Skip to main content
SpringerLink
Log in
SpringerLink
Log in

ADvoCATE: A Consent Management Platform for Personal Data Processing in the IoT Using Blockchain Technology

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SECITC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11359))

Abstract

The value of personal data generated and managed by smart devices which comprise the Internet of Things (IoT) is unquestionable. The EU General Data Protection Regulation (GDPR) that has been recently put in force, sets the cornerstones regarding the collection and processing of personal data, for the benefit of Data Subjects and Controllers. However, applying this regulation to the IoT ecosystem is not a trivial task. This paper proposes ADvoCATE, a user-centric solution that allows data subjects to easily control consents regarding access to their personal data in the IoT ecosystem and exercise their rights defined by GDPR. It also assists Data Controllers and Processors to meet GDPR requirements. A blockchain infrastructure ensures the integrity of personal data processing consents, while the quality thereof is evaluated by an intelligence service. Finally, we present some preliminary details of a partial implementation of the proposed framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The regulation defines additional lawful bases for personal data processing that do not require users’ consents, such as for the protection of data subjects’ vital interests. These are out of the scope of ADvoCATE as they do not require user interaction.

  2. 2.

    https://nodejs.org.

  3. 3.

    https://www.mongodb.org.

  4. 4.

    https://solidity.readthedocs.io.

References

  1. Bartolini, C., Muthuri, R., Santos, C.: Using ontologies to model data protection requirements in workflows. In: Otake, M., Kurahashi, S., Ota, Y., Satoh, K., Bekki, D. (eds.) New Frontiers in Artificial Intelligence, vol. 10091, pp. 233–248. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-50953-2_17

    Chapter  Google Scholar 

  2. Buterin, V.: A next-generation smart contract and decentralized application platform (n.d.). https://github.com/ethereum/wiki/wiki/White-Paper. Accessed 02 Oct 2018

  3. Cha, S.C., Chen, J.F., Su, C., Yeh, K.H.: A blockchain connected gateway for BLE-based devices in the Internet of Things. IEEE Access PP(99), 1–1 (2018). https://doi.org/10.1109/ACCESS.2018.2799942

    Article  Google Scholar 

  4. Cha, S.C., Tsai, T.Y., Peng, W.C., Huang, T.C., Hsu, T.Y.: Privacy-aware and blockchain connected gateways for users to access legacy IoT devices. In: 2017 IEEE 6th Global Conference on Consumer Electronics (GCCE), pp. 1–3, October 2017. https://doi.org/10.1109/GCCE.2017.8229327

  5. Conoscenti, M., Vetrò, A., Martin, J.C.D.: Blockchain for the Internet of Things: a systematic literature review. In: 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), pp. 1–6, November 2016. https://doi.org/10.1109/AICCSA.2016.7945805

  6. Copigneaux, B.: Semi-autonomous, context-aware, agent using behaviour modelling and reputation systems to authorize data operation in the Internet of Things. In: 2014 IEEE World Forum on Internet of Things (WF-IoT), pp. 411–416, March 2014. https://doi.org/10.1109/WF-IoT.2014.6803201

  7. Demertzis, K., Iliadis, L.S., Anezakis, V.D.: An innovative soft computing system for smart energy grids cybersecurity. Adv. Build. Energy Res. 12(1), 3–24 (2018). https://doi.org/10.1080/17512549.2017.1325401

    Article  Google Scholar 

  8. Eckert, K., Meilicke, C., Stuckenschmidt, H.: Improving ontology matching using meta-level learning. In: Aroyo, L., et al. (eds.) ESWC 2009. LNCS, vol. 5554, pp. 158–172. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02121-3_15

    Chapter  Google Scholar 

  9. EnCoRe Project: Ensuring consent and revocation (2010). www.hpl.hp.com/breweb/encoreproject/. Accessed 02 Oct 2018

  10. European Parliament and Council: Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union (Apr 2016), http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679

  11. Fortinet Inc.: Fortinet reveals “Internet of Things: connected home” survey results (2014). https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2014/internet-of-things.html. Accessed 02 Oct 2018

  12. IERC: European Research Cluster on the Internet of Things, Internet of Things: IoT governance, privacy and security issues (2015). http://www.internet-of-things-research.eu/pdf/IERC_Position_Paper_IoT_Governance_Privacy_Security_Final.pdf. Accessed 02 Oct 2018

  13. Kleinaki, A.S., Mytis-Gkometh, P., Drosatos, G., Efraimidis, P.S., Kaldoudi, E.: A blockchain-based notarization service for biomedical knowledge retrieval. Comput. Struct. Biotechnol. J. 16, 288–297 (2018). https://doi.org/10.1016/j.csbj.2018.08.002

    Article  Google Scholar 

  14. Musolesi, M.: UPRISE-IoT: User-centric PRIvacy & Security in IoT (2017). http://gtr.rcuk.ac.uk/projects?ref=EP%2FP016278%2F1. Accessed 02 Oct 2018

  15. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf. Accessed 02 Oct 2018

  16. Nugent, T., Upton, D., Cimpoesu, M.: Improving data transparency in clinical trials using blockchain smart contracts. F1000Research 5, 2541 (2016). https://doi.org/10.12688/f1000research.9756.1

    Article  Google Scholar 

  17. O’Connor, Y., Rowan, W., Lynch, L., Heavin, C.: Privacy by design: informed consent and internet of things for smart health. Procedia Comput. Sci. 113, 653–658 (2017). https://doi.org/10.1016/j.procs.2017.08.329

    Article  Google Scholar 

  18. Otero-Cerdeira, L., Rodríguez-Martínez, F.J., Gómez-Rodríguez, A.: Ontology matching. Expert Syst. Appl. 42(2), 949–971 (2015). https://doi.org/10.1016/j.eswa.2014.08.032

    Article  Google Scholar 

  19. Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A.: Blockchain-based consents management for personal data processing in the IoT ecosystem. In: 15th International Conference on Security and Cryptography (SECRYPT 2018), part of ICETE, pp. 572–577. SciTePress, Porto (2018). https://doi.org/10.5220/0006911005720577

  20. Russell, B., Garlat, C., Lingenfelter, D.: Security guidance for early adopters of the Internet of Things (IoT). White paper, Cloud Security Alliance, April 2015

    Google Scholar 

  21. Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015). https://doi.org/10.1016/j.comnet.2014.11.008

    Article  Google Scholar 

  22. Stankovic, J.A.: Research directions for the Internet of Things. IEEE Internet Things J. 1(1), 3–9 (2014). https://doi.org/10.1109/JIOT.2014.2312291

    Article  MathSciNet  Google Scholar 

  23. Shih, Y.-Y., Liu, D.-R.: Hybrid recommendation approaches: collaborative filtering via valuable content information, p. 217b. IEEE (2005). https://doi.org/10.1109/HICSS.2005.302

  24. Yang, Z., Wu, B., Zheng, K., Wang, X., Lei, L.: A survey of collaborative filtering-based recommender systems for mobile internet applications. IEEE Access 4, 3273–3287 (2016). https://doi.org/10.1109/ACCESS.2016.2573314

    Article  Google Scholar 

  25. Yli-Huumo, J., Ko, D., Choi, S., Park, S., Smolander, K.: Where is current research on blockchain technology?—A systematic review. PLoS ONE 11(10), e0163477 (2016). https://doi.org/10.1371/journal.pone.0163477

    Article  Google Scholar 

  26. Zhang, Z.K., Cho, M.C.Y., Wang, C.W., Hsu, C.W., Chen, C.K., Shieh, S.: IoT security: ongoing challenges and research opportunities. In: 7th International Conference on Service-Oriented Computing and Applications, pp. 230–234. IEEE, November 2014. https://doi.org/10.1109/SOCA.2014.58

  27. Zhu, X., Ghahramani, Z., Lafferty, J.: Semi-supervised learning using Gaussian fields and harmonic functions. In: IN ICML, pp. 912–919 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Informatics Engineering, Eastern Macedonia and Thrace Institute of Technology, Kavala, Greece

    Konstantinos Rantos, Konstantinos Demertzis & Antonios Kritsas

  2. Department of Electrical and Computer Engineering, Democritus University of Thrace, Xanthi, Greece

    George Drosatos

  3. Department of Information Technology, Alexander Technological Educational Institute of Thessaloniki, Thessaloniki, Greece

    Christos Ilioudis & Alexandros Papanikolaou

Authors
  1. Konstantinos Rantos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George Drosatos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Konstantinos Demertzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christos Ilioudis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Alexandros Papanikolaou
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Antonios Kritsas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantinos Rantos .

Editor information

Editors and Affiliations

  1. Inria-RBA, Rennes, France

    Jean-Louis Lanet

  2. Bucharest University of Economic Studies, Bucharest, Romania

    Cristian Toma

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., Kritsas, A. (2019). ADvoCATE: A Consent Management Platform for Personal Data Processing in the IoT Using Blockchain Technology. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12942-2_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12941-5

  • Online ISBN: 978-3-030-12942-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation