Advertisement

ADvoCATE: A Consent Management Platform for Personal Data Processing in the IoT Using Blockchain Technology

  • Konstantinos RantosEmail author
  • George Drosatos
  • Konstantinos Demertzis
  • Christos Ilioudis
  • Alexandros Papanikolaou
  • Antonios Kritsas
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)

Abstract

The value of personal data generated and managed by smart devices which comprise the Internet of Things (IoT) is unquestionable. The EU General Data Protection Regulation (GDPR) that has been recently put in force, sets the cornerstones regarding the collection and processing of personal data, for the benefit of Data Subjects and Controllers. However, applying this regulation to the IoT ecosystem is not a trivial task. This paper proposes ADvoCATE, a user-centric solution that allows data subjects to easily control consents regarding access to their personal data in the IoT ecosystem and exercise their rights defined by GDPR. It also assists Data Controllers and Processors to meet GDPR requirements. A blockchain infrastructure ensures the integrity of personal data processing consents, while the quality thereof is evaluated by an intelligence service. Finally, we present some preliminary details of a partial implementation of the proposed framework.

Keywords

Privacy Internet of Things GDPR Consents management Blockchain Policy-based access control Data privacy ontology 

References

  1. 1.
    Bartolini, C., Muthuri, R., Santos, C.: Using ontologies to model data protection requirements in workflows. In: Otake, M., Kurahashi, S., Ota, Y., Satoh, K., Bekki, D. (eds.) New Frontiers in Artificial Intelligence, vol. 10091, pp. 233–248. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-50953-2_17CrossRefGoogle Scholar
  2. 2.
    Buterin, V.: A next-generation smart contract and decentralized application platform (n.d.). https://github.com/ethereum/wiki/wiki/White-Paper. Accessed 02 Oct 2018
  3. 3.
    Cha, S.C., Chen, J.F., Su, C., Yeh, K.H.: A blockchain connected gateway for BLE-based devices in the Internet of Things. IEEE Access PP(99), 1–1 (2018).  https://doi.org/10.1109/ACCESS.2018.2799942CrossRefGoogle Scholar
  4. 4.
    Cha, S.C., Tsai, T.Y., Peng, W.C., Huang, T.C., Hsu, T.Y.: Privacy-aware and blockchain connected gateways for users to access legacy IoT devices. In: 2017 IEEE 6th Global Conference on Consumer Electronics (GCCE), pp. 1–3, October 2017.  https://doi.org/10.1109/GCCE.2017.8229327
  5. 5.
    Conoscenti, M., Vetrò, A., Martin, J.C.D.: Blockchain for the Internet of Things: a systematic literature review. In: 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), pp. 1–6, November 2016.  https://doi.org/10.1109/AICCSA.2016.7945805
  6. 6.
    Copigneaux, B.: Semi-autonomous, context-aware, agent using behaviour modelling and reputation systems to authorize data operation in the Internet of Things. In: 2014 IEEE World Forum on Internet of Things (WF-IoT), pp. 411–416, March 2014.  https://doi.org/10.1109/WF-IoT.2014.6803201
  7. 7.
    Demertzis, K., Iliadis, L.S., Anezakis, V.D.: An innovative soft computing system for smart energy grids cybersecurity. Adv. Build. Energy Res. 12(1), 3–24 (2018).  https://doi.org/10.1080/17512549.2017.1325401CrossRefGoogle Scholar
  8. 8.
    Eckert, K., Meilicke, C., Stuckenschmidt, H.: Improving ontology matching using meta-level learning. In: Aroyo, L., et al. (eds.) ESWC 2009. LNCS, vol. 5554, pp. 158–172. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-02121-3_15CrossRefGoogle Scholar
  9. 9.
    EnCoRe Project: Ensuring consent and revocation (2010). www.hpl.hp.com/breweb/encoreproject/. Accessed 02 Oct 2018
  10. 10.
    European Parliament and Council: Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union (Apr 2016), http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679
  11. 11.
    Fortinet Inc.: Fortinet reveals “Internet of Things: connected home” survey results (2014). https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2014/internet-of-things.html. Accessed 02 Oct 2018
  12. 12.
    IERC: European Research Cluster on the Internet of Things, Internet of Things: IoT governance, privacy and security issues (2015). http://www.internet-of-things-research.eu/pdf/IERC_Position_Paper_IoT_Governance_Privacy_Security_Final.pdf. Accessed 02 Oct 2018
  13. 13.
    Kleinaki, A.S., Mytis-Gkometh, P., Drosatos, G., Efraimidis, P.S., Kaldoudi, E.: A blockchain-based notarization service for biomedical knowledge retrieval. Comput. Struct. Biotechnol. J. 16, 288–297 (2018).  https://doi.org/10.1016/j.csbj.2018.08.002CrossRefGoogle Scholar
  14. 14.
    Musolesi, M.: UPRISE-IoT: User-centric PRIvacy & Security in IoT (2017). http://gtr.rcuk.ac.uk/projects?ref=EP%2FP016278%2F1. Accessed 02 Oct 2018
  15. 15.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf. Accessed 02 Oct 2018
  16. 16.
    Nugent, T., Upton, D., Cimpoesu, M.: Improving data transparency in clinical trials using blockchain smart contracts. F1000Research 5, 2541 (2016).  https://doi.org/10.12688/f1000research.9756.1CrossRefGoogle Scholar
  17. 17.
    O’Connor, Y., Rowan, W., Lynch, L., Heavin, C.: Privacy by design: informed consent and internet of things for smart health. Procedia Comput. Sci. 113, 653–658 (2017).  https://doi.org/10.1016/j.procs.2017.08.329CrossRefGoogle Scholar
  18. 18.
    Otero-Cerdeira, L., Rodríguez-Martínez, F.J., Gómez-Rodríguez, A.: Ontology matching. Expert Syst. Appl. 42(2), 949–971 (2015).  https://doi.org/10.1016/j.eswa.2014.08.032CrossRefGoogle Scholar
  19. 19.
    Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A.: Blockchain-based consents management for personal data processing in the IoT ecosystem. In: 15th International Conference on Security and Cryptography (SECRYPT 2018), part of ICETE, pp. 572–577. SciTePress, Porto (2018).  https://doi.org/10.5220/0006911005720577
  20. 20.
    Russell, B., Garlat, C., Lingenfelter, D.: Security guidance for early adopters of the Internet of Things (IoT). White paper, Cloud Security Alliance, April 2015Google Scholar
  21. 21.
    Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015).  https://doi.org/10.1016/j.comnet.2014.11.008CrossRefGoogle Scholar
  22. 22.
    Stankovic, J.A.: Research directions for the Internet of Things. IEEE Internet Things J. 1(1), 3–9 (2014).  https://doi.org/10.1109/JIOT.2014.2312291MathSciNetCrossRefGoogle Scholar
  23. 23.
    Shih, Y.-Y., Liu, D.-R.: Hybrid recommendation approaches: collaborative filtering via valuable content information, p. 217b. IEEE (2005).  https://doi.org/10.1109/HICSS.2005.302
  24. 24.
    Yang, Z., Wu, B., Zheng, K., Wang, X., Lei, L.: A survey of collaborative filtering-based recommender systems for mobile internet applications. IEEE Access 4, 3273–3287 (2016).  https://doi.org/10.1109/ACCESS.2016.2573314CrossRefGoogle Scholar
  25. 25.
    Yli-Huumo, J., Ko, D., Choi, S., Park, S., Smolander, K.: Where is current research on blockchain technology?—A systematic review. PLoS ONE 11(10), e0163477 (2016).  https://doi.org/10.1371/journal.pone.0163477CrossRefGoogle Scholar
  26. 26.
    Zhang, Z.K., Cho, M.C.Y., Wang, C.W., Hsu, C.W., Chen, C.K., Shieh, S.: IoT security: ongoing challenges and research opportunities. In: 7th International Conference on Service-Oriented Computing and Applications, pp. 230–234. IEEE, November 2014.  https://doi.org/10.1109/SOCA.2014.58
  27. 27.
    Zhu, X., Ghahramani, Z., Lafferty, J.: Semi-supervised learning using Gaussian fields and harmonic functions. In: IN ICML, pp. 912–919 (2003)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Konstantinos Rantos
    • 1
    Email author
  • George Drosatos
    • 2
  • Konstantinos Demertzis
    • 1
  • Christos Ilioudis
    • 3
  • Alexandros Papanikolaou
    • 3
  • Antonios Kritsas
    • 1
  1. 1.Department of Computer and Informatics EngineeringEastern Macedonia and Thrace Institute of TechnologyKavalaGreece
  2. 2.Department of Electrical and Computer EngineeringDemocritus University of ThraceXanthiGreece
  3. 3.Department of Information TechnologyAlexander Technological Educational Institute of ThessalonikiThessalonikiGreece

Personalised recommendations