The document discusses incentive mechanisms for privacy-preserving Internet of Things (IoT). It addresses common misconceptions about privacy in IoT and discusses how incentive mechanisms can encourage user participation while balancing privacy and accuracy. Specifically, it notes that incentive mechanisms, like reverse auctions, are needed to attract crowdsensing users to contribute data. However, these mechanisms must also consider users' varying privacy levels and how coalitions can impact privacy. The document examines how user contributions, payoffs, and coalitions should be handled to optimize this accuracy-privacy tradeoff.
Driving Behavioral Change for Information Management through Data-Driven Gree...
Data Privacy of the Internet of Things
1. Data Privacy of the Internet of Things
Mohammad Abu Alsheikh
Associate Professor of Engineering (Data Privacy)
IEEE Senior Member
https://mabualsh.github.io
1
Privacy-Preserving Internet of Things
2. Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
2
Privacy-Preserving Internet of Things
3. Common Misconceptions About Privacy-
Preserving Internet of Things
This material is based on the following paper
MA Alsheikh, "Five Common Misconceptions About Privacy-Preserving Internet of
Things." IEEE Communications Magazine (2023)
DOI: https://doi.org/10.1109/MCOM.001.2200097
3
Privacy-Preserving Internet of Things
keywords—Internet of things, data privacy
4. Privacy-preserving IoT: Overview
Data privacy and IoT
• billions of IoT devices collect
sensitive data about people,
creating data privacy risks and
breach vulnerabilities
• connecting to IoT services is
indispensable and makes
people’s life more convenient
• data privacy preservation is vital
for sustaining the proliferation
of IoT services
4
Privacy-Preserving Internet of Things
Privacy-preserving IoT refers to any IoT service, i.e., any network of objects embedded with
sensors and connection links, that functions while maintaining the privacy rights of users.
5. Privacy-preserving IoT: Overview
5
Privacy-Preserving Internet of Things
main entities of privacy-preserving IoT
Four main entities of privacy preserving IoT:
1. people (service users): hold the
ownership of their data
2. service provider and business
stakeholders: transmit IoT data to
backend servers through high-speed
networks and apply ambient intelligence
(data analysis and machine learning)
3. adversary: any third-party entity that
initiates privacy attacks to partially or
fully attain user data
4. data privacy analyst (regulatory officer):
oversees the compliance of service
providers with the relevant data privacy
regulations
6. Data privacy rights
• Recent years have witnessed strict data privacy regulations
• For example, the General Data Protection Regulation (GDPR)* is a European
Union law that defines eight data privacy rights of people
1) the right to be informed of all data operations
2) the right to review and access copies of personal data
3) the right to rectify incorrect data
4) the right to object data processing
5) the right to restrict data processing
6) the right of data portability to third parties
7) the right to be forgotten if personal data is no longer needed for the original purpose
8) the right not to be a subject of automation and profiling
• Likewise, the California Consumer Privacy Act (CCPA)** defines equivalent
user rights for residents of California
Privacy-Preserving Internet of Things 6
*European Parliament and Council of the European Union, “General data protection regulation (GDPR),” https://gdpr-info.eu, 2016
**California Civil Code, “California consumer privacy act (CCPA),” https://oag.ca.gov/privacy/ccpa , 2018
7. Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
• IoT service providers and stakeholders commonly perceive privacy-preserving IoT
as an impediment to innovation as data sensing about people is heavily regulated
• On the other hand, some service users assume that service providers should not
collect any data
Correction:
• rights and responsibilities of each entity in privacy-preserving IoT are well-depicted.
• privacy preserving IoT is mainly about providing users with control over their data while
promoting safeguarded IoT sensing and innovation.
• service provider must incorporate various privacy safeguards, including explicit consent,
rectification forms, and meeting the differential privacy measurements when serving user
requests
Privacy-Preserving Internet of Things 7
8. Differential privacy
• privacy-preserving IoT is generally devised to meet the differential privacy
requirements* by adding noise to the input data, the parameters of
ambient intelligence models, or the output results
• Dwork and Roth* describe differential privacy as a guarantee provided by
a service provider to users that they will not be affected by sharing their
data, regardless of the availability of other information sources or
personal data about them
Privacy-Preserving Internet of Things 8
Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
* C. Dwork and A. Roth, “The algorithmic foundations of differential privacy,” Foundations and Trends in Theoretical
Computer Science, vol. 9, no. 3-4, pp. 211–407, 2014.
9. • data privacy is not absolute in privacy-
preserving IoT
• privacy budget is defined as the
probability of accidental data leakage by
an adversary
• a trade-off exists between service
accuracy and privacy preservation
• privacy-preserving and exposed services
are created using logistic regression and
Gaussian naive Bayes trained on a real-
world activity prediction dataset
Privacy-Preserving Internet of Things 9
Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
accuracy of privacy-preserving
and exposed IoT services
10. Several important results
1) when the privacy budget increases, the service
accuracy will increase
2) when the privacy budget is small, i.e., less than
5, significant accuracy improvement can be
achieved for small increases in the privacy
budget requirements
3) there is a marginal gain in the service accuracy
for increasing the privacy budget at high values
4) different algorithms may have different
accuracy ranks when changing the privacy
budget
5) the exposed services retain higher accuracy
values than the privacy-preserving ones, but
that accuracy gain comes at the cost of risking
users’ privacy
Privacy-Preserving Internet of Things 10
Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
accuracy of privacy-preserving
and exposed IoT services
11. Misconception 2: Privacy-preserving IoT is
exclusively a regulatory problem
• IoT standards, e.g., IEEE 2413-2019*, include data privacy as a functional
requirement of IoT architectures
• The privacy paradox describe the discrepancy between how people insist on
the importance of their privacy and how they compromise their privacy in
reality (e.g., many users provide their names and emails in marketing campaigns to receive discounts or
free product samples)
• Data privacy has been portrayed as an exclusive regulatory problem, i.e.,
people are wrongly perceived as incompetent in protecting their privacy
Privacy-Preserving Internet of Things 11
* IEEE SA Board of Governors/Corporate Advisory Group (BoG/CAG), “IEEE standard for an architectural framework for the
Internet of things (IoT),” IEEE Std 2413-2019, pp. 1–269, March 2020.
12. Misconception 2: Privacy-preserving IoT is
exclusively a regulatory problem
Correction:
• Privacy-preserving IoT is not an exclusive regulatory problem. Data privacy
must be incorporated in the early design cycle of IoT
• Issues about restricting user-level data control can be underlined
• data privacy is individual level ownership rather than a societal right
▪ people should be able to provide consent to service providers for data collection and selling
▪ existing privacy regulation, such as the CCPA, underlines that users may be offered discounts and
financial incentives for data collection. This arrangement provides flexibility to both users and
service providers
• a single government body cannot check the compliance of every service provider with
the privacy regulations
• many sensing technologies exist in IoT systems, and it would be unattainable for a
single entity to assess all possible privacy risks
Privacy-Preserving Internet of Things 12
13. Misconception 3: Privacy-preserving IoT is exclusively
required to comply with data privacy regulations
• A common misconception among service providers is perceiving data privacy
in IoT as an obligation that does not retain direct financial benefits
• Service providers adhere to the data privacy regulations as a compliance
action, and IoT data privacy is not perceived as a functional requirement
Privacy-Preserving Internet of Things 13
Correction:
• privacy-preserving IoT has many benefits for building trust bridges with users; hence, it boosts
user retention and satisfaction
• online survey study was conducted to understand how people perceive their data privacy in
exposed systems. The survey was created using the Qualtrics platform (www.qualtrics.com) and
200 participants were recruited using Amazon Mechanical Turk (www.mturk.com)
• survey research’s results indicate the importance of data privacy in improving user retention and
overall satisfaction
14. Misconception 3: Privacy-preserving IoT is exclusively
required to comply with data privacy regulations
Several important results
• people will not use exposed services
▪ respondents indicated they would take all
possible measures to protect their privacy
▪ For example, 56.2% suggested that they
would stop using the company’s services, and
67.2% said they would close the service
accounts
• 92.5% of people are genuinely concerned
about their data privacy and how service
providers use their online data
• 73% of people do not trust companies that
do not make sufficient efforts to protect
their data privacy
Thus, data privacy should not be perceived
as a compliance problem but rather as a
business opportunity with financial yields.
Privacy-Preserving Internet of Things 14
users take various actions if a company does not make
sufficient efforts to protect their online data privacy
15. Misconception 4: Data privacy is fully preserved
if IoT data is securely stored
• A widespread fallacy, even among cybersecurity practitioners, is claiming
data privacy preservation by applying data security measures, such as
network security, access control, backups, authorization, firewalls, and
intrusion detectors.
• Data security methods are implemented to adhere to the confidentiality,
integrity, and availability (CIA) principles.
▪ confidentiality protocols, e.g., access control and authorization, aim to protect the
data from unauthorized disclosure
▪ integrity, e.g., digital signatures and logging, aims to maintain the accuracy and
completeness of data
▪ availability, e.g., backups and firewalls, aims to promptly supply resource access to
users when requested
Privacy-Preserving Internet of Things 15
16. Privacy-Preserving Internet of Things 16
Misconception 4: Data privacy is fully preserved
if IoT data is securely stored
Correction:
• Data security, defined in the CIA triad, does not
guarantee users’ data privacy
▪ data security protects users from unauthorized data
access or modification
▪ data privacy protects users from violations and misuse,
including how service providers use and process user
data
▪ Data privacy is a superset of data security and requires
stricter conditions to comply with the privacy laws on
how user data is collected, transmitted, stored, and
processed, e.g., the data privacy rights of users as
depicted in the GDPR and CCPA
Data privacy extends the data security
conditions, providing users with control
over their data and preventing data
violations and misuse
17. • Data privacy may not be met even when original
data is securely stored
▪ even though the original face images are securely
kept, the adversary can reconstruct an accurate
estimation of people’s faces using the deep learning
model, i.e., the original training images are not used in
producing the reconstructed images
▪ model inversion attacks produce sensitive data using
outputs of a model
• Service providers should utilize privacy-
preserving learning that adds reasonable noise
to the modeling parameters during model
training according to the differential privacy
conditions
Privacy-Preserving Internet of Things 17
Misconception 4: Data privacy is fully preserved
if IoT data is securely stored
privacy attacks on an exposed IoT service
that uses face recognition
18. Misconception 5: Decentralized IoT (DeIoT) solves the
privacy problem and provides absolute data privacy
preservation
• DeIoT is an emerging user-centered ecosystem that distributes IoT control
functions and delegates operations to users without including a central
authority
▪ edge computing, blockchain ledgers, and federated learning are the most promising
technologies
➢smart contracts and blockchain ledgers provide decentralized digital identities
➢federated learning and edge computing can optimize a master ambient intelligence model without
sharing users’ original data
• DeIoT is often suggested as a method for attaining absolute data privacy,
security, transparency, and scalability using token-based operations and
decentralization
Privacy-Preserving Internet of Things 18
19. Privacy-Preserving Internet of Things 19
Misconception 5: Decentralized IoT (DeIoT) solves the
privacy problem and provides absolute data privacy
preservation
Correction:
• Unfortunately, DeIoT does not provide
absolute data privacy preservation.
• Services 1-3 are built using blockchain
ledgers. The privacy budget of a single
data sensing is set at 0.1, 0.15, and 0.3 in
services 1-3, respectively
• total privacy cost increases over repeated
sensing in the three services
• difference in the privacy cost of users
magnifies over time
total privacy cost of repeated data sensing
at various privacy budgets
20. Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
20
Privacy-Preserving Internet of Things
21. Incentive Mechanisms for Privacy-
Preserving Internet of Things
This material is based on the following paper
MA Alsheikh, et al., "The accuracy-privacy trade-off of mobile crowdsensing." IEEE
Communications Magazine (2017)
DOI: https://doi.org/10.1109/MCOM.2017.1600737
21
Privacy-Preserving Internet of Things
keywords—Internet of things, data privacy, incentive mechanism design
22. Incentive mechanisms for privacy-preserving IoT
Why do we need incentive mechanisms for privacy-preserving IoT?
• mechanism design → design incentives (e.g., monetary rewards) to
achieve a goal (e.g., increase participation in IoT or accuracy
maximization)
• IoT should incorporate efficient incentive mechanisms to attract and
retain enough crowdsensing users
• users are paid based on their marginal contributions to service
accuracy
22
Privacy-Preserving Internet of Things
23. Incentive mechanisms
• IoT should incorporate efficient incentive
mechanisms to attract and retain enough
crowdsensing users
• A typical reverse auction framework occurs
between the crowdsensing users and service
▪ users compete among themselves to perform the
sensing task
▪ service provider first announces the description of
the crowdsensing tasks to potential mobile users
▪ users are rational entities and will set their bids
based on the cost of the crowdsensing task
▪ to maximize the utility of the crowdsensing
service, the auction system determines the task
assignment and payoff of each user including both
selected and rejected bids
23
Privacy-Preserving Internet of Things
crowdsensing incentive mechanism
as a reverse auction
24. Incentive mechanism for privacy-preserving IoT
Main entities
• users are the participants who
collect sensing data using their
personal mobile devices
• service provider buys data from
the crowdsensing users through a
mediator, applies data analytics,
and delivers a service to a set of
customers
• mediator is the auction
management entity that controls
the exchange of data between the
crowdsensing users and the
service provider
Privacy-Preserving Internet of Things 24
incentive mechanism for privacy-preserving IoT supporting
both data anonymization and identity generalization through
crowdsensing coalition formulation. Cooperative users are
connected using device-to-device (D2D) communication
25. Incentive mechanism for privacy-preserving IoT
Next, we answer three major questions related to developing privacy-aware
incentive models in privacy-preserving IoT
1) how does the crowdsensing service define the contributions and payoff
allocations of users with varying privacy levels?
2) do crowdsensing coalitions change the attained privacy of the
cooperative users?
3) how do cooperative users divide the coalition payoff among
themselves?
Privacy-Preserving Internet of Things 25
26. User contributions and pivotal users
• Contributed data rates from each user
and the resulting service accuracy by
training a deep learning model on the
data of each user separately
▪ data rate varies among different users
▪ service accuracy depends on the quality
of the used mobile device, the user’s
performance during task execution, and
data annotation
▪ user 1 contributes more data than user
2, while the accuracy resulting from the
data of user 1 is lower than that of user 2
▪ users 3 and 6 are pivotal, and they score
the highest standalone accuracy values
of 68.3 and 68.1 percent, respectively
Privacy-Preserving Internet of Things 26
user contribution to the crowdsensing service
27. Privacy vs accuracy
• Impact of the data anonymization
level on the accuracy of the
crowdsensing service
▪ there is an inverse relationship
between the prediction accuracy and
the data anonymization level
▪ service provider has an incentive to
reject users with high data
anonymization levels
▪ prediction accuracy decreases as more
users adopt the data anonymization
scheme
Privacy-Preserving Internet of Things 27
resulting accuracy of the deep learning service
trained on the crowdsensing data.
28. Payoff allocation
• Payoff allocation of users 2 and 3
under the varied data anonymization
levels
• payoff allocation of any user decreases
as its data anonymization level increases
• pivotal users receive a higher payoff
compared to normal and low
performing users
• cooperative users receive not only the
same payoff in both the coalition and
the standalone cases, but also a higher
level of the k-anonymity privacy
protection
Privacy-Preserving Internet of Things 28
payoff allocation of Users 2 and 3. The privacy level
is equal to the variance of the added Gaussian noise
29. Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
29
Privacy-Preserving Internet of Things
30. Optimal Pricing of Privacy-Preserving
Internet of Things
This material is based on the following paper
MA Alsheikh, et al., "Privacy management and optimal pricing in people-centric
sensing." IEEE Journal on Selected Areas in Communications (2017)
DOI: https://doi.org/10.1109/JSAC.2017.2680845
30
Privacy-Preserving Internet of Things
keywords—Internet of things, data privacy, optimal pricing
31. Optimal pricing of privacy-preserving IoT
31
Privacy-Preserving Internet of Things
Why do we need optimal pricing models for privacy-preserving IoT?
• optimal pricing→ decide optimal prices of IoT services (e.g.,
subscription fees) to maximize profits based on user demand patterns
→ total profit of the service provider is maximized
32. Service bundling
• IoT services can be sold separately or
together as a service bundle
• there is a joint demand for
complementary services as both
services are jointly required by the
customers, e.g., sentiment analysis and
activity tracking
• substitute services are comparable in
their functionality, e.g., sentiment
analysis using two data analytics
algorithms
Privacy-Preserving Internet of Things 32
33. Optimal pricing and privacy management
• Key components of the optimal pricing and
privacy management framework
• framework is initiated by defining the data utility
u(·)
▪ u(·) is nonnegative—the service quality cannot be
negative
▪ u(·) is inversely proportional to the privacy level r ∈ [0,
1] — increasing the privacy level decreases the quality
of data analytic
▪ u(·) is convex and decreases at an increasing rate over
the privacy level—reflects the empirical change of
service quality at varying privacy levels
• profit maximization models are executed to obtain
the optimal subscription fee and privacy levels
Privacy-Preserving Internet of Things 33
Components of the optimal pricing and privacy
management framework for people-centric
sensing
35. Data utility: Quality-privacy tradeoff
• The figure below shows the quality-privacy models of three IoT services S1,
S2, and S3
• the service quality (accuracy) decreases as the privacy level increases
• increasing the privacy level results in higher data distortion
Privacy-Preserving Internet of Things 35
▪ Service S1—sentiment analysis
using deep learning
▪ Service S2—sentiment analysis
using random forests
▪ Service S3—activity tracking using
random forests
prediction quality of the services S1, S2, and S3
(from left to right) under varied privacy levels
36. Standalone sales — profit vs privacy
Standalone sales of S1
• subscription revenue, subscription fee, and
total data cost are inversely correlated with the
privacy level
• increasing the privacy level negatively affects
the service quality and fewer customers will be
interested in buying the service
• total data cost will decrease when the privacy
level is high
• gross profit increases up to privacy levels r =
0.62, then it decreases due to the extreme loss
of customers at the high privacy levels r > 0.62
Privacy-Preserving Internet of Things 36
37. Complementary bundles — reservation wages
Bundle Sb1
• reservation wage is the lowest
payment required to recruit one
crowdsensing participant
• bundling profit goes down when the
reservation wage increases
• to minimize the total data cost, the privacy
level of S1 is increased and the privacy
level of S2 is also slightly increased
Privacy-Preserving Internet of Things 37
Bundle Sb1 (S1 and S3 as complementary) — the economic
strategy of virtually packaging services S1 and S3 into one
service bundle
Impacts of the reservation wage on the gross
profit, privacy levels, and subscription fee
38. Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
38
Privacy-Preserving Internet of Things
39. Conclusions and future works
(Privacy-Preserving Internet of Things)
39
Privacy-Preserving Internet of Things
This material is based on the following paper
MA Alsheikh, "Five Common Misconceptions About Privacy-Preserving Internet of
Things." IEEE Communications Magazine (2023)
DOI: https://doi.org/10.1109/MCOM.001.2200097
keywords—Internet of things, data privacy
40. Critical questions for future research
• Data privacy and criminal justice
• a widespread argument for supporting dataveillance, i.e., monitoring and profiling people’s
data, is for criminal justice, law enforcement, and fraud prevention
• social benefits do not wipe out the personal benefits of data privacy
• what is the proper procedure for requesting data disclosure for criminal justice? how can
protected data be accessed for criminal justice without establishing an encryption backdoor?
how can people oversee the levels of dataveillance by organizations and governments?
• User-in-the-loop (UIL)
• users generally cannot verify the privacy measures taken by service providers due to the lack
of transparency in the implemented privacy safeguards
• UIL data privacy engages users in their privacy preservation
• how can user awareness of data privacy issues be increased? how can service providers
provide people with data privacy measurements? how can users be incentivized to contribute
to their data protection efforts?
Privacy-Preserving Internet of Things 40
41. Conclusions
• Billions of IoT devices collect sensitive data about people, creating data
privacy risks and breach vulnerabilities
• Privacy-preserving IoT refers to any IoT service, i.e., any network of objects
embedded with sensors and connection links, that functions while
maintaining the privacy rights of users
• These slides presented
▪ common myths about data privacy and IoT services;
▪ trade-off between privacy preservation by users and accuracy maximization and
collection of true data by service providers; and
▪ optimal pricing of standalone and bundled services
Privacy-Preserving Internet of Things 41