Building Private-by-Design IoT Systems
Pages 42 - 46
Abstract
Internet of Things (IoT) devices have revolutionized the way we interact with our physical environment. With a single tap on a smartphone screen or a voice command one can control home lighting, thermostats and cameras, monitor physical activity, and keep track of personal belongings. However, while these devices become more and more embedded in our daily lives, there are growing concerns over the privacy and security of highly sensitive data they collect. Numerous cases of data abuse, unauthorized sharing and leakage have been reported. Unfortunately, existing IoT systems have not only failed to prevent such cases, but often contributed to those. To address this issue, we propose a clean-slate approach to building secure and private-by-design IoT systems, in which users retain full control and ownership of their IoT data. The approach builds upon key design concepts: (1) a dataflow programming model for building IoT apps and services, and (2) a mechanism to track sensitive sensor data flows inside these apps and automatically verify their compliance with user-defined privacy and security preferences.
References
[1]
Adam Clark Estes. 2018. Yes, Your Amazon Echo Is an Ad Machine. https://gizmodo.com/yes-your-amazon-echo-is-an-ad-machine-1821712916.
[2]
Eduardo Gomes, Igor Zavalyshyn, Nuno Santos, João Silva, and Axel Legay. 2020. Flowverine: Leveraging Dataflow Programming for Building Privacy-Sensitive Android Applications. In Proceedings of 19th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom) (to appear).
[3]
Christine Hauser. 2018. Police Use Fitbit Data to Charge 90-Year-Old Man in Stepdaughter's Killing. https://www.nytimes.com/2018/10/03/us/fitbit-murder-arrest.html.
[4]
Jay McGregor. 2019. Here's How Amazon's Ring Doorbell Police Partnership Affects You. https://www.forbes.com/sites/jaymcgregor/2019/08/06/heres-how-amazons-ring-doorbell-police-partnership-affects-you.
[5]
Microsoft. 2020. Microsoft Azure Confidential Computing. https://azure.microsoft.com/en-us/solutions/confidential-compute/.
[6]
Charlie Osborne. 2019. Amazon employees listen in to your conversations with Alexa. https://www.zdnet.com/article/amazon-employees-are-listening-in-to-your-conversations-with-alexa/.
[7]
Tara Seals. 2018. Amazon Sends 1,700 Alexa Voice Recordings to a Random Person. https://threatpost.com/amazon-1700-alexa-voice-recordings/140201/.
[8]
Amanda Yeo. 2019. Data leak by IoT device maker Wyze exposes personal information of 2.4 million people. https://mashable.com/article/wyze-smart-home-data-leak-breach/.
[9]
Igor Zavalyshyn, Nuno O Duarte, and Nuno Santos. 2018. An Extended Case Study about Securing Smart Home Hubs through N-version Programming. In Proceedings of ICETE (2). 289--300.
[10]
Igor Zavalyshyn, Nuno O Duarte, and Nuno Santos. 2018. HomePad: A privacy-aware smart hub for home environments. In Proceedings of The Third IEEE/ACM Symposium on Edge Computing (SEC). IEEE, 58--73.
[11]
Igor Zavalyshyn, Thomas Given-Wilson, Axel Legay, and Ramin Sadre. 2020. Brief Announcement: Effectiveness of Code Hardening for Fault-Tolerant IoT Software. In Proceedings of 22nd International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS) (to appear).
Index Terms
- Building Private-by-Design IoT Systems
Recommendations
IoT: Imminent ownership Threat
IDEAS '17: Proceedings of the 21st International Database Engineering & Applications SymposiumInternet of things (IoT) is the current trend to connect all types of devices to the internet with the purpose of making remote control of these devices possible from anywhere. This allows for convenience, efficiency and the benefit of collecting data ...
Emerging Security Threats and Countermeasures in IoT
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications SecurityIoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private ...
Comments
Information & Contributors
Information
Published In
December 2020
55 pages
ISBN:9781450382007
DOI:10.1145/3429351
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 December 2020
Check for updates
Author Tags
Qualifiers
- Short-paper
- Research
- Refereed limited
Conference
Middleware '20
Sponsor:
Acceptance Rates
Overall Acceptance Rate 203 of 948 submissions, 21%
Upcoming Conference
MIDDLEWARE '25
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 108Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)1
Reflects downloads up to 08 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in