Privacy-Preserving Protocols for Smart Cameras and Other IoT Devices

TL;DR

This paper presents CaCTUs, a cryptographic protocol suite enabling privacy-preserving control over smart camera data, allowing users to retain ownership and manage access without trusting third-party providers.

Contribution

Introduction of CaCTUs, a novel cryptographic framework that empowers users to control their IoT device data, maintaining privacy in cloud-based smart camera systems.

Findings

CaCTUs supports sharing, deleting, and live viewing features securely.

The system maintains performance comparable to traditional cloud models.

Protocols can extend to other IoT devices recording time series data.

Abstract

Millions of consumers depend on smart camera systems to remotely monitor their homes and businesses. However, the architecture and design of popular commercial systems require users to relinquish control of their data to untrusted third parties, such as service providers (e.g., the cloud). Third parties therefore can (and in some instances have) access the video footage without the users' knowledge or consent -- violating the core tenet of user privacy. In this paper, we introduce CaCTUs, a privacy-preserving smart camera system that returns control to the user; the root of trust begins with the user and is maintained through a series of cryptographic protocols designed to support popular features, such as sharing, deleting, and viewing videos live. In so doing, we demonstrate that it is feasible to implement a performant smart-camera system that leverages the convenience of a cloud-based model while retaining the ability to control access to (private) data. We then discuss how our techniques and protocols can also be extended to privacy-preserving designs of other IoT devices recording time series data.