Abstract
The General Data Protection Regulation (GDPR) allow citizens to control their data. For that, they must define and update their security data policies that are generally more sophisticated and more dynamic than classical access control policies managed by system administrators. Consequently, GDPR implementation in modern scalable and dynamic systems like IoT is still a challenge. We propose a security model for data privacy and an original solution where a GDPR consent manager is integrated using Complex Event Processing (CEP) system and following the edge computing. We show, through a smart home IoT system, the efficiency of our approach in terms of flexibility and scalability.
This project is carried out under the MOBIDOC scheme, funded by the EU through the EMORI program and managed by the ANPR.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
GDPR. https://gdpr-info.eu/. Acessed 22 Aug 2019
Luckham, D.: The power of events: an introduction to complex event processing in distributed enterprise systems. In: Bassiliades, N., Governatori, G., Paschke, A. (eds.) RuleML 2008. LNCS, vol. 5321, p. 3. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88808-6_2
Etzion, O., Niblett, P.: Event Processing in Action, 1st edn. Manning Publications, Greenwich (2010)
Verma, H., Jain, M., Goel, K., Vikram, A., Verma, G.: Smart home system based on Internet of Things. In: 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 2073–2075. IEEE, New Delhi (2016)
Pham, P.: The applicability of the GDPR to the Internet of Things. J. Data Prot. Priv. 2(3), 254–263 (2019)
Vargas, J.C.: Blockchain-based consent manager for GDPR compliance. In: Open Identity Summit 2019. Gesellschaft für Informatik, Bonn (2019)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union. L119, 1–88 (2016)
Seo, J., Kim, K., Park, M., Park, M., Lee, K.: An analysis of economic impact on IoT under GDPR. In: 2017 International Conference on Information and Communication Technology Convergence (ICTC), pp. 879–881. IEEE, Jeju, South Korea (2017)
Wachter, S.: Normative challenges of identification in the Internet of Things: privacy, profiling, discrimination, and the GDPR. Comput. Law Secur. Rev. 34(3), 436–449 (2018)
Wachter, S.: The GDPR and the Internet of Things: a three-step transparency model. Law Innov. Technol. 10(2), 266–294 (2018)
Castelluccia, C., Cunche, M., Le Metayer, D., Morel, V.: Enhancing transparency and consent in the IoT. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 116–119. IEEE, London, UK (2018)
Chen, C., Fu, H., Sung, T., Wang, P., Jou, E., Feng, M.: Complex event processing for the Internet of Things and its applications. In: 2014 IEEE International Conference on Automation Science and Engineering (CASE), pp. 1144–1149. IEEE, Taipei, Taiwan (2014)
Jun, C., Chi, C.: Design of complex event-processing IDS in Internet of Things. In: 2014 Sixth International Conference on Measuring Technology and Mechatronics Automation, pp. 226–229. IEEE, Zhangjiajie, China (2014)
Kaya, M., Cetin-Kaya, Y.: Complex event processing using IOT devices based on Arduino. Int. J. Cloud Comput. Serv. Architect. IJCCSA 7, 13–24 (2017)
Nocera, F., Di Noia, T., Mongiello, M., Di Sciascio, E.: Semantic IoT middleware-enabled mobile complex event processing for integrated pest management. In: 7th International Conference on Cloud Computing and Services Science (2017)
Strohbach, M., Ziekow, H., Gazis, V., Akiva, N.: Towards a big data analytics framework for iot and smart city applications. In: Xhafa, F., Barolli, L., Barolli, A., Papajorgji, P. (eds.) Modeling and Processing for Next-Generation Big-Data Technologies. MOST, vol. 4, pp. 257–282. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-09177-8_11
Rhahla, M., Allegue, S., Abdellatif, T.: A framework for GDPR compliance in big data systems. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds.) CRiSIS 2019. LNCS, vol. 12026, pp. 211–226. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41568-6_14
Boubeta-Puig, J., Ortiz, G., Medina-Bulo, I.: Approaching the Internet of Things through integrating SOA and complex event processing. In: Handbook of Research on Demand-Driven Web Services: Theory, Technologies, and Applications, pp. 304–323. IGI Global (2014)
Lan, L., Wang, B., Zhang, L., Shi, R., Li, F.: An event-driven service-oriented architecture for Internet of Things service execution. Int. J. Online Eng. (iJOE) 11, 4 (2015)
Corcoran, P., Datta, K.: Mobile-edge computing and the Internet of Things for consumers: extending cloud computing and services to the edge of the network. IEEE Consum. Electron. Mag. 5(4), 73–74 (2016)
Esper. http://www.espertech.com/. Accessed 19 Aug 2019
Flink Gelly API. https://flink.apache.org/news/2015/08/24/introducing-flink-gelly.html. Accessed 29 Aug 2019
WSO2 CEP. https://wso2.com/products/complex-event-processor/. Accessed 19 Aug 2019
Kibana. https://www.elastic.co/fr/products/kibana. Accessed 19 Aug 2019
Apache Flink. https://ci.apache.org/projects/flink/flink-docs-release-1.8/. Accessed 19 Aug 2019
Platform for Privacy Preferences (P3P). https://www.w3.org/P3P/. Accessed 26 Aug 2019
Security Assertion Markup Language (SAML). http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html. Accessed 26 Aug 2019
EXtensible Access Control Markup Language (XACML). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html. Accessed 26 Aug 2019
Dynamic Tables. https://ci.apache.org/projects/flink/flink-docs-stable/dev/table/streaming/dynamic_tables.html. Accessed 27 Aug 2019
Abdellatif, T., Bozga, M.: An end-to-end security model for adaptive service-oriented applications. In: Braubach, L., Murillo, J.M., Kaviani, N., Lama, M., Burgueño, L., Moha, N., Oriol, M. (eds.) ICSOC 2017. LNCS, vol. 10797, pp. 43–54. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91764-1_4
Java-vault-driver. https://bettercloud.github.io/vault-java-driver/. Accessed 26 Aug 2019
Crabtree, A., et al.: Building accountability into the Internet of Things: the IoT databox model. J. Reliable Intell. Environ. 4(1), 39–55 (2018). https://doi.org/10.1007/s40860-018-0054-5
Rhahla, M., Abdellatif, T., Attia, R., Berrayana, W.: A GDPR controller for IoT systems: application to e-Health. In: 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2019)
Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., Kritsas, A.: ADvoCATE: a consent management platform for personal data processing in the IoT using blockchain technology. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 300–313. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_23
Vault. https://www.vaultproject.io. Accessed 01 Aug 2019
Dhillon, A., Majumdar, S., St-Hilaire, M., El-Haraki, A.: A mobile complex event processing system for remote patient monitoring. In: IEEE International Congress on Internet of Things (ICIOT) (2018)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Allegue, S., Rhahla, M., Abdellatif, T. (2020). Toward GDPR Compliance in IoT Systems. In: Yangui, S., et al. Service-Oriented Computing – ICSOC 2019 Workshops. ICSOC 2019. Lecture Notes in Computer Science(), vol 12019. Springer, Cham. https://doi.org/10.1007/978-3-030-45989-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-45989-5_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45988-8
Online ISBN: 978-3-030-45989-5
eBook Packages: Computer ScienceComputer Science (R0)