Abstract
The concept of cloud computing relies on central large datacentres with huge amounts of computational power. The rapidly growing Internet of Things with its vast amount of data showed that this architecture produces costly, inefficient and in some cases infeasible communication. Thus, fog computing, a new architecture with distributed computational power closer to the IoT devices was developed. So far, this decentralised fog-oriented architecture has only been used for performance and resource management improvements. We show how it could also be used for improving the users’ privacy. For that purpose, we map privacy patterns to the IoT / fog computing / cloud computing architecture. Privacy patterns are software design patterns with the focus to translate “privacy-by-design” into practical advice. As a proof of concept, for each of the used privacy patterns we give an example from a smart vehicle scenario to illustrate how the patterns could improve the users’ privacy.
Similar content being viewed by others
References
Evans D (2011) The Internet of Things How the Next Evolution of the Internet Is Changing Everything. Online White Paper. Available from: https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
Botta A, de Donato W, Persico V, Pescapé A (2016) Integration of Cloud computing and Internet of Things: A survey, Future Generation Computer Systems, Volume 56, p. 684–700, ISSN 0167-739X, Available from. https://doi.org/10.1016/j.future.2015.09.021
Thien AT, Colomo-Palacios R (2016) A Systematic Literature Review of Fog Computing. Paper presented at NOKOBIT 2016, Bergen, NOKOBIT, vol. 24, no. 1, Bibsys Open Journal Systems, ISSN 1894–7719
Kowatsch T, Maass TW (2012) Privacy Concerns and Acceptance of IoT Services. In: The Internet of Things 2012: New Horizons. Halifax, UK : IERC - Internet of Things European Research Cluster, S. 176–187
Fowler B (2017) Gifts That Snoop? The Internet of Things Is Wrapped in Privacy Concerns, Consumer Reports. Available from: https://www.consumerreports.org/internet-of-things/gifts-that-snoop-internet-of-things-privacy-concerns/
Hill K, Mattu S (2018) The House That Spied on Me, Gizmodo. Available from: https://gizmodo.com/the-house-that-spied-on-me-1822429852
Adams M (2017) Big Data and Individual Privacy in the Age of the Internet of Things. Technology Innovation Management Review 7(4):12–24
Papageorgiou A, Strigkos M, Politou E, Alepis E, Solanas A, Patsakis C (2018) Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice. IEEE Access 6:9390–9403
Weinberg BD, Milne GR, Andonova YG, Hajjat FM (2015) Internet of Things: Convenience vs. privacy and secrecy. Business Horizons 58(6):615–624
Kristen L (2016) Walker: Surrendering information through the looking glass: Transparency, trust, and protection. J Public Policy Mark 35(1):144–158
Milne GR, Culnan MJ (2004) Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. J Interact Mark 18(3):15–29
Milne GR, Culnan MJ, Greene H (2006) A longitudinal assessment of online privacy notice readability. J Public Policy Mark 25(2):238–249
Paul N, Tesfay W, Kipker D-K, Stelter M, Pape S (2018) Assessing Privacy Policies of Internet of Things Services. In ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, Poznan
Iorga M, Goren N, Feldman L, Barton R, Martin M, Mahmoudi C (2018) Fog Computing Conceptual Model, NIST Special Publication 500–325, https://doi.org/10.6028/NIST.SP.500-325 available from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-325.pdf
Yousefpour A, Ishigaki G, Jue JP (2017) Fog Computing: Towards Minimizing Delay in the Internet of Things. 2017 IEEE International Conference on Edge Computing (EDGE), Honolulu, pp. 17–24
Bonomi F, Milito R, Zhu J, Addepalli S (2012) Fog computing and its role in the internet of things. In Proceedings of the first edition of the MCC workshop on Mobile cloud computing, p. 13–16. ACM
Bierzynski K, Escobar A, Eberl M (2017) Cloud, fog and edge: Cooperation for the future? FMEC: 62–67
Sathish Kumar J, Patel DR (2014) A survey on internet of things: Security and privacy issues. International Journal of Computer Applications 90.11
Martinez-Balleste A, Perez-Martinez PA, Solanas A (2013) The pursuit of citizens' privacy: a privacy-aware smart city is possible. IEEE Commun Mag 51(6):136–141
Dinev T, Hart P (2006) An Extended Privacy Calculus Model for E-Commerce Transactions. Inf Syst Res 17(1):61–80
Fred D (1989) Davis: Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology. MIS Q 13(3):319–339
Kozlov D, Veijalainen J, Ali Y (2012) Security and privacy threats in IoT architectures. In: Proceedings of the 7th International Conference on Body Area Networks (BodyNets '12). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, 256–262
Lee K, Kim D, Ha D, Rajput U, Oh H (2015) On security and privacy issues of fog computing supported Internet of Things environment. In: Network of the Future (NOF), 2015 6th International Conference on the, pp. 1–3. IEEE
Stojmenovic I, Wen S (2014) The Fog Computing Paradigm: Scenarios and Security Issues. FedCSIS 1–8
Stojmenovic I, Wen S, Huang X, Luan H (2016) An overview of Fog computing and its security issues. Concurrency and Computation: Practice and Experience 28(10):2991–3005
Lu R, Liang X, Li X, Lin X, Shen X (2012) Eppa: An efficient and privacy-preserving aggregation scheme for secure smart grid communications. Parallel and Distributed Systems, IEEE Transactions 23(9):1621–1631
Ni J, Zhang K, Lin X, Shen X (2017) Securing fog computing for internet of things applications: Challenges and solutions. IEEE Communications Surveys & Tutorials
Tayeb S, Latifi S, Kim Y (2017) A survey on IoT communication and computation frameworks: An industrial perspective. In: Computing and Communication Workshop and Conference (CCWC), 2017 IEEE 7th Annual, pp. 1–6. IEEE
Sadeghi A-R, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial Internet of Things. Design Automation Conf. (DAC), 2015 52nd ACM/EDAC/IEEE, pp. 1–12
Yi S, Qin Z, Li Q (2015) Security and privacy issues of fog computing: a survey. In Wireless Algorithms, Systems, and Applications 2015 (pp. 685–695), Springer International Publishing. Available from http://link.springer.com/chapter/10.1007/978-3-319-21837-3_67
Rahman LF, Ozcelebi T, Lukkien JJ (2016) Choosing your IoT programming framework: Architectural aspects. In: Future Internet of Things and Cloud (FiCloud), 2016 IEEE 4th International Conference on, pp. 293–300. IEEE
Graf C, Wolkerstorfer P, Geven A, Tscheligi M (2010) A pattern collection for privacy enhancing technology. In: The 2nd Int. Conf. on Pervasive Patterns and Applications (PATTERNS 2010), pp. 21–26
Yoder J, Baraclow J (1997) Architectural Patterns for Enabling Application Security. Pattern Languages of Programs
International Standards Organisation (1999) Common criteria for information technology security evaluation. http://www.commoncriteriaportal.org/public/consumer/index.php?menu=2
Schumacher M (2002) Security Patterns and Security Standards - With Selected Security Patterns for Anonymity and Privacy. European Conference on Pattern Languages of Programs (EuroPLoP)
Privacy Patterns Website. https://privacypatterns.org
Schümmer T (2004) The Public Privacy – Patterns for Filtering Personal Information in Collaborative Systems. CHI
Romanosky S, Acquisti A, Hong J, Cranor LF, Friedman B (2006) Privacy patterns for online interactions. In: Proceedings of the 2006 conference on Pattern languages of programs. ACM, p. 12
Doty N, Gupta M (2013) Privacy design patterns and anti-patterns. In: Trustbusters Workshop at the Symposium on Usable Privacy and Security
Privacy Design Pattern Library Website. http://www.legaltechdesign.com/communication-design/legal-design-pattern-libraries/privacy-design-pattern-library/
Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. In International Conference on the Theory and Applications of Cryptographic Techniques, pp. 223–238. Springer, Berlin, Heidelberg
Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613
Dierks T (2008) The transport layer security (TLS) protocol version 1.2, RFC 5246
Okay FY, Ozdemir S (2018) A secure data aggregation protocol for fog computing based smart grids. 2018 IEEE 12th International Conference on Compatibility, Power Electronics and Power Engineering (CPE-POWERENG 2018), Doha, pp. 1–6
Rannenberg K (2016) Opportunities and Risks Associated with Collecting and Making Usable Additional Data. Autonomous Driving. Springer, Berlin, Heidelberg, 497–517
SAE (2014) Taxonomy and definitions for terms related to on-road-motor vehicle automated deriving systems, J3016, SAE International Standard
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pape, S., Rannenberg, K. Applying Privacy Patterns to the Internet of Things’ (IoT) Architecture. Mobile Netw Appl 24, 925–933 (2019). https://doi.org/10.1007/s11036-018-1148-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-018-1148-2