A Framework for Privacy in the Internet of Things

  • “There is an increasing recognition of the value of personal data, and the extent of damage that can be caused if personal information is interfered with, released or stolen. [...] The General Data Protection Regulation (GDPR) applies to anyone, or any organisation that handles personal data relating to a European citizen, irrespective of where in the world the data is held or used.” [Hei+20] While most approaches, such as e.g. Amazon Web Services (AWS) rely on a strong security to ensure privacy, this thesis goes one step further. Not all scenarios require data to be available to the data processor in clear text. Apart from legal obligations, there is no means to protect the data any further from being misused or sold. The GDPR helps in setting the legal boundaries on data processing and redistribution. Yet, malicious intent may not be hindered by law at all and one might have to rely on other means to protect it. Furthermore, the Internet of Things (IoT) is dealing with a wide variety of application domains at the same time. Interoperability between these different domains with their isolated ecosystems is the second obstacle. The framework proposed in this thesis offers full control over IoT data generated, even after it has been transmitted to a third-party. Yet, the conceptual idea is applicable even as a standalone application. This framework utilizes Homomorphic Encryption (HE) to encrypt and secure sensitive data. The special attributes of HE schemes enable data processors to work with sensitive data without decrypting it. The HE scheme is based on the Ring Learning with Error (RLWE) Problem, which is considered quantum safe and can therefore be considered future-proof. With this scheme, only the data owner holds the secret key for decryption. This can be used by a single-party, to outsource complex but confidential computations to the cloud. In the case where multiple parties need to collaborate, an additional secure Multi-party computation (MPC) Protocol is implemented. For example allowing to calculate e.g. the sum or average value over all inputs provided by multiple parties. With basic single- and multi party scenarios enabled, this framework already covers a majority of typical IoT use-cases. In this Thesis, the framework is implemented and evaluated in different usecases, covering both single-party and multi-party scenarios. It will be shown to be functional and applicable in IoT applications.
Author:Christopher Heinz
Advisor:Christoph Grimm
Document Type:Doctoral Thesis
Cumulative document:No
Language of publication:English
Date of Publication (online):2024/07/02
Date of first Publication:2024/07/02
Publishing Institution:Rheinland-Pfälzische Technische Universität Kaiserslautern-Landau
Granting Institution:Rheinland-Pfälzische Technische Universität Kaiserslautern-Landau
Acceptance Date of the Thesis:2023/07/19
Date of the Publication (Server):2024/07/03
Tag:Internet of things; IoT; Privacy
GND Keyword:Internet der Dinge; Privatsphäre
Page Number:XII, 95
Faculties / Organisational entities:Kaiserslautern - Fachbereich Informatik
CCS-Classification (computer science):C. Computer Systems Organization / C.3 SPECIAL-PURPOSE AND APPLICATION-BASED SYSTEMS (J.7)
DDC-Cassification:0 Allgemeines, Informatik, Informationswissenschaft / 004 Informatik
MSC-Classification (mathematics):68-XX COMPUTER SCIENCE (For papers involving machine computations and programs in a specific mathematical area, see Section {04 in that areag 68-00 General reference works (handbooks, dictionaries, bibliographies, etc.) / 68-02 Research exposition (monographs, survey articles)
PACS-Classification (physics):80.00.00 INTERDISCIPLINARY PHYSICS AND RELATED AREAS OF SCIENCE AND TECHNOLOGY / 89.00.00 Other areas of applied and interdisciplinary physics / 89.20.-a Interdisciplinary applications of physics / 89.20.Ff Computer science and technology
Licence (German):Creative Commons 4.0 - Namensnennung, nicht kommerziell, keine Bearbeitung (CC BY-NC-ND 4.0)