The document discusses incentive mechanisms for privacy-preserving Internet of Things (IoT). It addresses common misconceptions about privacy in IoT and discusses how incentive mechanisms can encourage user participation while balancing privacy and accuracy. Specifically, it notes that incentive mechanisms, like reverse auctions, are needed to attract crowdsensing users to contribute data. However, these mechanisms must also consider users' varying privacy levels and how coalitions can impact privacy. The document examines how user contributions, payoffs, and coalitions should be handled to optimize this accuracy-privacy tradeoff.
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
Internet Society (ISOC) aims are:
make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ;
increase the consumer demand for security and privacy in the IoT devices they purchase;
create government policies and regulations that promote better security and privacy features in IoT devices.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
Introduction to the Data Link Layer, Types of errors, redundancy and coding. Block coding, Error detection, error correction. Linear block codes. Cyclic codes(CRC), Checksum method.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
Internet Society (ISOC) aims are:
make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ;
increase the consumer demand for security and privacy in the IoT devices they purchase;
create government policies and regulations that promote better security and privacy features in IoT devices.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
Introduction to the Data Link Layer, Types of errors, redundancy and coding. Block coding, Error detection, error correction. Linear block codes. Cyclic codes(CRC), Checksum method.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
Firewall is a network security system that controls the incoming
and outgoing network traffic based on an applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted Stand-alone firewalls exist both as firewall software appliances to run on general purpose or standard industry hardware, and as hardware-based firewall computer appliances.
Search & Seizure of Electronic Evidence by Pelorus Technologiesurjarathi
Pelorus shares a presentation on search & seizure of electronic evidence Digital evidence is any digital information which is received from computers, audio files, video recordings, digital images etc. The evidence obtained is essential in computer and cyber crimes. For more information on search & seizure of electronic evidence visit our website.
The aim of this project is to make online university service based on composite service offered by service producer. Application is constructed out of services like student information service, payment gateway service, adhar information service. In this project, student information service is open to all university application so that information distribution is possible.
This presentation discusses about IoT, challenges associated with it, common threats to IoT. It also briefs about how OWASP introduces Vulnerabilities in IoT.
A Dynamic Intelligent Policies Analysis Mechanism for Personal Data Processin...Konstantinos Demertzis
The evolution of the Internet of Things is significantly a
ected by legal restrictions imposed for personal data handling, such as the European General Data Protection Regulation (GDPR).
The main purpose of this regulation is to provide people in the digital age greater control over their personal data, with their freely given, specific, informed and unambiguous consent to collect and process the data concerning them. ADVOCATE is an advanced framework that fully complies with the requirements of GDPR, which, with the extensive use of blockchain and artificial intelligence technologies, aims to provide an environment that will support users in maintaining control of their personal data in the IoT ecosystem. This paper proposes and presents the Intelligent Policies Analysis Mechanism (IPAM) of the ADVOCATE framework, which, in an intelligent and fully automated manner, can identify conflicting rules or consents of the user, which may lead to the collection of personal data that can be used for profiling. In order to clearly identify and implement IPAM, the problem of recording user data from smart entertainment devices using Fuzzy Cognitive Maps (FCMs) was simulated. FCMs are an intelligent decision-making system that simulates the processes of a complex system, modeling the correlation base, knowing the behavioral and balance specialists of the system. Respectively, identifying conflicting rules that can lead to a profile, training is done using Extreme Learning Machines (ELMs), which are highly ecient neural systems of small and flexible architecture that can work optimally in complex environments.
Service provider liability: Legal Issues in Research Data Collection and Shar...EUDAT
| www.eudat.eu | v1.0, June 2014 - Are hosting providers liable for the data that they store? And what about if they do not have actual knowledge of illegal activity? Are you sure that contractual liability limitations (eg. in Terms of Service) provide you with the right protection? This module addresses such questions. Download the presentation and find out.
Who is it for?: Researchers, Data Managers, General public.
Firewall is a network security system that controls the incoming
and outgoing network traffic based on an applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted Stand-alone firewalls exist both as firewall software appliances to run on general purpose or standard industry hardware, and as hardware-based firewall computer appliances.
Search & Seizure of Electronic Evidence by Pelorus Technologiesurjarathi
Pelorus shares a presentation on search & seizure of electronic evidence Digital evidence is any digital information which is received from computers, audio files, video recordings, digital images etc. The evidence obtained is essential in computer and cyber crimes. For more information on search & seizure of electronic evidence visit our website.
The aim of this project is to make online university service based on composite service offered by service producer. Application is constructed out of services like student information service, payment gateway service, adhar information service. In this project, student information service is open to all university application so that information distribution is possible.
This presentation discusses about IoT, challenges associated with it, common threats to IoT. It also briefs about how OWASP introduces Vulnerabilities in IoT.
A Dynamic Intelligent Policies Analysis Mechanism for Personal Data Processin...Konstantinos Demertzis
The evolution of the Internet of Things is significantly a
ected by legal restrictions imposed for personal data handling, such as the European General Data Protection Regulation (GDPR).
The main purpose of this regulation is to provide people in the digital age greater control over their personal data, with their freely given, specific, informed and unambiguous consent to collect and process the data concerning them. ADVOCATE is an advanced framework that fully complies with the requirements of GDPR, which, with the extensive use of blockchain and artificial intelligence technologies, aims to provide an environment that will support users in maintaining control of their personal data in the IoT ecosystem. This paper proposes and presents the Intelligent Policies Analysis Mechanism (IPAM) of the ADVOCATE framework, which, in an intelligent and fully automated manner, can identify conflicting rules or consents of the user, which may lead to the collection of personal data that can be used for profiling. In order to clearly identify and implement IPAM, the problem of recording user data from smart entertainment devices using Fuzzy Cognitive Maps (FCMs) was simulated. FCMs are an intelligent decision-making system that simulates the processes of a complex system, modeling the correlation base, knowing the behavioral and balance specialists of the system. Respectively, identifying conflicting rules that can lead to a profile, training is done using Extreme Learning Machines (ELMs), which are highly ecient neural systems of small and flexible architecture that can work optimally in complex environments.
Service provider liability: Legal Issues in Research Data Collection and Shar...EUDAT
| www.eudat.eu | v1.0, June 2014 - Are hosting providers liable for the data that they store? And what about if they do not have actual knowledge of illegal activity? Are you sure that contractual liability limitations (eg. in Terms of Service) provide you with the right protection? This module addresses such questions. Download the presentation and find out.
Who is it for?: Researchers, Data Managers, General public.
USING BLOCKCHAIN TO ACHIEVE DECENTRALIZED PRIVACY IN IOT HEALTHCAREIJCI JOURNAL
With the advent of the Internet of Things (IoT), e-health has become one of the main topics of research. Due to the sensitivity of patient information, patient privacy seems challenging. Nowadays, patient data is usually stored in the cloud in healthcare programs, making it difficult for users to have enough control over their data. The recent increment in announced cases of security and surveillance breaches compromising patients' privacy call into question the conventional model, in which third-parties gather and control immense amounts of patients' Healthcare data. In this work, we try to resolve the issues mentioned above by using blockchain technology. We propose a blockchain-based protocol suitable for ehealth applications that does not require trust in a third party and provides an efficient privacy-preserving access control mechanism. Transactions in our proposed system, unlike Bitcoin, are not entirely financial, and we do not use conventional methods for consensus operations in blockchain like Proof of Work (PoW). It is not suitable for IoT applications because IoT devices have resources-constraints. Usage of appropriate consensus method helps us to increase network security and efficiency, as well as reducing network cost, i.e., bandwidth and processor usage. Finally, we provide security and privacy analysis of our proposed protocol.
Study on Issues in Managing and Protecting Data of IOTijsrd.com
This paper discusses variety of issues for preserving and managing data produced by IoT. Every second large amount of data are added or updated in the IoT databases across the heterogeneous environment. While managing the data each phase of data processing for IoT data is exigent like storing data, querying, indexing, transaction management and failure handling. We also refer to the problem of data integration and protection as data requires to be fit in single layout and travel securely as they arrive in the pool from diversified sources in different structure. Finally, we confer a standardized pathway to manage and to defend data in consistent manner.
Many technical communities are vigorously pursuing
research topics that contribute to the Internet of Things (IoT).
Nowadays, as sensing, actuation, communication, and control become
even more sophisticated and ubiquitous, there is a significant
overlap in these communities, sometimes from slightly different
perspectives. More cooperation between communities is encouraged.
To provide a basis for discussing open research problems in
IoT, a vision for how IoT could change the world in the
distant future is first presented. Then, eight key research topics
are enumerated and research problems within these topics are
discussed.
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
Now big data has become a hot topic in academia and industry, it is affecting the mode of thinking and working, daily life. But there are many security risks in data collection, storage and use. Privacy leakage caused serious problems to the user, false data will lead to error results of big data analysis. This paper first introduces the security problems faced by big data,analyzes the causes of privacy problems,discussesthe principle to solve the problem. Finally,discusses technical means for privacy protection.
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
Now big data has become a hot topic in academia and industry, it is affecting the mode of thinking and working, daily life. But there are many security risks in data collection, storage and use. Privacy leakage caused serious problems to the user, false data will lead to error results of big data analysis. This paper first introduces the security problems faced by big data,analyzes the causes of privacy problems,discussesthe principle to solve the problem. Finally,discusses technical means for privacy protection.
I want you to Read intensively papers and give me a summary for ever.pdfamitkhanna2070
I want you to Read intensively papers and give me a summary for every paper and the linghth for
each paper is 2 pages or more. In the summary, you need to provide some of your own ideas.
Research Interests: Privacy-Aware Computing,Wireless and Mobile Security,Fog
Computing,Mobile Health and Safety, Cognitive Radio Networking,Algorithm Design and
Analysis.
You should select papers from the following conferences:
IEEE INFOCOM, IEEE Symposium on security and privacy, ACM CCS, USENIX Security.
Solution
PRIVACY AWARE COMPUTING
Introduction
With the increasing public concerns of security and personal data privacy worldwide, security
and privacy become an important research area. This research area is very broad and covers
many application domains.
The security and privacy aware computing research group actually focuses on
(1) privacy-preserved computing,
(2) Video surveillance, and
(3) secure biometric system.
Now let us briefly discuss the above three groups.
Privacy-preserved Computing
Concerns on the data privacy have been increasing worldwide. For example, Apple was
reportedly fined by South Korea’s telecommunications regulator for allegedly collecting and
storing private location data of iPhone users. The privacy concerns raised by both end-users and
government authorities have been hindering the deployment of many valuable IT services, such
as data mining and analysis, data outsourcing, and mobile location-aware computing.
soo, in response to the growing necessity of protecting data privacy, our research group has been
focusing on developing innovative solutions towards information services --- to support these
services while preserving users’ personal privacy.
Video Surveillance
With the growing installation of surveillance video cameras in both private and public areas, the
closed-circuit TV (CCTV) has been evolved from a single camera system to a multiple camera
system; and has recently been extended to a large-scale network of cameras.
One of the objectives of a camera network is to monitor and understand security issues in the
area under surveillance. While the camera network hardware is generally well-designed and
roundly installed, the development of intelligent video analysis software lags far behind. As
such, our group has been focusing on developing video surveillance algorithms such as face
tracking, person re-identification, human action recognition.
Our goal is to develop an intelligent video surveillance system.
Secure Biometric System
With the growing use of biometrics, there is a rising concern about the security and privacy of
the biometric data. Recent studies show that simple attacks on a biometric system, such as hill
climbing, are able to recover the raw biometric data from stolen biometric template. Moreover,
the attacker may be able to make use of the stolen face template to access the system or cross-
match across databases. Our group has been working on face template protection, multimodality
template protection, and .
Originally presented at PRIMMA mobile privacy workshop, Imperial College London, 23 Sep 2010. Updated version given at Security and Privacy in Implantable Medical Devices workshop, EPFL, 1 April 2011, and a German Academy of Engineering conference in Berlin on 26 March 2012. Compact version given at Urban Prototyping conference, Imperial College London, 9 April 2013. Updated with ENISA privacy engineering report for 3rd Latin American Data Protection conference in Medellin, 28-29 May 2015.
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...e-SIDES.eu
This is the slide-deck of the community event held on November 14, 2019 in Brussels, titled "Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019". It includes the presentations given by the speakers.
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
This is the slide-deck of the community event held on November 14, 2019 in Brussels, titled "Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019". It includes the presentations given by the speakers.
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...stevewood900540
A presentation given by Steve Wood, former UK Deputy Information Commissioner and Director of Privacyx Consulting, to the 2023 Asia Bridge Conference in Seoul October 12 2023
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Data Privacy of the Internet of Things
1. Data Privacy of the Internet of Things
Mohammad Abu Alsheikh
Associate Professor of Engineering (Data Privacy)
IEEE Senior Member
https://mabualsh.github.io
1
Privacy-Preserving Internet of Things
2. Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
2
Privacy-Preserving Internet of Things
3. Common Misconceptions About Privacy-
Preserving Internet of Things
This material is based on the following paper
MA Alsheikh, "Five Common Misconceptions About Privacy-Preserving Internet of
Things." IEEE Communications Magazine (2023)
DOI: https://doi.org/10.1109/MCOM.001.2200097
3
Privacy-Preserving Internet of Things
keywords—Internet of things, data privacy
4. Privacy-preserving IoT: Overview
Data privacy and IoT
• billions of IoT devices collect
sensitive data about people,
creating data privacy risks and
breach vulnerabilities
• connecting to IoT services is
indispensable and makes
people’s life more convenient
• data privacy preservation is vital
for sustaining the proliferation
of IoT services
4
Privacy-Preserving Internet of Things
Privacy-preserving IoT refers to any IoT service, i.e., any network of objects embedded with
sensors and connection links, that functions while maintaining the privacy rights of users.
5. Privacy-preserving IoT: Overview
5
Privacy-Preserving Internet of Things
main entities of privacy-preserving IoT
Four main entities of privacy preserving IoT:
1. people (service users): hold the
ownership of their data
2. service provider and business
stakeholders: transmit IoT data to
backend servers through high-speed
networks and apply ambient intelligence
(data analysis and machine learning)
3. adversary: any third-party entity that
initiates privacy attacks to partially or
fully attain user data
4. data privacy analyst (regulatory officer):
oversees the compliance of service
providers with the relevant data privacy
regulations
6. Data privacy rights
• Recent years have witnessed strict data privacy regulations
• For example, the General Data Protection Regulation (GDPR)* is a European
Union law that defines eight data privacy rights of people
1) the right to be informed of all data operations
2) the right to review and access copies of personal data
3) the right to rectify incorrect data
4) the right to object data processing
5) the right to restrict data processing
6) the right of data portability to third parties
7) the right to be forgotten if personal data is no longer needed for the original purpose
8) the right not to be a subject of automation and profiling
• Likewise, the California Consumer Privacy Act (CCPA)** defines equivalent
user rights for residents of California
Privacy-Preserving Internet of Things 6
*European Parliament and Council of the European Union, “General data protection regulation (GDPR),” https://gdpr-info.eu, 2016
**California Civil Code, “California consumer privacy act (CCPA),” https://oag.ca.gov/privacy/ccpa , 2018
7. Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
• IoT service providers and stakeholders commonly perceive privacy-preserving IoT
as an impediment to innovation as data sensing about people is heavily regulated
• On the other hand, some service users assume that service providers should not
collect any data
Correction:
• rights and responsibilities of each entity in privacy-preserving IoT are well-depicted.
• privacy preserving IoT is mainly about providing users with control over their data while
promoting safeguarded IoT sensing and innovation.
• service provider must incorporate various privacy safeguards, including explicit consent,
rectification forms, and meeting the differential privacy measurements when serving user
requests
Privacy-Preserving Internet of Things 7
8. Differential privacy
• privacy-preserving IoT is generally devised to meet the differential privacy
requirements* by adding noise to the input data, the parameters of
ambient intelligence models, or the output results
• Dwork and Roth* describe differential privacy as a guarantee provided by
a service provider to users that they will not be affected by sharing their
data, regardless of the availability of other information sources or
personal data about them
Privacy-Preserving Internet of Things 8
Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
* C. Dwork and A. Roth, “The algorithmic foundations of differential privacy,” Foundations and Trends in Theoretical
Computer Science, vol. 9, no. 3-4, pp. 211–407, 2014.
9. • data privacy is not absolute in privacy-
preserving IoT
• privacy budget is defined as the
probability of accidental data leakage by
an adversary
• a trade-off exists between service
accuracy and privacy preservation
• privacy-preserving and exposed services
are created using logistic regression and
Gaussian naive Bayes trained on a real-
world activity prediction dataset
Privacy-Preserving Internet of Things 9
Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
accuracy of privacy-preserving
and exposed IoT services
10. Several important results
1) when the privacy budget increases, the service
accuracy will increase
2) when the privacy budget is small, i.e., less than
5, significant accuracy improvement can be
achieved for small increases in the privacy
budget requirements
3) there is a marginal gain in the service accuracy
for increasing the privacy budget at high values
4) different algorithms may have different
accuracy ranks when changing the privacy
budget
5) the exposed services retain higher accuracy
values than the privacy-preserving ones, but
that accuracy gain comes at the cost of risking
users’ privacy
Privacy-Preserving Internet of Things 10
Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
accuracy of privacy-preserving
and exposed IoT services
11. Misconception 2: Privacy-preserving IoT is
exclusively a regulatory problem
• IoT standards, e.g., IEEE 2413-2019*, include data privacy as a functional
requirement of IoT architectures
• The privacy paradox describe the discrepancy between how people insist on
the importance of their privacy and how they compromise their privacy in
reality (e.g., many users provide their names and emails in marketing campaigns to receive discounts or
free product samples)
• Data privacy has been portrayed as an exclusive regulatory problem, i.e.,
people are wrongly perceived as incompetent in protecting their privacy
Privacy-Preserving Internet of Things 11
* IEEE SA Board of Governors/Corporate Advisory Group (BoG/CAG), “IEEE standard for an architectural framework for the
Internet of things (IoT),” IEEE Std 2413-2019, pp. 1–269, March 2020.
12. Misconception 2: Privacy-preserving IoT is
exclusively a regulatory problem
Correction:
• Privacy-preserving IoT is not an exclusive regulatory problem. Data privacy
must be incorporated in the early design cycle of IoT
• Issues about restricting user-level data control can be underlined
• data privacy is individual level ownership rather than a societal right
▪ people should be able to provide consent to service providers for data collection and selling
▪ existing privacy regulation, such as the CCPA, underlines that users may be offered discounts and
financial incentives for data collection. This arrangement provides flexibility to both users and
service providers
• a single government body cannot check the compliance of every service provider with
the privacy regulations
• many sensing technologies exist in IoT systems, and it would be unattainable for a
single entity to assess all possible privacy risks
Privacy-Preserving Internet of Things 12
13. Misconception 3: Privacy-preserving IoT is exclusively
required to comply with data privacy regulations
• A common misconception among service providers is perceiving data privacy
in IoT as an obligation that does not retain direct financial benefits
• Service providers adhere to the data privacy regulations as a compliance
action, and IoT data privacy is not perceived as a functional requirement
Privacy-Preserving Internet of Things 13
Correction:
• privacy-preserving IoT has many benefits for building trust bridges with users; hence, it boosts
user retention and satisfaction
• online survey study was conducted to understand how people perceive their data privacy in
exposed systems. The survey was created using the Qualtrics platform (www.qualtrics.com) and
200 participants were recruited using Amazon Mechanical Turk (www.mturk.com)
• survey research’s results indicate the importance of data privacy in improving user retention and
overall satisfaction
14. Misconception 3: Privacy-preserving IoT is exclusively
required to comply with data privacy regulations
Several important results
• people will not use exposed services
▪ respondents indicated they would take all
possible measures to protect their privacy
▪ For example, 56.2% suggested that they
would stop using the company’s services, and
67.2% said they would close the service
accounts
• 92.5% of people are genuinely concerned
about their data privacy and how service
providers use their online data
• 73% of people do not trust companies that
do not make sufficient efforts to protect
their data privacy
Thus, data privacy should not be perceived
as a compliance problem but rather as a
business opportunity with financial yields.
Privacy-Preserving Internet of Things 14
users take various actions if a company does not make
sufficient efforts to protect their online data privacy
15. Misconception 4: Data privacy is fully preserved
if IoT data is securely stored
• A widespread fallacy, even among cybersecurity practitioners, is claiming
data privacy preservation by applying data security measures, such as
network security, access control, backups, authorization, firewalls, and
intrusion detectors.
• Data security methods are implemented to adhere to the confidentiality,
integrity, and availability (CIA) principles.
▪ confidentiality protocols, e.g., access control and authorization, aim to protect the
data from unauthorized disclosure
▪ integrity, e.g., digital signatures and logging, aims to maintain the accuracy and
completeness of data
▪ availability, e.g., backups and firewalls, aims to promptly supply resource access to
users when requested
Privacy-Preserving Internet of Things 15
16. Privacy-Preserving Internet of Things 16
Misconception 4: Data privacy is fully preserved
if IoT data is securely stored
Correction:
• Data security, defined in the CIA triad, does not
guarantee users’ data privacy
▪ data security protects users from unauthorized data
access or modification
▪ data privacy protects users from violations and misuse,
including how service providers use and process user
data
▪ Data privacy is a superset of data security and requires
stricter conditions to comply with the privacy laws on
how user data is collected, transmitted, stored, and
processed, e.g., the data privacy rights of users as
depicted in the GDPR and CCPA
Data privacy extends the data security
conditions, providing users with control
over their data and preventing data
violations and misuse
17. • Data privacy may not be met even when original
data is securely stored
▪ even though the original face images are securely
kept, the adversary can reconstruct an accurate
estimation of people’s faces using the deep learning
model, i.e., the original training images are not used in
producing the reconstructed images
▪ model inversion attacks produce sensitive data using
outputs of a model
• Service providers should utilize privacy-
preserving learning that adds reasonable noise
to the modeling parameters during model
training according to the differential privacy
conditions
Privacy-Preserving Internet of Things 17
Misconception 4: Data privacy is fully preserved
if IoT data is securely stored
privacy attacks on an exposed IoT service
that uses face recognition
18. Misconception 5: Decentralized IoT (DeIoT) solves the
privacy problem and provides absolute data privacy
preservation
• DeIoT is an emerging user-centered ecosystem that distributes IoT control
functions and delegates operations to users without including a central
authority
▪ edge computing, blockchain ledgers, and federated learning are the most promising
technologies
➢smart contracts and blockchain ledgers provide decentralized digital identities
➢federated learning and edge computing can optimize a master ambient intelligence model without
sharing users’ original data
• DeIoT is often suggested as a method for attaining absolute data privacy,
security, transparency, and scalability using token-based operations and
decentralization
Privacy-Preserving Internet of Things 18
19. Privacy-Preserving Internet of Things 19
Misconception 5: Decentralized IoT (DeIoT) solves the
privacy problem and provides absolute data privacy
preservation
Correction:
• Unfortunately, DeIoT does not provide
absolute data privacy preservation.
• Services 1-3 are built using blockchain
ledgers. The privacy budget of a single
data sensing is set at 0.1, 0.15, and 0.3 in
services 1-3, respectively
• total privacy cost increases over repeated
sensing in the three services
• difference in the privacy cost of users
magnifies over time
total privacy cost of repeated data sensing
at various privacy budgets
20. Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
20
Privacy-Preserving Internet of Things
21. Incentive Mechanisms for Privacy-
Preserving Internet of Things
This material is based on the following paper
MA Alsheikh, et al., "The accuracy-privacy trade-off of mobile crowdsensing." IEEE
Communications Magazine (2017)
DOI: https://doi.org/10.1109/MCOM.2017.1600737
21
Privacy-Preserving Internet of Things
keywords—Internet of things, data privacy, incentive mechanism design
22. Incentive mechanisms for privacy-preserving IoT
Why do we need incentive mechanisms for privacy-preserving IoT?
• mechanism design → design incentives (e.g., monetary rewards) to
achieve a goal (e.g., increase participation in IoT or accuracy
maximization)
• IoT should incorporate efficient incentive mechanisms to attract and
retain enough crowdsensing users
• users are paid based on their marginal contributions to service
accuracy
22
Privacy-Preserving Internet of Things
23. Incentive mechanisms
• IoT should incorporate efficient incentive
mechanisms to attract and retain enough
crowdsensing users
• A typical reverse auction framework occurs
between the crowdsensing users and service
▪ users compete among themselves to perform the
sensing task
▪ service provider first announces the description of
the crowdsensing tasks to potential mobile users
▪ users are rational entities and will set their bids
based on the cost of the crowdsensing task
▪ to maximize the utility of the crowdsensing
service, the auction system determines the task
assignment and payoff of each user including both
selected and rejected bids
23
Privacy-Preserving Internet of Things
crowdsensing incentive mechanism
as a reverse auction
24. Incentive mechanism for privacy-preserving IoT
Main entities
• users are the participants who
collect sensing data using their
personal mobile devices
• service provider buys data from
the crowdsensing users through a
mediator, applies data analytics,
and delivers a service to a set of
customers
• mediator is the auction
management entity that controls
the exchange of data between the
crowdsensing users and the
service provider
Privacy-Preserving Internet of Things 24
incentive mechanism for privacy-preserving IoT supporting
both data anonymization and identity generalization through
crowdsensing coalition formulation. Cooperative users are
connected using device-to-device (D2D) communication
25. Incentive mechanism for privacy-preserving IoT
Next, we answer three major questions related to developing privacy-aware
incentive models in privacy-preserving IoT
1) how does the crowdsensing service define the contributions and payoff
allocations of users with varying privacy levels?
2) do crowdsensing coalitions change the attained privacy of the
cooperative users?
3) how do cooperative users divide the coalition payoff among
themselves?
Privacy-Preserving Internet of Things 25
26. User contributions and pivotal users
• Contributed data rates from each user
and the resulting service accuracy by
training a deep learning model on the
data of each user separately
▪ data rate varies among different users
▪ service accuracy depends on the quality
of the used mobile device, the user’s
performance during task execution, and
data annotation
▪ user 1 contributes more data than user
2, while the accuracy resulting from the
data of user 1 is lower than that of user 2
▪ users 3 and 6 are pivotal, and they score
the highest standalone accuracy values
of 68.3 and 68.1 percent, respectively
Privacy-Preserving Internet of Things 26
user contribution to the crowdsensing service
27. Privacy vs accuracy
• Impact of the data anonymization
level on the accuracy of the
crowdsensing service
▪ there is an inverse relationship
between the prediction accuracy and
the data anonymization level
▪ service provider has an incentive to
reject users with high data
anonymization levels
▪ prediction accuracy decreases as more
users adopt the data anonymization
scheme
Privacy-Preserving Internet of Things 27
resulting accuracy of the deep learning service
trained on the crowdsensing data.
28. Payoff allocation
• Payoff allocation of users 2 and 3
under the varied data anonymization
levels
• payoff allocation of any user decreases
as its data anonymization level increases
• pivotal users receive a higher payoff
compared to normal and low
performing users
• cooperative users receive not only the
same payoff in both the coalition and
the standalone cases, but also a higher
level of the k-anonymity privacy
protection
Privacy-Preserving Internet of Things 28
payoff allocation of Users 2 and 3. The privacy level
is equal to the variance of the added Gaussian noise
29. Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
29
Privacy-Preserving Internet of Things
30. Optimal Pricing of Privacy-Preserving
Internet of Things
This material is based on the following paper
MA Alsheikh, et al., "Privacy management and optimal pricing in people-centric
sensing." IEEE Journal on Selected Areas in Communications (2017)
DOI: https://doi.org/10.1109/JSAC.2017.2680845
30
Privacy-Preserving Internet of Things
keywords—Internet of things, data privacy, optimal pricing
31. Optimal pricing of privacy-preserving IoT
31
Privacy-Preserving Internet of Things
Why do we need optimal pricing models for privacy-preserving IoT?
• optimal pricing→ decide optimal prices of IoT services (e.g.,
subscription fees) to maximize profits based on user demand patterns
→ total profit of the service provider is maximized
32. Service bundling
• IoT services can be sold separately or
together as a service bundle
• there is a joint demand for
complementary services as both
services are jointly required by the
customers, e.g., sentiment analysis and
activity tracking
• substitute services are comparable in
their functionality, e.g., sentiment
analysis using two data analytics
algorithms
Privacy-Preserving Internet of Things 32
33. Optimal pricing and privacy management
• Key components of the optimal pricing and
privacy management framework
• framework is initiated by defining the data utility
u(·)
▪ u(·) is nonnegative—the service quality cannot be
negative
▪ u(·) is inversely proportional to the privacy level r ∈ [0,
1] — increasing the privacy level decreases the quality
of data analytic
▪ u(·) is convex and decreases at an increasing rate over
the privacy level—reflects the empirical change of
service quality at varying privacy levels
• profit maximization models are executed to obtain
the optimal subscription fee and privacy levels
Privacy-Preserving Internet of Things 33
Components of the optimal pricing and privacy
management framework for people-centric
sensing
35. Data utility: Quality-privacy tradeoff
• The figure below shows the quality-privacy models of three IoT services S1,
S2, and S3
• the service quality (accuracy) decreases as the privacy level increases
• increasing the privacy level results in higher data distortion
Privacy-Preserving Internet of Things 35
▪ Service S1—sentiment analysis
using deep learning
▪ Service S2—sentiment analysis
using random forests
▪ Service S3—activity tracking using
random forests
prediction quality of the services S1, S2, and S3
(from left to right) under varied privacy levels
36. Standalone sales — profit vs privacy
Standalone sales of S1
• subscription revenue, subscription fee, and
total data cost are inversely correlated with the
privacy level
• increasing the privacy level negatively affects
the service quality and fewer customers will be
interested in buying the service
• total data cost will decrease when the privacy
level is high
• gross profit increases up to privacy levels r =
0.62, then it decreases due to the extreme loss
of customers at the high privacy levels r > 0.62
Privacy-Preserving Internet of Things 36
37. Complementary bundles — reservation wages
Bundle Sb1
• reservation wage is the lowest
payment required to recruit one
crowdsensing participant
• bundling profit goes down when the
reservation wage increases
• to minimize the total data cost, the privacy
level of S1 is increased and the privacy
level of S2 is also slightly increased
Privacy-Preserving Internet of Things 37
Bundle Sb1 (S1 and S3 as complementary) — the economic
strategy of virtually packaging services S1 and S3 into one
service bundle
Impacts of the reservation wage on the gross
profit, privacy levels, and subscription fee
38. Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
38
Privacy-Preserving Internet of Things
39. Conclusions and future works
(Privacy-Preserving Internet of Things)
39
Privacy-Preserving Internet of Things
This material is based on the following paper
MA Alsheikh, "Five Common Misconceptions About Privacy-Preserving Internet of
Things." IEEE Communications Magazine (2023)
DOI: https://doi.org/10.1109/MCOM.001.2200097
keywords—Internet of things, data privacy
40. Critical questions for future research
• Data privacy and criminal justice
• a widespread argument for supporting dataveillance, i.e., monitoring and profiling people’s
data, is for criminal justice, law enforcement, and fraud prevention
• social benefits do not wipe out the personal benefits of data privacy
• what is the proper procedure for requesting data disclosure for criminal justice? how can
protected data be accessed for criminal justice without establishing an encryption backdoor?
how can people oversee the levels of dataveillance by organizations and governments?
• User-in-the-loop (UIL)
• users generally cannot verify the privacy measures taken by service providers due to the lack
of transparency in the implemented privacy safeguards
• UIL data privacy engages users in their privacy preservation
• how can user awareness of data privacy issues be increased? how can service providers
provide people with data privacy measurements? how can users be incentivized to contribute
to their data protection efforts?
Privacy-Preserving Internet of Things 40
41. Conclusions
• Billions of IoT devices collect sensitive data about people, creating data
privacy risks and breach vulnerabilities
• Privacy-preserving IoT refers to any IoT service, i.e., any network of objects
embedded with sensors and connection links, that functions while
maintaining the privacy rights of users
• These slides presented
▪ common myths about data privacy and IoT services;
▪ trade-off between privacy preservation by users and accuracy maximization and
collection of true data by service providers; and
▪ optimal pricing of standalone and bundled services
Privacy-Preserving Internet of Things 41