we review the architecture and features of fog computing and study critical roles of fog nodes, including real-time services, transient storage, data dissemination and decentralized computation. We also examine fog-assisted IoT applications based on different roles of fog nodes. Then, we present security and privacy threats towards IoT applications and discuss the security and privacy requirements in fog computing. Further, we demonstrate potential challenges to secure fog computing and review the state-of-the-art solutions used to address security and privacy issues in fog computing for IoT applications. Finally, by defining several open research issues, it is expected to draw more attention and efforts into this new architecture. Keywords: Fog computing, Internet of Things, edge computing, security and privacy.
Conference Paper
This paper surveys fog computing and embedded systems platforms as the building blocks of Internet of Things (IoT). Many concepts around IoT architectures, with various examples, are also discussed. This paper reviews a high-level conceptual layered architecture for IoT from a computational perspective. The architecture incorporates fog computing to address several issues associated with cloud computing; however, it is never a binary decision between fog and cloud. Many of the world’s physical objects are being embedded with sensors and actuators, tied by communication infrastructures, and managed by computational algorithms. IoT sensor networks and embedded systems connecting smart objects are revolutionizing how we approach our daily lives, health care, energy, and transportation. Such computational needs are addressed with an array of various models and frameworks. In an attempt to consolidate the use of these models, this paper reviews the state-of-the-art research in IoT, cloud computing, and fog computing.