Introduction
Related work and motivation
Framework/approach | Basic concept for privacy preservation | References |
---|---|---|
Lightweight encryption algorithm | Encryption/decryption | [27] |
Privacy-preserving IoT architecture | Encryption/decryption | [25] |
DPP model | Selectively encrypt data | [26] |
EPIC | Differentially Private (DP) obfuscation mechanism | [28] |
Privacy-preserving model | Trust evaluation | [29] |
Privacy-preserving trust model | Functional encryption/decryption | [20] |
Information relevance model | Contextual privacy perception framework | [30] |
Interaction-based privacy protection management framework | Restricting the non-authorized operations and neutralizing the execution of non-authorized operations | [31] |
Privacy monitoring framework | Informative event, access log analyzer, obfuscation | [32] |
Privacy preserving communication protocol | Chaos-based cryptographic scheme and message authentication codes | [33] |
Balance privacy-preserving data aggregation model | Slicing and mixing technology | [34] |
Privacy preserving scheme | Identity-based Encryption (IBE) and symmetric encryption | [35] |
Framework/approach | Key parameters or building block | Challenges/issues for that solution is proposed | Important findings | References |
---|---|---|---|---|
Lightweight encryption algorithm | Hash function SHA-3 Symmetric key cryptosystem | Needs of a practical strategy to prevent the inside attack | The lightweight encryption algorithm that protects the communication among the sensor-node and the Sharemind system preserve the patient data privacy if the three data servers in the Sharemind system do not collude | [27] |
Privacy preserving IoT architecture | Data ingestion scheme splits the IoT data into n (number of servers) parts | Lack of control over IoT devices Privacy loss over IoT devices, storage infrastructure, applications, and related communications Developing techniques that can ensure privacy in the IoT data collection, storage, and retrieval | Innovative schemes for privacy-preservation of the IoT data | [25] |
DPP Model | Privacy weight Dynamic programming Selectively encrypt data, based on the requirements and constraints of the associated hardware or software | User’s privacy Violation when different data are combined Without incurring unrealistic performance overheads, ensuring the security of data in transit and at rest | Uses the content-oriented approach to selectively encrypt data for privacy protection | [26] |
EPIC | Utility optimal differential privacy mechanism | Protecting from the traffic analysis attacks due to resources constrain | A privacy-preserving traffic obfuscation framework Adversaries cannot link any traffic flow to a particular smart home | [28] |
Privacy-preserving trust model | Trust and uniformization models | Minimizing the privacy-loss in the presence of untrusted service providers | A lightweight approach to functional encryption | [20] |
Privacy-preserving model | Based on simple threshold detection Direct interactive trust, friend recommendation trust and historical trust Dynamic self-adjusting trust evaluation approach | How to build a trust model that can prevent non trusted objects from accessing private data | A lightweight strategy to access control for privacy-preservation Privacy protection problem is transformed into a simple judgment problem | [29] |
Information relevance model | Consumer’s privacy sensitivity as the summation of their privacy concerns Population privacy sensitivity | To treat privacy uniformly is unfair and socially inefficient by which a substantial proportion of the population remains unsatisfied by a common-policy | Acknowledged the existence of individual differences with respect to unique security and privacy protection needs Contribute to quantifiable means to measure and evaluate the customized privacy | [30] |
Privacy monitoring framework | Informative events and access log analyzer Average response time | For the broader adoption of cloud computing, the necessity of proper privacy and security mechanisms to control the sensitive information committed to cloud service providers by users | The framework provides a mechanism that enables cloud customers to track details, such as what happens to their data, where data is stored, and who accesses their data | [32] |
Privacy preserving communication protocol | Symmetric encryption scheme | Eavesdroppers can aggregate the traffic information to profile a household RFID tags, sensors, actuators, and central Controller are known for limited computing capabilities and not capable of carrying out complicated computing operations | A lightweight secure and privacy-preserving communication protocol that leverages chaos-based encryption and Message Authentication Codes (MAC) | [33] |
BPDA Model | Slicing and mixing technology | Sensitive information that sensor nodes gathered is inclined to be leaked for the hostile environment | Good performance in terms of privacy-preserving efficacy and communication overhead and increases the lifetime of the network | [34] |
Privacy preserving scheme | IBE scheme and symmetric encryption | The exchanged data including sensitive and critical information are sent via an insecure channel Content and contextual privacy requirements must be satisfied | Privacy preservation solution for E-health fulfilling privacy requirements | [35] |
IoTp | Data Masking technique and Distributed Approach | Lack of end to end privacy Linking data collected from sensors | Ensures privacy at data collection, data store and data access | [36] |
SPT | Data splitting with the data obfuscation | Computational constraint, storage cost, and battery power are the major issues Ensures data privacy in the IoT ecosystem through lightweight data collection and data access protocols in the resource-constrained IoT ecosystem Ensure end to end data privacy efficiently | Ensure the data privacy with lightweight approaches for the resource constrained IoT devices | [37] |
Noise based privacy-preserving model | Multilevel noise treatment Fuzzification | Privacy breach in data collection, storage and Retrieval Practical and feasible privacy preservation strategies | ensures privacy preservation according to the user’s preferences Less burden on the resource constraint IoT devices | Proposed |
Adversary model and design objectives
Security and privacy threats in IoT
Threats at different levels | ||||
---|---|---|---|---|
IoT Node (Sensing device) | Gateway | IoT network | Cloud level | Application level |
Hacked IoT node | Single point attack | Sniffing attack | Malicious administrator (insider threat) | Lack of user control over their data |
Lack of control by legitimate user over IoT node | Inferences | Traffic analysis | Single point attack | Malicious apps |
Privacy violating interaction and presentation | Linkage | Sybil attack | Inferences | User unawareness |
Lifecycle transitions | Hacked gateway | Linkage | Profiling | |
Tracking | Lack of user control | Permission escalation | ||
Inventory attack | Collusion attack | |||
Tracking |
Problem definition and design objectives
Noise based privacy preserving model
Overview
Methodology
Symbol | Meaning |
---|---|
D
| Sensed IoT parameter |
\(D_{ID}\)
| Data identifier |
N
| Total operators in a row in operator table |
T
| Timestamp |
\(F_i\)
| Attribute Identifier |
P
| Noise |
\(P_1\)
| Sub-noise 1 |
\(P_2\)
| Sub-noise 2 |
\(P_3\)
| Sub-noise 3 |
X, Y, Z | Data addend at level 1 |
A, B, C | Data addend at level 2 |
K, L, M | Data addend at level 3 (Sensitive) |
\(K^{\prime }\), \(L^{\prime }\), \(M^{\prime }\) | Data addend at level 3 (non-sensitive) |
\(\oplus _1\)
| An operator from operator table |
\(\oplus _i\)
| An operator to add noise at ith level |
\(\ominus _i\)
| Reverse operator of \(\oplus _K\) |
\(D^{\prime }\)
| Fuzzified data |
\(S_i\)
| ith service to user |
\(\eta _{\text {Service}}\)
| Value of the service received by the user |
\(\sigma _{\text {Privacy}}\)
| Cost of the privacy loss |
\(\sigma _{\text {Hardware}}^{\text {User}}\)
| User share in the cost of hardware and related service |
\(\sigma _{\text {Payment}}\)
| Payment made by the user for the service |
\(\rho _{\text {information}}\)
| Value of information collected by the provider |
\(\sigma _{\text {Business}}^{\text {Hardware}}\)
| Share of the business for hardware and maintenance cost |
\(\Gamma \)
| Trust value |
\(\phi \)
| User privacy preference coefficient |
\(\xi \)
| Sensitivity coefficient for personally identifiable information items |
\(\Omega \)
| Privacy coefficient |
\(\pi \)
| System trust coefficient |
\((t_j)_{F_i}\)
| Execution time to access \(j\text {th}\) content of \(F_i\) attribute type |
\(\omega \)
| Computational time |
Data classification module
Multilevel noise treatment
Noise removal and fuzzification
Attribute | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
---|---|---|---|---|---|---|---|---|---|
\(F_1\) | \(+\) | − | \(*\) | \(+\) | \(*\) | − | \(+\) | − | \(*\) |
\(F_2\) | \(*\) | − | \(+\) | − | \(*\) | \(+\) | \(*\) | − | \(+ \) |
\(F_3\) | − | \(*\) | \(+\) | − | \(+\) | \(*\) | − | \(*\) | \(+\) |
x | \(S_1\) | \(S_2\) | \(S_3\) | \(S_4\) | \(S_5\) | . | . | . | \(S_n\) |
---|---|---|---|---|---|---|---|---|---|
\(\mu _{{\tilde{A}}}(x)\) | 0.8 | 0.2 | 0.6 | 0.3 | 0 | . | . | . | 0.1 |
\(\mu _{{\tilde{\lambda }}}(x)\) | 1 | 0.3 | 0.8 | 0.6 | 0 | . | . | . | 0.3 |
Experiments and results
Experimental configurations
Results and discussion
Data before noise addition | Data after noise addition | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Data addends of \({F_1}\) | Data addends of \({F_2}\) | Data addends of \({F_3}\) | |||||||||
\({F_1}\) | \({F_2}\) | \({F_3}\) | \({DA_1}\) | \({DA_2}\) | \({DA_3}\) | \({DA_1}\) | \({DA_2}\) | \({DA_3}\) | \({DA_1}\) | \({DA_2}\) | \({DA_3}\) |
1667 | 2072 | 2047 | 346 | 959 | 535 | 1166 | 320 | 759 | 1353 | 1273 | 48,747 |
1611 | 1957 | 1906 | 180 | 1289 | 39,004 | 635 | 185 | 1360 | 1320 | 304 | 505 |
1601 | 1939 | 1831 | 1073 | 1120 | – 369 | 945 | 712 | 455 | 680 | 85 | 1239 |
1643 | 1965 | 1879 | 476 | 92 | 40,705 | 960 | 297 | 48,066 | 706 | 320 | 1076 |
1604 | 1959 | 1921 | 750 | 1309 | – 282 | 385 | 962 | 835 | 1416 | 830 | 45,977 |
1640 | 1829 | 1940 | 1465 | 701 | – 303 | 1307 | 649 | 43,967 | 468 | 1352 | 293 |
1607 | 1910 | 1910 | 917 | 882 | – 19 | 1171 | 674 | 238 | 1252 | 719 | 45977 |
1546 | 2045 | 1910 | 977 | 114 | 37,757 | 138 | 217 | 1913 | 107 | 1098 | 928 |
1529 | 2049 | 1972 | 1081 | 864 | – 193 | 1294 | 1315 | 48814 | 278 | 1380 | 487 |
1637 | 1978 | 1945 | 880 | 931 | – 1 | 329 | 1385 | 437 | 1046 | 542 | 47,235 |
1596 | 2046 | 1866 | 1084 | 1429 | 37,585 | 544 | 154 | 1571 | 1027 | 858 | 204 |
1590 | 2006 | 1978 | 626 | 1171 | 16 | 897 | 1345 | – 63 | 929 | 496 | 726 |
1601 | 1966 | 1957 | 814 | 1123 | 38,286 | 1116 | 1199 | 47,033 | 734 | 192 | 1254 |
1542 | 2003 | 1959 | 751 | 1249 | – 285 | 548 | 1147 | 531 | 696 | 1147 | 47,330 |
1598 | 2027 | 1941 | 545 | 934 | 342 | 484 | 1126 | 49263 | 916 | 833 | 365 |
1511 | 2258 | 1983 | 735 | 1427 | – 478 | 1441 | 450 | 540 | 453 | 1018 | 48,302 |
1555 | 1980 | 2023 | 412 | 868 | 37793 | 1365 | 351 | 487 | 685 | 1278 | 283 |
1508 | 2468 | 1934 | 1303 | 234 | 194 | 1209 | 452 | 60,237 | 1117 | 469 | 521 |
1580 | 1697 | 2005 | 1373 | 998 | – 618 | 195 | 87 | 1588 | 1084 | 970 | 48,269 |
1627 | 2073 | 1992 | 1009 | 176 | 39,688 | 960 | 567 | 769 | 152 | 261 | 1802 |
1592 | 2130 | 2063 | 430 | 1416 | – 31 | 903 | 219 | 1181 | 821 | 647 | 768 |
1634 | 2088 | 1991 | 695 | 828 | 39,525 | 1071 | 195 | 51,132 | 136 | 478 | 1600 |
1638 | 2102 | 1916 | 186 | 445 | 1180 | 1240 | 472 | 613 | 1440 | 707 | 45,951 |
1593 | 2123 | 1948 | 1005 | 741 | 70 | 120 | 753 | 52,400 | 345 | 1294 | 482 |
1542 | 2133 | 2034 | 651 | 214 | 850 | 1338 | 806 | 162 | 953 | 437 | 49,658 |
1601 | 2015 | 2042 | 72 | 767 | 39,384 | 387 | 1229 | 622 | 1293 | 1057 | – 85 |
1613 | 1938 | 1936 | 1247 | 986 | – 397 | 302 | 1438 | 46,908 | 958 | 1402 | – 251 |
1644 | 1974 | 2000 | 1404 | 1366 | – 953 | 632 | 1006 | 509 | 269 | 1460 | 48,469 |
1642 | 1933 | 2046 | 1412 | 1320 | 38516 | 1386 | 416 | 354 | 1294 | 369 | 606 |
1605 | 1925 | 2011 | 474 | 991 | 363 | 260 | 953 | 885 | 289 | 1059 | 836 |
1586 | 1998 | 2066 | 468 | 1177 | 38,203 | 852 | 72 | 49,224 | 236 | 1244 | 809 |
1577 | 2032 | 2108 | 1107 | 938 | – 295 | 885 | 82 | 1288 | 844 | 776 | 51,278 |
1598 | 1980 | 2066 | 1217 | 915 | – 311 | 238 | 105 | 49,355 | 1060 | 1115 | 64 |
1561 | 1942 | 2092 | 851 | 1071 | – 188 | 646 | 793 | 676 | 379 | 1394 | 50725 |
1628 | 1935 | 2142 | 1425 | 149 | 39,324 | 520 | 503 | 1135 | 558 | 735 | 1072 |
1694 | 1965 | 2052 | 1272 | 103 | 542 | 969 | 1354 | 47,000 | 271 | 997 | 957 |
1627 | 1922 | 2081 | 1013 | 1156 | – 369 | 1384 | 1326 | – 615 | 102 | 701 | 51420 |
1598 | 1950 | 2117 | 343 | 1266 | 38,539 | 361 | 137 | 1675 | 455 | 1103 | 782 |
1612 | 1952 | 2075 | 1436 | 95 | 304 | 217 | 1166 | 742 | 482 | 1232 | 534 |
1630 | 1958 | 2024 | 672 | 932 | 39,344 | 764 | 163 | 48,221 | 953 | 769 | 525 |
1609 | 1973 | 2005 | 989 | 838 | – 45 | 330 | 867 | 999 | 1308 | 507 | 48,508 |
1600 | 1983 | 2014 | 515 | 508 | 800 | 731 | 185 | 48,857 | 85 | 1293 | 809 |
1608 | 1969 | 2024 | 230 | 1004 | 547 | 422 | 919 | 801 | 1398 | 669 | 48,731 |
1612 | 1957 | 2019 | 262 | 1200 | 39,036 | 794 | 342 | 1044 | 334 | 924 | 984 |
1605 | 1943 | 2018 | 1273 | 470 | 85 | 1160 | 1146 | 46,467 | 552 | 765 | 874 |
1640 | 1917 | 2037 | 914 | 1156 | – 257 | 1160 | 217 | 713 | 401 | 305 | 50,417 |
1610 | 1949 | 2077 | 424 | 328 | 39,696 | 1258 | 1170 | – 256 | 1082 | 560 | 658 |
Data after noise removal and without fuzzification | Data after noise removal and with fuzzification | ||||
---|---|---|---|---|---|
\({DA_1}\) | \({DA_2}\) | \({DA_3}\) | \({DA_1}\) | \({DA_2}\) | \({DA_3}\) |
1667 | 2072 | 2047 | 1662.5 | 2074.5 | 2044 |
1611 | 1957 | 1906 | 1606.5 | 1959.5 | 1903 |
1601 | 1939 | 1831 | 1596.5 | 1941.5 | 1828 |
1643 | 1965 | 1879 | 1638.5 | 1967.5 | 1876 |
1604 | 1959 | 1921 | 1599.5 | 1961.5 | 1918 |
1640 | 1829 | 1940 | 1635.5 | 1831.5 | 1937 |
1607 | 1910 | 1910 | 1602.5 | 1912.5 | 1907 |
1546 | 2045 | 1910 | 1541.5 | 2047.5 | 1907 |
1529 | 2049 | 1972 | 1524.5 | 2051.5 | 1969 |
1637 | 1978 | 1945 | 1632.5 | 1980.5 | 1942 |
1596 | 2046 | 1866 | 1591.5 | 2048.5 | 1863 |
1590 | 2006 | 1978 | 1585.5 | 2008.5 | 1975 |
1601 | 1966 | 1957 | 1596.5 | 1968.5 | 1954 |
1542 | 2003 | 1959 | 1537.5 | 2005.5 | 1956 |
1598 | 2027 | 1941 | 1593.5 | 2029.5 | 1938 |
1511 | 2258 | 1983 | 1506.5 | 2260.5 | 1980 |
1555 | 1980 | 2023 | 1550.5 | 1982.5 | 2020 |
1508 | 2468 | 1934 | 1503.5 | 2470.5 | 1931 |
1580 | 1697 | 2005 | 1575.5 | 1699.5 | 2002 |
1627 | 2073 | 1992 | 1622.5 | 2075.5 | 1989 |
1592 | 2130 | 2063 | 1587.5 | 2132.5 | 2060 |
1634 | 2088 | 1991 | 1629.5 | 2090.5 | 1988 |
1638 | 2102 | 1916 | 1633.5 | 2104.5 | 1913 |
1593 | 2123 | 1948 | 1588.5 | 2125.5 | 1945 |
1542 | 2133 | 2034 | 1537.5 | 2135.5 | 2031 |
1601 | 2015 | 2042 | 1596.5 | 2017.5 | 2039 |
1613 | 1938 | 1936 | 1608.5 | 1940.5 | 1933 |
1644 | 1974 | 2000 | 1639.5 | 1976.5 | 1997 |
1642 | 1933 | 2046 | 1637.5 | 1927.5 | 2043 |
1605 | 1925 | 2011 | 1600.5 | 2000.5 | 2008 |
1586 | 1998 | 2066 | 1581.5 | 2034.5 | 2063 |
1577 | 2032 | 2108 | 1572.5 | 1982.5 | 2105 |
1598 | 1980 | 2066 | 1593.5 | 1944.5 | 2063 |
1561 | 1942 | 2092 | 1556.5 | 1937.5 | 2089 |
1628 | 1935 | 2142 | 1623.5 | 1967.5 | 2139 |
1694 | 1965 | 2052 | 1689.5 | 1924.5 | 2049 |
1627 | 1922 | 2081 | 1622.5 | 1952.5 | 2078 |
1598 | 1950 | 2117 | 1593.5 | 1954.5 | 2114 |
1612 | 1952 | 2075 | 1607.5 | 1960.5 | 2072 |
1630 | 1958 | 2024 | 1625.5 | 1975.5 | 2021 |
1609 | 1973 | 2005 | 1604.5 | 1985.5 | 2002 |
1600 | 1983 | 2014 | 1595.5 | 1971.5 | 2011 |
1608 | 1969 | 2024 | 1603.5 | 1959.5 | 2021 |
1612 | 1957 | 2019 | 1607.5 | 1945.5 | 2016 |
1605 | 1943 | 2018 | 1600.5 | 1919.5 | 2015 |
1640 | 1917 | 2037 | 1635.5 | 1951.5 | 2034 |
1610 | 1949 | 2077 | 1605.5 | 1932.5 | 2074 |
1633 | 1930 | 2076 | 1628.5 | 1870.5 | 2073 |
1573 | 1868 | 2058 | 1568.5 | 1946.5 | 2055 |
1568 | 1944 | 1959 | 1563.5 | 2047.5 | 1956 |
1576 | 2217 | 2059 | 1571.5 | 1983.5 | 2056 |
Algorithmic behavior and performance evaluation
Iteration number | % Decrement in the computational overhead (in the proposed model without fuzzifier) | % Decrement in the computational overhead (in the proposed model with fuzzifier) | ||
---|---|---|---|---|
In comparison of the data access control scheme (%) | In comparison of the DPP model (%) | In comparison of the data access control scheme (%) | In comparison of the DPP model (%) | |
1 | 52.419 | 45.871 | 48.387 | 41.284 |
2 | 69.064 | 54.255 | 54.676 | 32.978 |
3 | 73.684 | 59.459 | 73.099 | 58.558 |
4 | 71.942 | 64.545 | 56.115 | 44.545 |
5 | 70.212 | 66.400 | 67.375 | 63.200 |
6 | 64.963 | 61.290 | 64.233 | 60.483 |
7 | 65.853 | 70.000 | 50.406 | 56.428 |
8 | 77.058 | 58.064 | 62.352 | 31.182 |
9 | 74.193 | 63.636 | 60.000 | 43.636 |
10 | 64.062 | 67.142 | 50.000 | 54.285 |
\({\text {Attribute } F_1}\) | \({\text {Attribute } F_2}\) | \({\text {Attribute } F_3}\) | |||||||
---|---|---|---|---|---|---|---|---|---|
Sensed data | 1667 | 2072 | 2047 | ||||||
Data addend | \(DA_1\) | \(DA_2\) | \(DA_3\) | \(DA_1\) | \(DA_2\) | \(DA_3\) | \(DA_1\) | \(DA_2\) | \(DA_3\) |
Source device | 280 | 893 | 469 | 1100 | 254 | 693 | 1287 | 1207 | 48,681 |
Middleware | 295 | 908 | 484 | 1115 | 269 | 708 | 1302 | 1222 | 48,696 |
Long-term storage | 346 | 959 | 535 | 1166 | 320 | 759 | 1353 | 1273 | 48,747 |
User device (after denoising and before fuzzification) | 1667 | 2072 | 2047 | ||||||
User device after fuzzification | 1662.5 | 2074.5 | 2044.0 |
Security and privacy analysis
Framework/approach | Available features | References | ||
---|---|---|---|---|
Data classifier | Customized user privacy option | Major aspects/threat(s) covered | ||
Lightweight encryption algorithm | \(\times \) | \(\times \) | Inside attack | [27] |
Privacy preserving IoT architecture | \(\times \) | \(\times \) | Data breach in collection, storage and retrieval | [25] |
DPP model | \(\checkmark \) | Configured privacy weight | User privacy violation | [26] |
EPIC | \(\times \) | \(\times \) | Traffic analysis attack, side channel attack | [28] |
Privacy-preserving model | \({\checkmark }\) | \({\checkmark }\) | Non trusted objects | [29] |
Privacy-preserving trust model | \(\times \) | \(\times \) | Sensing node identity, sensed value, user preferences | [20] |
NBPPM model | \({\checkmark }\) | \({\checkmark }\) | Privacy breach in data collection, storage and retrieval | Our proposed model |