Privacy in Internet of Things: from Principles to Technologies

TL;DR

This paper reviews privacy principles, laws, and technologies in IoT, analyzing how legal frameworks influence the design of privacy-preserving architectures and technologies for IoT systems.

Contribution

It provides a comprehensive analysis of how privacy laws can be integrated into IoT architectures through privacy enhancing technologies.

Findings

Legal principles support privacy in IoT through tailored PETs.

Layered architecture enables targeted privacy solutions.

Mapping legislation to technology guides privacy design.

Abstract

Ubiquitous deployment of low-cost smart devices and widespread use of high-speed wireless networks have led to the rapid development of the Internet of Things (IoT). IoT embraces countless physical objects that have not been involved in the traditional Internet and enables their interaction and cooperation to provide a wide range of IoT applications. Many services in the IoT may require a comprehensive understanding and analysis of data collected through a large number of physical devices that challenges both personal information privacy and the development of IoT. Information privacy in IoT is a broad and complex concept as its understanding and perception differ among individuals and its enforcement requires efforts from both legislation as well as technologies. In this paper, we review the state-of-the-art principles of privacy laws, the architectures for IoT and the representative privacy enhancing technologies (PETs). We analyze how legal principles can be supported through a careful implementation of privacy enhancing technologies (PETs) at various layers of a layered IoT architecture model to meet the privacy requirements of the individuals interacting with IoT systems. We demonstrate how privacy legislation maps to privacy principles which in turn drives the design of necessary privacy enhancing technologies to be employed in the IoT architecture stack.