Data Privacy of the Internet of Things

Data Privacy of the Internet of Things
Mohammad Abu Alsheikh
Associate Professor of Engineering (Data Privacy)
IEEE Senior Member
https://mabualsh.github.io
1
Privacy-Preserving Internet of Things

Roadmap
We will discus the following topics of privacy-preserving Internet of things (IoT)
a) Five common misconceptions
• refute common myths about data privacy and IoT services
• billions of IoT devices collect sensitive data about people, creating data privacy risks and breach
vulnerabilities
b) Incentive mechanisms
• motivate and encourage users to participate in IoT services
• contradicting incentives of privacy preservation by crowdsensing users and accuracy maximization and
collection of true data by service providers
c) Optimal pricing
• how can we define the subscription fees of privacy-preserving services?
d) Conclusions and future works
2

Common Misconceptions About Privacy-
Preserving Internet of Things
This material is based on the following paper
MA Alsheikh, "Five Common Misconceptions About Privacy-Preserving Internet of
Things." IEEE Communications Magazine (2023)
DOI: https://doi.org/10.1109/MCOM.001.2200097
3
keywords—Internet of things, data privacy

Privacy-preserving IoT: Overview
Data privacy and IoT
• billions of IoT devices collect
sensitive data about people,
creating data privacy risks and
breach vulnerabilities
• connecting to IoT services is
indispensable and makes
people’s life more convenient
• data privacy preservation is vital
for sustaining the proliferation
of IoT services
4
Privacy-preserving IoT refers to any IoT service, i.e., any network of objects embedded with
sensors and connection links, that functions while maintaining the privacy rights of users.

Privacy-preserving IoT: Overview
5
main entities of privacy-preserving IoT
Four main entities of privacy preserving IoT:
1. people (service users): hold the
ownership of their data
2. service provider and business
stakeholders: transmit IoT data to
backend servers through high-speed
networks and apply ambient intelligence
(data analysis and machine learning)
3. adversary: any third-party entity that
initiates privacy attacks to partially or
fully attain user data
4. data privacy analyst (regulatory officer):
oversees the compliance of service
providers with the relevant data privacy
regulations

Data privacy rights
• Recent years have witnessed strict data privacy regulations
• For example, the General Data Protection Regulation (GDPR)* is a European
Union law that defines eight data privacy rights of people
1) the right to be informed of all data operations
2) the right to review and access copies of personal data
3) the right to rectify incorrect data
4) the right to object data processing
5) the right to restrict data processing
6) the right of data portability to third parties
7) the right to be forgotten if personal data is no longer needed for the original purpose
8) the right not to be a subject of automation and profiling
• Likewise, the California Consumer Privacy Act (CCPA)** defines equivalent
user rights for residents of California
Privacy-Preserving Internet of Things 6
*European Parliament and Council of the European Union, “General data protection regulation (GDPR),” https://gdpr-info.eu, 2016
**California Civil Code, “California consumer privacy act (CCPA),” https://oag.ca.gov/privacy/ccpa , 2018

Misconception 1: Data privacy impedes IoT innovation
and implies that IoT data cannot be collected
• IoT service providers and stakeholders commonly perceive privacy-preserving IoT
as an impediment to innovation as data sensing about people is heavily regulated
• On the other hand, some service users assume that service providers should not
collect any data
Correction:
• rights and responsibilities of each entity in privacy-preserving IoT are well-depicted.
• privacy preserving IoT is mainly about providing users with control over their data while
promoting safeguarded IoT sensing and innovation.
• service provider must incorporate various privacy safeguards, including explicit consent,
rectification forms, and meeting the differential privacy measurements when serving user
requests

Differential privacy
• privacy-preserving IoT is generally devised to meet the differential privacy
requirements* by adding noise to the input data, the parameters of
ambient intelligence models, or the output results
• Dwork and Roth* describe differential privacy as a guarantee provided by
a service provider to users that they will not be affected by sharing their
data, regardless of the availability of other information sources or
personal data about them
* C. Dwork and A. Roth, “The algorithmic foundations of differential privacy,” Foundations and Trends in Theoretical
Computer Science, vol. 9, no. 3-4, pp. 211–407, 2014.

• data privacy is not absolute in privacy-
preserving IoT
• privacy budget is defined as the
probability of accidental data leakage by
an adversary
• a trade-off exists between service
accuracy and privacy preservation
• privacy-preserving and exposed services
are created using logistic regression and
Gaussian naive Bayes trained on a real-
world activity prediction dataset
accuracy of privacy-preserving
and exposed IoT services

Several important results
1) when the privacy budget increases, the service
accuracy will increase
2) when the privacy budget is small, i.e., less than
5, significant accuracy improvement can be
achieved for small increases in the privacy
budget requirements
3) there is a marginal gain in the service accuracy
for increasing the privacy budget at high values
4) different algorithms may have different
accuracy ranks when changing the privacy
budget
5) the exposed services retain higher accuracy
values than the privacy-preserving ones, but
that accuracy gain comes at the cost of risking
users’ privacy
accuracy of privacy-preserving
and exposed IoT services

Misconception 2: Privacy-preserving IoT is
exclusively a regulatory problem
• IoT standards, e.g., IEEE 2413-2019*, include data privacy as a functional
requirement of IoT architectures
• The privacy paradox describe the discrepancy between how people insist on
the importance of their privacy and how they compromise their privacy in
reality (e.g., many users provide their names and emails in marketing campaigns to receive discounts or
free product samples)
• Data privacy has been portrayed as an exclusive regulatory problem, i.e.,
people are wrongly perceived as incompetent in protecting their privacy
* IEEE SA Board of Governors/Corporate Advisory Group (BoG/CAG), “IEEE standard for an architectural framework for the
Internet of things (IoT),” IEEE Std 2413-2019, pp. 1–269, March 2020.

Misconception 2: Privacy-preserving IoT is
exclusively a regulatory problem
Correction:
• Privacy-preserving IoT is not an exclusive regulatory problem. Data privacy
must be incorporated in the early design cycle of IoT
• Issues about restricting user-level data control can be underlined
• data privacy is individual level ownership rather than a societal right
▪ people should be able to provide consent to service providers for data collection and selling
▪ existing privacy regulation, such as the CCPA, underlines that users may be offered discounts and
financial incentives for data collection. This arrangement provides flexibility to both users and
service providers
• a single government body cannot check the compliance of every service provider with
the privacy regulations
• many sensing technologies exist in IoT systems, and it would be unattainable for a
single entity to assess all possible privacy risks

Misconception 3: Privacy-preserving IoT is exclusively
required to comply with data privacy regulations
• A common misconception among service providers is perceiving data privacy
in IoT as an obligation that does not retain direct financial benefits
• Service providers adhere to the data privacy regulations as a compliance
action, and IoT data privacy is not perceived as a functional requirement
Correction:
• privacy-preserving IoT has many benefits for building trust bridges with users; hence, it boosts
user retention and satisfaction
• online survey study was conducted to understand how people perceive their data privacy in
exposed systems. The survey was created using the Qualtrics platform (www.qualtrics.com) and
200 participants were recruited using Amazon Mechanical Turk (www.mturk.com)
• survey research’s results indicate the importance of data privacy in improving user retention and
overall satisfaction

Misconception 3: Privacy-preserving IoT is exclusively
required to comply with data privacy regulations
Several important results
• people will not use exposed services
▪ respondents indicated they would take all
possible measures to protect their privacy
▪ For example, 56.2% suggested that they
would stop using the company’s services, and
67.2% said they would close the service
accounts
• 92.5% of people are genuinely concerned
about their data privacy and how service
providers use their online data
• 73% of people do not trust companies that
do not make sufficient efforts to protect
their data privacy
Thus, data privacy should not be perceived
as a compliance problem but rather as a
business opportunity with financial yields.
users take various actions if a company does not make
sufficient efforts to protect their online data privacy

Misconception 4: Data privacy is fully preserved
if IoT data is securely stored
• A widespread fallacy, even among cybersecurity practitioners, is claiming
data privacy preservation by applying data security measures, such as
network security, access control, backups, authorization, firewalls, and
intrusion detectors.
• Data security methods are implemented to adhere to the confidentiality,
integrity, and availability (CIA) principles.
▪ confidentiality protocols, e.g., access control and authorization, aim to protect the
data from unauthorized disclosure
▪ integrity, e.g., digital signatures and logging, aims to maintain the accuracy and
completeness of data
▪ availability, e.g., backups and firewalls, aims to promptly supply resource access to
users when requested

Correction:
• Data security, defined in the CIA triad, does not
guarantee users’ data privacy
▪ data security protects users from unauthorized data
access or modification
▪ data privacy protects users from violations and misuse,
including how service providers use and process user
data
▪ Data privacy is a superset of data security and requires
stricter conditions to comply with the privacy laws on
how user data is collected, transmitted, stored, and
processed, e.g., the data privacy rights of users as
depicted in the GDPR and CCPA
Data privacy extends the data security
conditions, providing users with control
over their data and preventing data
violations and misuse

• Data privacy may not be met even when original
data is securely stored
▪ even though the original face images are securely
kept, the adversary can reconstruct an accurate
estimation of people’s faces using the deep learning
model, i.e., the original training images are not used in
producing the reconstructed images
▪ model inversion attacks produce sensitive data using
outputs of a model
• Service providers should utilize privacy-
preserving learning that adds reasonable noise
to the modeling parameters during model
training according to the differential privacy
conditions
privacy attacks on an exposed IoT service
that uses face recognition

Misconception 5: Decentralized IoT (DeIoT) solves the
privacy problem and provides absolute data privacy
preservation
• DeIoT is an emerging user-centered ecosystem that distributes IoT control
functions and delegates operations to users without including a central
authority
▪ edge computing, blockchain ledgers, and federated learning are the most promising
technologies
➢smart contracts and blockchain ledgers provide decentralized digital identities
➢federated learning and edge computing can optimize a master ambient intelligence model without
sharing users’ original data
• DeIoT is often suggested as a method for attaining absolute data privacy,
security, transparency, and scalability using token-based operations and
decentralization

Misconception 5: Decentralized IoT (DeIoT) solves the
privacy problem and provides absolute data privacy
preservation
Correction:
• Unfortunately, DeIoT does not provide
absolute data privacy preservation.
• Services 1-3 are built using blockchain
ledgers. The privacy budget of a single
data sensing is set at 0.1, 0.15, and 0.3 in
services 1-3, respectively
• total privacy cost increases over repeated
sensing in the three services
• difference in the privacy cost of users
magnifies over time
total privacy cost of repeated data sensing
at various privacy budgets

Roadmap
vulnerabilities
c) Optimal pricing
20

Incentive Mechanisms for Privacy-
Preserving Internet of Things
MA Alsheikh, et al., "The accuracy-privacy trade-off of mobile crowdsensing." IEEE
Communications Magazine (2017)
21
keywords—Internet of things, data privacy, incentive mechanism design

Incentive mechanisms for privacy-preserving IoT
Why do we need incentive mechanisms for privacy-preserving IoT?
• mechanism design → design incentives (e.g., monetary rewards) to
achieve a goal (e.g., increase participation in IoT or accuracy
maximization)
• IoT should incorporate efficient incentive mechanisms to attract and
retain enough crowdsensing users
• users are paid based on their marginal contributions to service
accuracy
22

Incentive mechanisms
• IoT should incorporate efficient incentive
mechanisms to attract and retain enough
crowdsensing users
• A typical reverse auction framework occurs
between the crowdsensing users and service
▪ users compete among themselves to perform the
sensing task
▪ service provider first announces the description of
the crowdsensing tasks to potential mobile users
▪ users are rational entities and will set their bids
based on the cost of the crowdsensing task
▪ to maximize the utility of the crowdsensing
service, the auction system determines the task
assignment and payoff of each user including both
selected and rejected bids
23
crowdsensing incentive mechanism
as a reverse auction

Incentive mechanism for privacy-preserving IoT
Main entities
• users are the participants who
collect sensing data using their
personal mobile devices
• service provider buys data from
the crowdsensing users through a
mediator, applies data analytics,
and delivers a service to a set of
customers
• mediator is the auction
management entity that controls
the exchange of data between the
crowdsensing users and the
service provider
incentive mechanism for privacy-preserving IoT supporting
both data anonymization and identity generalization through
crowdsensing coalition formulation. Cooperative users are
connected using device-to-device (D2D) communication

Incentive mechanism for privacy-preserving IoT
Next, we answer three major questions related to developing privacy-aware
incentive models in privacy-preserving IoT
1) how does the crowdsensing service define the contributions and payoff
allocations of users with varying privacy levels?
2) do crowdsensing coalitions change the attained privacy of the
cooperative users?
3) how do cooperative users divide the coalition payoff among
themselves?

User contributions and pivotal users
• Contributed data rates from each user
and the resulting service accuracy by
training a deep learning model on the
data of each user separately
▪ data rate varies among different users
▪ service accuracy depends on the quality
of the used mobile device, the user’s
performance during task execution, and
data annotation
▪ user 1 contributes more data than user
2, while the accuracy resulting from the
data of user 1 is lower than that of user 2
▪ users 3 and 6 are pivotal, and they score
the highest standalone accuracy values
of 68.3 and 68.1 percent, respectively
user contribution to the crowdsensing service

Privacy vs accuracy
• Impact of the data anonymization
level on the accuracy of the
crowdsensing service
▪ there is an inverse relationship
between the prediction accuracy and
the data anonymization level
▪ service provider has an incentive to
reject users with high data
anonymization levels
▪ prediction accuracy decreases as more
users adopt the data anonymization
scheme
resulting accuracy of the deep learning service
trained on the crowdsensing data.

Payoff allocation
• Payoff allocation of users 2 and 3
under the varied data anonymization
levels
• payoff allocation of any user decreases
as its data anonymization level increases
• pivotal users receive a higher payoff
compared to normal and low
performing users
• cooperative users receive not only the
same payoff in both the coalition and
the standalone cases, but also a higher
level of the k-anonymity privacy
protection
payoff allocation of Users 2 and 3. The privacy level
is equal to the variance of the added Gaussian noise

Roadmap
vulnerabilities
c) Optimal pricing
29

Optimal Pricing of Privacy-Preserving
Internet of Things
MA Alsheikh, et al., "Privacy management and optimal pricing in people-centric
sensing." IEEE Journal on Selected Areas in Communications (2017)
DOI: https://doi.org/10.1109/JSAC.2017.2680845
30
keywords—Internet of things, data privacy, optimal pricing

Optimal pricing of privacy-preserving IoT
31
Why do we need optimal pricing models for privacy-preserving IoT?
• optimal pricing→ decide optimal prices of IoT services (e.g.,
subscription fees) to maximize profits based on user demand patterns
→ total profit of the service provider is maximized

Service bundling
• IoT services can be sold separately or
together as a service bundle
• there is a joint demand for
complementary services as both
services are jointly required by the
customers, e.g., sentiment analysis and
activity tracking
• substitute services are comparable in
their functionality, e.g., sentiment
analysis using two data analytics
algorithms

Optimal pricing and privacy management
• Key components of the optimal pricing and
privacy management framework
• framework is initiated by defining the data utility
u(·)
▪ u(·) is nonnegative—the service quality cannot be
negative
▪ u(·) is inversely proportional to the privacy level r ∈ [0,
1] — increasing the privacy level decreases the quality
of data analytic
▪ u(·) is convex and decreases at an increasing rate over
the privacy level—reflects the empirical change of
service quality at varying privacy levels
• profit maximization models are executed to obtain
the optimal subscription fee and privacy levels
Components of the optimal pricing and privacy
management framework for people-centric
sensing

Standalone sales
Profit maximization models
Bundle sales

Data utility: Quality-privacy tradeoff
• The figure below shows the quality-privacy models of three IoT services S1,
S2, and S3
• the service quality (accuracy) decreases as the privacy level increases
• increasing the privacy level results in higher data distortion
▪ Service S1—sentiment analysis
using deep learning
▪ Service S2—sentiment analysis
using random forests
▪ Service S3—activity tracking using
random forests
prediction quality of the services S1, S2, and S3
(from left to right) under varied privacy levels

Standalone sales — profit vs privacy
Standalone sales of S1
• subscription revenue, subscription fee, and
total data cost are inversely correlated with the
privacy level
• increasing the privacy level negatively affects
the service quality and fewer customers will be
interested in buying the service
• total data cost will decrease when the privacy
level is high
• gross profit increases up to privacy levels r =
0.62, then it decreases due to the extreme loss
of customers at the high privacy levels r > 0.62

Complementary bundles — reservation wages
Bundle Sb1
• reservation wage is the lowest
payment required to recruit one
crowdsensing participant
• bundling profit goes down when the
reservation wage increases
• to minimize the total data cost, the privacy
level of S1 is increased and the privacy
level of S2 is also slightly increased
Bundle Sb1 (S1 and S3 as complementary) — the economic
strategy of virtually packaging services S1 and S3 into one
service bundle
Impacts of the reservation wage on the gross
profit, privacy levels, and subscription fee

Roadmap
vulnerabilities
c) Optimal pricing
38

Conclusions and future works
(Privacy-Preserving Internet of Things)
39
MA Alsheikh, "Five Common Misconceptions About Privacy-Preserving Internet of
Things." IEEE Communications Magazine (2023)
keywords—Internet of things, data privacy

Critical questions for future research
• Data privacy and criminal justice
• a widespread argument for supporting dataveillance, i.e., monitoring and profiling people’s
data, is for criminal justice, law enforcement, and fraud prevention
• social benefits do not wipe out the personal benefits of data privacy
• what is the proper procedure for requesting data disclosure for criminal justice? how can
protected data be accessed for criminal justice without establishing an encryption backdoor?
how can people oversee the levels of dataveillance by organizations and governments?
• User-in-the-loop (UIL)
• users generally cannot verify the privacy measures taken by service providers due to the lack
of transparency in the implemented privacy safeguards
• UIL data privacy engages users in their privacy preservation
• how can user awareness of data privacy issues be increased? how can service providers
provide people with data privacy measurements? how can users be incentivized to contribute
to their data protection efforts?

Conclusions
• Billions of IoT devices collect sensitive data about people, creating data
privacy risks and breach vulnerabilities
• Privacy-preserving IoT refers to any IoT service, i.e., any network of objects
embedded with sensors and connection links, that functions while
maintaining the privacy rights of users
• These slides presented
▪ common myths about data privacy and IoT services;
▪ trade-off between privacy preservation by users and accuracy maximization and
collection of true data by service providers; and
▪ optimal pricing of standalone and bundled services

Data Privacy of the Internet of Things

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Data Privacy of the Internet of Things

Ähnlich wie Data Privacy of the Internet of Things (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Data Privacy of the Internet of Things