User-driven Privacy Enforcement for Cloud-based Services in the Internet of Things

TL;DR

This paper introduces UPECSI, a user-driven privacy enforcement framework for IoT cloud services, addressing privacy concerns to improve user acceptance in IoT ecosystems.

Contribution

UPECSI provides a novel, integrated approach for enforcing user privacy requirements in cloud-based IoT services with adaptable and transparent configurations.

Findings

Enables enforcement of all user privacy requirements after data leaves the local network.

Integrates privacy functionality into the development process of cloud services.

Offers users transparent and adaptable privacy configuration options.

Abstract

Internet of Things devices are envisioned to penetrate essentially all aspects of life, including homes and urbanspaces, in use cases such as health care, assisted living, and smart cities. One often proposed solution for dealing with the massive amount of data collected by these devices and offering services on top of them is the federation of the Internet of Things and cloud computing. However, user acceptance of such systems is a critical factor that hinders the adoption of this promising approach due to severe privacy concerns. We present UPECSI, an approach for user-driven privacy enforcement for cloud-based services in the Internet of Things to address this critical factor. UPECSI enables enforcement of all privacy requirements of the user once her sensitive data leaves the border of her network, provides a novel approach for the integration of privacy functionality into the development process of cloud-based services, and offers the user an adaptable and transparent configuration of her privacy requirements. Hence, UPECSI demonstrates an approach for realizing user-accepted cloud services in the Internet of Things.