Christopher Heinz

• “There is an increasing recognition of the value of personal data, and the extent of damage that can be caused if personal information is interfered with, released or stolen. [...] The General Data Protection Regulation (GDPR) applies to anyone, or any organisation that handles personal data relating to a European citizen, irrespective of where in the world the data is held or used.” [Hei+20] While most approaches, such as e.g. Amazon Web Services (AWS) rely on a strong security to ensure privacy, this thesis goes one step further. Not all scenarios require data to be available to the data processor in clear text. Apart from legal obligations, there is no means to protect the data any further from being misused or sold. The GDPR helps in setting the legal boundaries on data processing and redistribution. Yet, malicious intent may not be hindered by law at all and one might have to rely on other means to protect it. Furthermore, the Internet of Things (IoT) is dealing with a wide variety of application domains at the same time. Interoperability between these different domains with their isolated ecosystems is the second obstacle. The framework proposed in this thesis offers full control over IoT data generated, even after it has been transmitted to a third-party. Yet, the conceptual idea is applicable even as a standalone application. This framework utilizes Homomorphic Encryption (HE) to encrypt and secure sensitive data. The special attributes of HE schemes enable data processors to work with sensitive data without decrypting it. The HE scheme is based on the Ring Learning with Error (RLWE) Problem, which is considered quantum safe and can therefore be considered future-proof. With this scheme, only the data owner holds the secret key for decryption. This can be used by a single-party, to outsource complex but confidential computations to the cloud. In the case where multiple parties need to collaborate, an additional secure Multi-party computation (MPC) Protocol is implemented. For example allowing to calculate e.g. the sum or average value over all inputs provided by multiple parties. With basic single- and multi party scenarios enabled, this framework already covers a majority of typical IoT use-cases. In this Thesis, the framework is implemented and evaluated in different usecases, covering both single-party and multi-party scenarios. It will be shown to be functional and applicable in IoT applications.