Incorporating Individual and Group Privacy Preferences in the Internet of Things

TL;DR

This paper introduces a privacy negotiation mechanism for IoT that effectively balances individual, group, and owner privacy preferences across various architectures with minimal overhead.

Contribution

It proposes a novel, architecture-agnostic privacy negotiation protocol that integrates individual and group preferences in IoT environments, ensuring efficiency and practicality.

Findings

Prototype implementations demonstrate low time overhead.

The mechanism effectively balances multiple privacy requirements.

Applicable across different IoT architectures.

Abstract

This paper presents a new privacy negotiation mechanism for an IoT environment that is both efficient and practical to cope with the IoT special need of seamlessness. This mechanism allows IoT users to express and enforce their personal privacy preferences in a seamless manner while interacting with IoT deployments. A key contribution of the paper is that it addresses the privacy concerns of individual users as well as a group of users where privacy preferences of all individual users are combined into a group privacy profile to be negotiated with the IoT owner. In addition, the proposed mechanism satisfies the privacy requirements of the IoT deployment owner. Finally, the proposed privacy mechanism is agnostic to the actual IoT architecture and can be used over a user-managed, edge-managed or a cloud-managed IoT architecture. Prototypes of the proposed mechanism have been implemented for each of these three architectures, and the results show the capability of the protocol to negotiate privacy while adding insignificant time overhead.