Applying Privacy Patterns to the Internet of Things’ (IoT) Architecture

  • Sebastian PapeEmail author
  • Kai Rannenberg


The concept of cloud computing relies on central large datacentres with huge amounts of computational power. The rapidly growing Internet of Things with its vast amount of data showed that this architecture produces costly, inefficient and in some cases infeasible communication. Thus, fog computing, a new architecture with distributed computational power closer to the IoT devices was developed. So far, this decentralised fog-oriented architecture has only been used for performance and resource management improvements. We show how it could also be used for improving the users’ privacy. For that purpose, we map privacy patterns to the IoT / fog computing / cloud computing architecture. Privacy patterns are software design patterns with the focus to translate “privacy-by-design” into practical advice. As a proof of concept, for each of the used privacy patterns we give an example from a smart vehicle scenario to illustrate how the patterns could improve the users’ privacy.


Privacy by design Cloud computing Fog computing Internet of things Privacy patterns Autonomous cars Smart vehicles 


  1. 1.
    Evans D (2011) The Internet of Things How the Next Evolution of the Internet Is Changing Everything. Online White Paper. Available from:
  2. 2.
    Botta A, de Donato W, Persico V, Pescapé A (2016) Integration of Cloud computing and Internet of Things: A survey, Future Generation Computer Systems, Volume 56, p. 684–700, ISSN 0167-739X, Available from. CrossRefGoogle Scholar
  3. 3.
    Thien AT, Colomo-Palacios R (2016) A Systematic Literature Review of Fog Computing. Paper presented at NOKOBIT 2016, Bergen, NOKOBIT, vol. 24, no. 1, Bibsys Open Journal Systems, ISSN 1894–7719Google Scholar
  4. 4.
    Kowatsch T, Maass TW (2012) Privacy Concerns and Acceptance of IoT Services. In: The Internet of Things 2012: New Horizons. Halifax, UK : IERC - Internet of Things European Research Cluster, S. 176–187Google Scholar
  5. 5.
    Fowler B (2017) Gifts That Snoop? The Internet of Things Is Wrapped in Privacy Concerns, Consumer Reports. Available from:
  6. 6.
    Hill K, Mattu S (2018) The House That Spied on Me, Gizmodo. Available from:
  7. 7.
    Adams M (2017) Big Data and Individual Privacy in the Age of the Internet of Things. Technology Innovation Management Review 7(4):12–24CrossRefGoogle Scholar
  8. 8.
    Papageorgiou A, Strigkos M, Politou E, Alepis E, Solanas A, Patsakis C (2018) Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice. IEEE Access 6:9390–9403CrossRefGoogle Scholar
  9. 9.
    Weinberg BD, Milne GR, Andonova YG, Hajjat FM (2015) Internet of Things: Convenience vs. privacy and secrecy. Business Horizons 58(6):615–624CrossRefGoogle Scholar
  10. 10.
    Kristen L (2016) Walker: Surrendering information through the looking glass: Transparency, trust, and protection. J Public Policy Mark 35(1):144–158CrossRefGoogle Scholar
  11. 11.
    Milne GR, Culnan MJ (2004) Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. J Interact Mark 18(3):15–29CrossRefGoogle Scholar
  12. 12.
    Milne GR, Culnan MJ, Greene H (2006) A longitudinal assessment of online privacy notice readability. J Public Policy Mark 25(2):238–249CrossRefGoogle Scholar
  13. 13.
    Paul N, Tesfay W, Kipker D-K, Stelter M, Pape S (2018) Assessing Privacy Policies of Internet of Things Services. In ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, PoznanGoogle Scholar
  14. 14.
    Iorga M, Goren N, Feldman L, Barton R, Martin M, Mahmoudi C (2018) Fog Computing Conceptual Model, NIST Special Publication 500–325, available from:
  15. 15.
    Yousefpour A, Ishigaki G, Jue JP (2017) Fog Computing: Towards Minimizing Delay in the Internet of Things. 2017 IEEE International Conference on Edge Computing (EDGE), Honolulu, pp. 17–24Google Scholar
  16. 16.
    Bonomi F, Milito R, Zhu J, Addepalli S (2012) Fog computing and its role in the internet of things. In Proceedings of the first edition of the MCC workshop on Mobile cloud computing, p. 13–16. ACMGoogle Scholar
  17. 17.
    Bierzynski K, Escobar A, Eberl M (2017) Cloud, fog and edge: Cooperation for the future? FMEC: 62–67Google Scholar
  18. 18.
    Sathish Kumar J, Patel DR (2014) A survey on internet of things: Security and privacy issues. International Journal of Computer Applications 90.11Google Scholar
  19. 19.
    Martinez-Balleste A, Perez-Martinez PA, Solanas A (2013) The pursuit of citizens' privacy: a privacy-aware smart city is possible. IEEE Commun Mag 51(6):136–141CrossRefGoogle Scholar
  20. 20.
    Dinev T, Hart P (2006) An Extended Privacy Calculus Model for E-Commerce Transactions. Inf Syst Res 17(1):61–80CrossRefGoogle Scholar
  21. 21.
    Fred D (1989) Davis: Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology. MIS Q 13(3):319–339CrossRefGoogle Scholar
  22. 22.
    Kozlov D, Veijalainen J, Ali Y (2012) Security and privacy threats in IoT architectures. In: Proceedings of the 7th International Conference on Body Area Networks (BodyNets '12). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, 256–262Google Scholar
  23. 23.
    Lee K, Kim D, Ha D, Rajput U, Oh H (2015) On security and privacy issues of fog computing supported Internet of Things environment. In: Network of the Future (NOF), 2015 6th International Conference on the, pp. 1–3. IEEEGoogle Scholar
  24. 24.
    Stojmenovic I, Wen S (2014) The Fog Computing Paradigm: Scenarios and Security Issues. FedCSIS 1–8Google Scholar
  25. 25.
    Stojmenovic I, Wen S, Huang X, Luan H (2016) An overview of Fog computing and its security issues. Concurrency and Computation: Practice and Experience 28(10):2991–3005CrossRefGoogle Scholar
  26. 26.
    Lu R, Liang X, Li X, Lin X, Shen X (2012) Eppa: An efficient and privacy-preserving aggregation scheme for secure smart grid communications. Parallel and Distributed Systems, IEEE Transactions 23(9):1621–1631CrossRefGoogle Scholar
  27. 27.
    Ni J, Zhang K, Lin X, Shen X (2017) Securing fog computing for internet of things applications: Challenges and solutions. IEEE Communications Surveys & TutorialsGoogle Scholar
  28. 28.
    Tayeb S, Latifi S, Kim Y (2017) A survey on IoT communication and computation frameworks: An industrial perspective. In: Computing and Communication Workshop and Conference (CCWC), 2017 IEEE 7th Annual, pp. 1–6. IEEEGoogle Scholar
  29. 29.
    Sadeghi A-R, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial Internet of Things. Design Automation Conf. (DAC), 2015 52nd ACM/EDAC/IEEE, pp. 1–12Google Scholar
  30. 30.
    Yi S, Qin Z, Li Q (2015) Security and privacy issues of fog computing: a survey. In Wireless Algorithms, Systems, and Applications 2015 (pp. 685–695), Springer International Publishing. Available from
  31. 31.
    Rahman LF, Ozcelebi T, Lukkien JJ (2016) Choosing your IoT programming framework: Architectural aspects. In: Future Internet of Things and Cloud (FiCloud), 2016 IEEE 4th International Conference on, pp. 293–300. IEEEGoogle Scholar
  32. 32.
    Graf C, Wolkerstorfer P, Geven A, Tscheligi M (2010) A pattern collection for privacy enhancing technology. In: The 2nd Int. Conf. on Pervasive Patterns and Applications (PATTERNS 2010), pp. 21–26Google Scholar
  33. 33.
    Yoder J, Baraclow J (1997) Architectural Patterns for Enabling Application Security. Pattern Languages of ProgramsGoogle Scholar
  34. 34.
    International Standards Organisation (1999) Common criteria for information technology security evaluation.
  35. 35.
    Schumacher M (2002) Security Patterns and Security Standards - With Selected Security Patterns for Anonymity and Privacy. European Conference on Pattern Languages of Programs (EuroPLoP)Google Scholar
  36. 36.
    Privacy Patterns Website.
  37. 37.
    Schümmer T (2004) The Public Privacy – Patterns for Filtering Personal Information in Collaborative Systems. CHIGoogle Scholar
  38. 38.
    Romanosky S, Acquisti A, Hong J, Cranor LF, Friedman B (2006) Privacy patterns for online interactions. In: Proceedings of the 2006 conference on Pattern languages of programs. ACM, p. 12Google Scholar
  39. 39.
    Doty N, Gupta M (2013) Privacy design patterns and anti-patterns. In: Trustbusters Workshop at the Symposium on Usable Privacy and SecurityGoogle Scholar
  40. 40.
  41. 41.
    Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. In International Conference on the Theory and Applications of Cryptographic Techniques, pp. 223–238. Springer, Berlin, HeidelbergGoogle Scholar
  42. 42.
    Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613MathSciNetCrossRefGoogle Scholar
  43. 43.
    Dierks T (2008) The transport layer security (TLS) protocol version 1.2, RFC 5246Google Scholar
  44. 44.
    Okay FY, Ozdemir S (2018) A secure data aggregation protocol for fog computing based smart grids. 2018 IEEE 12th International Conference on Compatibility, Power Electronics and Power Engineering (CPE-POWERENG 2018), Doha, pp. 1–6Google Scholar
  45. 45.
    Rannenberg K (2016) Opportunities and Risks Associated with Collecting and Making Usable Additional Data. Autonomous Driving. Springer, Berlin, Heidelberg, 497–517Google Scholar
  46. 46.
    SAE (2014) Taxonomy and definitions for terms related to on-road-motor vehicle automated deriving systems, J3016, SAE International StandardGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Deutsche Telekom Chair of Mobile Business & Multilateral SecurityGoethe University FrankfurtFrankfurtGermany

Personalised recommendations