Entropy-Based Correlation Analysis for Privacy Risk Assessment in IoT Identity Ecosystem
Kai-Chih Chang, Suzanne Barber

TL;DR
This paper introduces a new method for assessing privacy risks in IoT devices using entropy-based metrics and Bayesian networks to better understand data vulnerabilities.
Contribution
A novel framework combining PPA and PrivacyCheck scores with entropy-based analysis and Bayesian networks for IoT privacy risk assessment.
Findings
The PPA and PrivacyCheck scores show varying effectiveness in detecting privacy risks across different data types.
Entropy-based metrics help quantify uncertainty in privacy assessments, revealing insights into data vulnerabilities.
Combining risk scoring, information theory, and network modeling improves privacy evaluation in IoT ecosystems.
Abstract
As the Internet of Things (IoT) expands, robust tools for assessing privacy risk are increasingly critical. This research introduces a quantitative framework for evaluating IoT privacy risks, centered on two algorithmically derived scores: the Personalized Privacy Assistant (PPA) score and the PrivacyCheck score, both developed by the Center for Identity at The University of Texas. We analyze the correlation between these scores across multiple types of sensitive data—including email, social security numbers, and location—to understand their effectiveness in detecting privacy vulnerabilities. Our approach leverages Bayesian networks with cycle decomposition to capture complex dependencies among risk factors and applies entropy-based metrics to quantify informational uncertainty in privacy assessments. Experimental results highlight the strengths and limitations of each tool and…
Genes, proteins, chemicals, diseases, species, mutations and cell lines named across the full text — each resolved to its canonical identifier and authoritative record.
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Data Quality and Management · Information and Cyber Security
