Abstract
The rising number of IoT devices enables the provisioning of novel services in various domains, such as the automotive domain. This data, however, is often personal or otherwise sensitive. Providers of IoT-based services are confronted with the problem of collecting the necessary amount and quality of data, while at the same time protecting persons’ privacy using privacy enhancing technologies (PETs). Selecting appropriate PETs is neither trivial, nor is it uncritical since applying an unsuitable PET can result in a violation of privacy rights, e.g. according to the GDPR. In this paper, we propose a process to select data-dependent PETs—i.e. technologies which manipulate data, e.g. by distorting values—for IoT-based services. The process takes into account two perspectives on the selection of PETs which both narrow down the number of potentially applicable PETs: First, a data-driven perspective which is based on the data’s properties, e.g. its longevity and sequentiality; and second, a service-driven perspective which takes into account service requirements, e.g. the precision required to provide a particular service. We then show how the process can be applied for automotive services proposing a taxonomy for automotive data and present an exemplary application.
In this way, we aim at providing a reproducible method of selecting PETs that is more specific than existing approaches, and which can be applied both as a standalone process and complementary to existing ones.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Birnstill, P., Ren, D., Beyerer, J.: A user study on anonymization techniques for smart video surveillance. In: 12th International Conference on Advanced Video and Signal Based Surveillance (AVSS), pp. 1–6. IEEE (2015)
Dalenius, T.: Finding a needle in a haystack or identifying anonymous census records. J. Off. Stat. 2(3), 329 (1986)
Dandekar, R.A., Domingo-Ferrer, J., Sebé, F.: LHS-based hybrid microdata vs rank swapping and microaggregation for numeric microdata protection. In: Domingo-Ferrer, J. (ed.) Inference Control in Statistical Databases. LNCS, vol. 2316, pp. 153–162. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-47804-3_12
De Wolf, P.P., Gouweleeuw, J., Kooiman, P., Willenborg, L., et al.: Reflections on PRAM. In: Statistical Data Protection, pp. 337–349. Citeseer (1998)
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3–32 (2011). https://doi.org/10.1007/s00766-010-0115-7
Domingo-Ferrer, J.: Microaggregation for database and location privacy. In: Etzion, O., Kuflik, T., Motro, A. (eds.) NGITS 2006. LNCS, vol. 4032, pp. 106–116. Springer, Heidelberg (2006). https://doi.org/10.1007/11780991_10
Domingo-Ferrer, J., Sebé, F., Castellà-Roca, J.: On the security of noise addition for privacy in statistical databases. In: Domingo-Ferrer, J., Torra, V. (eds.) PSD 2004. LNCS, vol. 3050, pp. 149–161. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-25955-8_12
Duckham, M., Kulik, L.: A formal model of obfuscation and negotiation for location privacy. In: Gellersen, H.-W., Want, R., Schmidt, A. (eds.) Pervasive 2005. LNCS, vol. 3468, pp. 152–170. Springer, Heidelberg (2005). https://doi.org/10.1007/11428572_10
Fischetti, M., González, J.J.S.: Models and algorithms for optimizing cell suppression in tabular data with linear constraints. J. Am. Stat. Assoc. 95(451), 916–928 (2000)
Fleming, W.J.: Overview of automotive sensors. Sens. J. 1(4), 296–308 (2001)
Fleming, W.J.: New automotive sensors—A review. Sens. J. 8(11), 1900–1921 (2008)
Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Enhancing security and privacy in traffic-monitoring systems. Pervasive Comput. 5(4), 38–46 (2006)
Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Preserving privacy in GPS traces via uncertainty-aware path cloaking. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 161–171. ACM (2007)
Hornung, G.: Verfügungsrechte an fahrzeugbezogenen Daten [Rights of disposition for vehicle-related data]. Datenschutz und Datensicherheit-DuD 39(6), 359–366 (2015)
Hundepool, A., et al.: Statistical Disclosure Control. Wiley, Hoboken (2012)
Kido, H., Yanagisawa, Y., Satoh, T.: An anonymous communication technique using dummies for location-based services. In: Proceedings of the 2005 International Conference on Pervasive Services, ICPS 2005, pp. 88–97. IEEE (2005)
Little, R.J.: Statistical analysis of masked data. J. Off. Stat. 9(2), 407 (1993)
Luna, J., Suri, N., Krontiris, I.: Privacy-by-design based on quantitative threat modeling. In: 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1–8. IEEE (2012)
Moore, R.: Controlled data-swapping techniques for masking public use microdata sets. US Census Bureau [Custodian] (1996)
Notario, N., et al.: PRIPARE: integrating privacy best practices into a privacy engineering methodology. In: Security and Privacy Workshops, pp. 151–158. IEEE (2015)
Oliver, I.: Experiences in the development and usage of a privacy requirements framework. In: 24th International Requirements Engineering Conference (RE), pp. 293–302. IEEE (2016)
Potter, B.: Microsoft SDL threat modelling tool. Netw. Secur. 1, 15–18 (2009)
Qian, J., et al.: VoiceMask: anonymize and sanitize voice input on mobile devices. arXiv preprint arXiv:1711.11460 (2017)
Rubin, D.B.: Statistical disclosure limitation. J. Off. Stat. 9(2), 461–468 (1993)
Samarati, P.: Protecting respondents identities in microdata release. Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)
Spiekermann, S., Cranor, L.F.: Engineering privacy. Trans. Softw. Eng. 35(1), 67–82 (2009)
Torra, V.: Microaggregation for categorical variables: a median based approach. In: Domingo-Ferrer, J., Torra, V. (eds.) PSD 2004. LNCS, vol. 3050, pp. 162–174. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-25955-8_13
Acknowledgment
This work was partly funded by the Bavarian Ministry of Economic Affairs and Media, Energy and Technology, within the project Bayern-Cloud.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kunz, I., Banse, C., Stephanow, P. (2020). Selecting Privacy Enhancing Technologies for IoT-Based Services. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-63095-9_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63094-2
Online ISBN: 978-3-030-63095-9
eBook Packages: Computer ScienceComputer Science (R0)