Skip to main content
SpringerLink
Log in

Applying Privacy Patterns to the Internet of Things’ (IoT) Architecture

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The concept of cloud computing relies on central large datacentres with huge amounts of computational power. The rapidly growing Internet of Things with its vast amount of data showed that this architecture produces costly, inefficient and in some cases infeasible communication. Thus, fog computing, a new architecture with distributed computational power closer to the IoT devices was developed. So far, this decentralised fog-oriented architecture has only been used for performance and resource management improvements. We show how it could also be used for improving the users’ privacy. For that purpose, we map privacy patterns to the IoT / fog computing / cloud computing architecture. Privacy patterns are software design patterns with the focus to translate “privacy-by-design” into practical advice. As a proof of concept, for each of the used privacy patterns we give an example from a smart vehicle scenario to illustrate how the patterns could improve the users’ privacy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Evans D (2011) The Internet of Things How the Next Evolution of the Internet Is Changing Everything. Online White Paper. Available from: https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf

  2. Botta A, de Donato W, Persico V, Pescapé A (2016) Integration of Cloud computing and Internet of Things: A survey, Future Generation Computer Systems, Volume 56, p. 684–700, ISSN 0167-739X, Available from. https://doi.org/10.1016/j.future.2015.09.021

  3. Thien AT, Colomo-Palacios R (2016) A Systematic Literature Review of Fog Computing. Paper presented at NOKOBIT 2016, Bergen, NOKOBIT, vol. 24, no. 1, Bibsys Open Journal Systems, ISSN 1894–7719

  4. Kowatsch T, Maass TW (2012) Privacy Concerns and Acceptance of IoT Services. In: The Internet of Things 2012: New Horizons. Halifax, UK : IERC - Internet of Things European Research Cluster, S. 176–187

  5. Fowler B (2017) Gifts That Snoop? The Internet of Things Is Wrapped in Privacy Concerns, Consumer Reports. Available from: https://www.consumerreports.org/internet-of-things/gifts-that-snoop-internet-of-things-privacy-concerns/

  6. Hill K, Mattu S (2018) The House That Spied on Me, Gizmodo. Available from: https://gizmodo.com/the-house-that-spied-on-me-1822429852

  7. Adams M (2017) Big Data and Individual Privacy in the Age of the Internet of Things. Technology Innovation Management Review 7(4):12–24

    Article  Google Scholar 

  8. Papageorgiou A, Strigkos M, Politou E, Alepis E, Solanas A, Patsakis C (2018) Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice. IEEE Access 6:9390–9403

    Article  Google Scholar 

  9. Weinberg BD, Milne GR, Andonova YG, Hajjat FM (2015) Internet of Things: Convenience vs. privacy and secrecy. Business Horizons 58(6):615–624

    Article  Google Scholar 

  10. Kristen L (2016) Walker: Surrendering information through the looking glass: Transparency, trust, and protection. J Public Policy Mark 35(1):144–158

    Article  Google Scholar 

  11. Milne GR, Culnan MJ (2004) Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. J Interact Mark 18(3):15–29

    Article  Google Scholar 

  12. Milne GR, Culnan MJ, Greene H (2006) A longitudinal assessment of online privacy notice readability. J Public Policy Mark 25(2):238–249

    Article  Google Scholar 

  13. Paul N, Tesfay W, Kipker D-K, Stelter M, Pape S (2018) Assessing Privacy Policies of Internet of Things Services. In ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, Poznan

  14. Iorga M, Goren N, Feldman L, Barton R, Martin M, Mahmoudi C (2018) Fog Computing Conceptual Model, NIST Special Publication 500–325, https://doi.org/10.6028/NIST.SP.500-325 available from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-325.pdf

  15. Yousefpour A, Ishigaki G, Jue JP (2017) Fog Computing: Towards Minimizing Delay in the Internet of Things. 2017 IEEE International Conference on Edge Computing (EDGE), Honolulu, pp. 17–24

  16. Bonomi F, Milito R, Zhu J, Addepalli S (2012) Fog computing and its role in the internet of things. In Proceedings of the first edition of the MCC workshop on Mobile cloud computing, p. 13–16. ACM

  17. Bierzynski K, Escobar A, Eberl M (2017) Cloud, fog and edge: Cooperation for the future? FMEC: 62–67

  18. Sathish Kumar J, Patel DR (2014) A survey on internet of things: Security and privacy issues. International Journal of Computer Applications 90.11

  19. Martinez-Balleste A, Perez-Martinez PA, Solanas A (2013) The pursuit of citizens' privacy: a privacy-aware smart city is possible. IEEE Commun Mag 51(6):136–141

    Article  Google Scholar 

  20. Dinev T, Hart P (2006) An Extended Privacy Calculus Model for E-Commerce Transactions. Inf Syst Res 17(1):61–80

    Article  Google Scholar 

  21. Fred D (1989) Davis: Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology. MIS Q 13(3):319–339

    Article  Google Scholar 

  22. Kozlov D, Veijalainen J, Ali Y (2012) Security and privacy threats in IoT architectures. In: Proceedings of the 7th International Conference on Body Area Networks (BodyNets '12). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, 256–262

  23. Lee K, Kim D, Ha D, Rajput U, Oh H (2015) On security and privacy issues of fog computing supported Internet of Things environment. In: Network of the Future (NOF), 2015 6th International Conference on the, pp. 1–3. IEEE

  24. Stojmenovic I, Wen S (2014) The Fog Computing Paradigm: Scenarios and Security Issues. FedCSIS 1–8

  25. Stojmenovic I, Wen S, Huang X, Luan H (2016) An overview of Fog computing and its security issues. Concurrency and Computation: Practice and Experience 28(10):2991–3005

    Article  Google Scholar 

  26. Lu R, Liang X, Li X, Lin X, Shen X (2012) Eppa: An efficient and privacy-preserving aggregation scheme for secure smart grid communications. Parallel and Distributed Systems, IEEE Transactions 23(9):1621–1631

    Article  Google Scholar 

  27. Ni J, Zhang K, Lin X, Shen X (2017) Securing fog computing for internet of things applications: Challenges and solutions. IEEE Communications Surveys & Tutorials

  28. Tayeb S, Latifi S, Kim Y (2017) A survey on IoT communication and computation frameworks: An industrial perspective. In: Computing and Communication Workshop and Conference (CCWC), 2017 IEEE 7th Annual, pp. 1–6. IEEE

  29. Sadeghi A-R, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial Internet of Things. Design Automation Conf. (DAC), 2015 52nd ACM/EDAC/IEEE, pp. 1–12

  30. Yi S, Qin Z, Li Q (2015) Security and privacy issues of fog computing: a survey. In Wireless Algorithms, Systems, and Applications 2015 (pp. 685–695), Springer International Publishing. Available from http://link.springer.com/chapter/10.1007/978-3-319-21837-3_67

  31. Rahman LF, Ozcelebi T, Lukkien JJ (2016) Choosing your IoT programming framework: Architectural aspects. In: Future Internet of Things and Cloud (FiCloud), 2016 IEEE 4th International Conference on, pp. 293–300. IEEE

  32. Graf C, Wolkerstorfer P, Geven A, Tscheligi M (2010) A pattern collection for privacy enhancing technology. In: The 2nd Int. Conf. on Pervasive Patterns and Applications (PATTERNS 2010), pp. 21–26

  33. Yoder J, Baraclow J (1997) Architectural Patterns for Enabling Application Security. Pattern Languages of Programs

  34. International Standards Organisation (1999) Common criteria for information technology security evaluation. http://www.commoncriteriaportal.org/public/consumer/index.php?menu=2

  35. Schumacher M (2002) Security Patterns and Security Standards - With Selected Security Patterns for Anonymity and Privacy. European Conference on Pattern Languages of Programs (EuroPLoP)

  36. Privacy Patterns Website. https://privacypatterns.org

  37. Schümmer T (2004) The Public Privacy – Patterns for Filtering Personal Information in Collaborative Systems. CHI

  38. Romanosky S, Acquisti A, Hong J, Cranor LF, Friedman B (2006) Privacy patterns for online interactions. In: Proceedings of the 2006 conference on Pattern languages of programs. ACM, p. 12

  39. Doty N, Gupta M (2013) Privacy design patterns and anti-patterns. In: Trustbusters Workshop at the Symposium on Usable Privacy and Security

  40. Privacy Design Pattern Library Website. http://www.legaltechdesign.com/communication-design/legal-design-pattern-libraries/privacy-design-pattern-library/

  41. Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. In International Conference on the Theory and Applications of Cryptographic Techniques, pp. 223–238. Springer, Berlin, Heidelberg

  42. Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613

    Article  MathSciNet  MATH  Google Scholar 

  43. Dierks T (2008) The transport layer security (TLS) protocol version 1.2, RFC 5246

  44. Okay FY, Ozdemir S (2018) A secure data aggregation protocol for fog computing based smart grids. 2018 IEEE 12th International Conference on Compatibility, Power Electronics and Power Engineering (CPE-POWERENG 2018), Doha, pp. 1–6

  45. Rannenberg K (2016) Opportunities and Risks Associated with Collecting and Making Usable Additional Data. Autonomous Driving. Springer, Berlin, Heidelberg, 497–517

  46. SAE (2014) Taxonomy and definitions for terms related to on-road-motor vehicle automated deriving systems, J3016, SAE International Standard

Download references

Author information

Authors and Affiliations

  1. Deutsche Telekom Chair of Mobile Business & Multilateral Security, Goethe University Frankfurt, Theodor-W.-Adorno-Platz 4, 60323, Frankfurt, Germany

    Sebastian Pape & Kai Rannenberg

Authors
  1. Sebastian Pape
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kai Rannenberg
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sebastian Pape.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Pape, S., Rannenberg, K. Applying Privacy Patterns to the Internet of Things’ (IoT) Architecture. Mobile Netw Appl 24, 925–933 (2019). https://doi.org/10.1007/s11036-018-1148-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-018-1148-2

Keywords

Search

Navigation