nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces

verfasst von : Joseph Bugeja, Andreas Jacobsson

Erschienen in: Privacy and Identity Management. Data for Better Living: AI and Privacy

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Many living spaces, such as homes, are becoming smarter and connected by using Internet of Things (IoT) technologies. Such systems should ideally be privacy-centered by design given the sensitive and personal data they commonly deal with. Nonetheless, few systematic methodologies exist that deal with privacy threats affecting IoT-based systems. In this paper, we capture the generic function of an IoT system to model privacy so that threats affecting such contexts can be identified and categorized at system design stage. In effect, we integrate an extension to so called Data Flow Diagrams (DFD) in the model, which provides the means to handle the privacy-specific threats in IoT systems. To demonstrate the usefulness of the model, we apply it to the design of a realistic use-case involving Facebook Portal. We use that as a means to elicit the privacy threats and mitigations that can be adopted therein. Overall, we believe that the proposed extension and categorization of privacy threats provide a useful addition to IoT practitioners and researchers in support for the adoption of sound privacy-centered principles in the early stages of the smart living design process.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Ontology-Based Modeling of Privacy Vulnerabilities for Data Sharing

Nächstes Kapitel Language-Based Mechanisms for Privacy-by-Design

https://portal.facebook.com [accessed December 13, 2019].

https://portal.facebook.com/legal/data-policy [accessed December 13, 2019].

Alshammari, M., Simpson, A.: Privacy architectural strategies: an approach for achieving various levels of privacy protection. In: Proceedings of the 2018 Workshop on Privacy in the Electronic Society, pp. 143–154. ACM (2018)

Altman, I.: The environment and social behavior: privacy, personal space, territory, and crowding (1975)

Antignac, T., Scandariato, R., Schneider, G.: A privacy-aware conceptual model for handling personal data. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 942–957. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_65CrossRef

Antón, A.I., Earp, J.B.: A requirements taxonomy for reducing web site privacy vulnerabilities. Requirements Eng. 9(3), 169–185 (2004)CrossRef

Bettini, C., Riboni, D.: Privacy protection in pervasive systems: state of the art and technical challenges. Pervasive Mob. Comput. 17(PB), 159–174 (2015)CrossRef

Bugeja, J., Jacobsson, A., Davidsson, P.: An empirical analysis of smart connected home data. In: Georgakopoulos, D., Zhang, L.-J. (eds.) ICIOT 2018. LNCS, vol. 10972, pp. 134–149. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94370-1_10CrossRef

California Senate Judiciary Committee et al.: California consumer privacy act: Ab 375 legislative history (2018)

Cavoukian, A.: Privacy by design. Technical report (2009). http://www.ontla.on.ca/library/repository/mon/23002/289982.pdf

Cavoukian, A.: Privacy by design in law, policy and practice. A white paper for regulators, decision-makers and policy-makers (2011)

10.

Chen, Y.T., Huang, C.C.: Determining information security threats for an iot-based energy internet by adopting software engineering and risk management approaches. Inventions 4(3), 53 (2019)MathSciNetCrossRef

11.

D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.A., Bourka, A.: Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. arXiv preprint arXiv:1512.06000 (2015)

12.

Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)

13.

Miorandi, D., Sicari, S., De Pellegrini, F., Chlamtac, I.: Internet of things: vision, application areas and research challenges. Ad Hoc Netw. 10, 1497–1516 (2012)CrossRef

14.

Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16, 3–32 (2011)CrossRef

15.

Dwork, C., Roth, A.: The algorithmic foundations of differential privacy. Foundations Trends® Theor. Comput. Sci. 9(3–4), 211–407 (2014)MathSciNetCrossRef

16.

European Commission: Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation) (2017). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52017PC0010

17.

European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. Technical report (2016). https://bit.ly/2Cxy5yP

18.

Friedewald, M., Wright, D., Gutwirth, S., Mordini, E.: Privacy, data protection and emerging sciences and technologies: towards a common framework. Innov. Eur. J. Soc. Sci. Res. 23(1), 61–67 (2010)CrossRef

19.

Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38CrossRef

20.

Hu, F., Jeyanthi, N.: Internet of Things (IoT) as Interconnection of Threats (IoT). In: Security and Privacy in Internet of Things (IoTs) (2016)

21.

ISO: ISO 29100 Privacy Framework 2011, 1–21 (2011)

22.

Jacobsson, A., Boldt, M., Carlsson, B.: A risk analysis of a smart home automation system. Future Gener. Comput. Syst. 56, 719–733 (2016)CrossRef

23.

Langheinrich, M.: Privacy by design—principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45427-6_23CrossRefMATH

24.

Li, C., Palanisamy, B.: Privacy in internet of things: from principles to technologies. IEEE Internet of Things J. 6, 1–18 (2018)

25.

Luna, J., Suri, N., Krontiris, I.: Privacy-by-design based on quantitative threat modeling. In: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1–8. IEEE (2012)

26.

Perera, C., Mccormick, C., Bandara, A.K., Price, B.A., Nuseibeh, B.: Privacy-by-design framework for assessing internet of things applications and platforms (2016)

27.

Solove, D.J.: A taxonomy of privacy. U. Pa. L. Rev. 154, 477 (2005)CrossRef

28.

Spiekermann, S., Cranor, L.: Privacy engineering. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)CrossRef

29.

Tao, Y., Kung, C.: Formal definition and verification of data flow diagrams. J. Syst. Softw. 16(1), 29–36 (1991)CrossRef

30.

Warren, S.D., Brandeis, L.D.: The Right to Privacy. Wadsworth Publishing Company, Belmont (1985)

31.

Westin, A.F.: Privacy and freedom. Wash. Lee Law Rev. 25(1), 166 (1968)

32.

Yu, S.: Big privacy: challenges and opportunities of privacy study in the age of big data. IEEE Access 4, 2751–2763 (2016)CrossRef

33.

Zhou, B., et al.: The carpet knows: identifying people in a smart environment from a single step. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 527–532. IEEE (2017)

34.

Ziegeldorf, J.H., Morchon, O.G., Wehrle, K.: Privacy in the internet of things: threats and challenges. Secur. Commun. Netw. 7(12), 2728–2742 (2013)CrossRef

35.

Zwingelberg, H., Hansen, M.: Privacy protection goals and their implications for eID systems. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IAICT, vol. 375, pp. 245–260. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31668-5_19CrossRef

Titel: On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces
verfasst von: Joseph Bugeja
Andreas Jacobsson
Verlag: Springer International Publishing
Buch: Privacy and Identity Management. Data for Better Living: AI and Privacy
Print ISBN: 978-3-030-42503-6

Electronic ISBN: 978-3-030-42504-3

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-42504-3_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"