A Survey-Based Exploration of Users’ Awareness and Their Willingness to Protect Their Data with Smart Objects

  • Chathurangi Ishara WickramasingheEmail author
  • Delphine ReinhardtEmail author
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 576)


In the last years, the Internet of Things (IoT) and smart objects have become more and more popular in our everyday lives. While IoT contributes in making our everyday life more comfortable and easier, it also increases the threats to our privacy, as embedded sensors collect data about us and our environment. To foster the acceptance of IoT, privacy-preserving solutions are therefore necessary. While such solutions have already been proposed, most of them do not involve the users in their design. In this paper, we therefore adopt a user-centric approach and lay the ground for the future design of user-centric privacy-preserving solutions dedicated to smart home environments. To this end, we have designed and distributed a questionnaire fulfilled by 229 anonymous participants. Our objectives are two-fold: We aim at investigating (1) requirements for end user-involved privacy-preserving solutions and (2) users’ readiness to be involved in their own privacy protection. Our results show that the majority of our participants are aware of the data collection happening as well as the associated privacy risks and would be ready to control and audit the collected data.


Internet of Things IoT Social IoT Privacy Data protection Data collection Smart objects Smart home Smart environments 



We would like to thank Michael Friedewald for his helpful comments and the survey participants. Furthermore, we would like to thank Daniel Franke for providing us feedback on early versions of our questionnaire as well as Birgit Schuhbauer for proofreadings.


  1. 1.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). OJ L119/1, pp. 1–88 (2016)Google Scholar
  2. 2.
    Alcaide, A., Palomar, E., Montero-Castillo, J., Ribagorda, A.: Anonymous authentication for privacy-preserving iot target-triven applications. Comput. Secur. 37, 111–123 (2013)CrossRefGoogle Scholar
  3. 3.
    Apthorpe, N., Shvartzshnaider, Y., Mathur, A., Reisman, D., Feamster, N.: Discovering smart home Internet of Things privacy norms using contextual integrity. Proc. ACM Interact. Mob. Wearable Ubiquit. Technol. 2(2), 1–23 (2018). Article 59CrossRefGoogle Scholar
  4. 4.
    Barhamgi, M., et al.: Enabling end-users to protect their privacy. In: Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, pp. 905–907 (2017)Google Scholar
  5. 5.
    Cao, H., Liu, S., Guan, Z., Wu, L., Deng, H., Du, X.: An efficient privacy-preserving algorithm based on randomized response in IoT-based smart grid. In: 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation, pp. 881–886 (2018)Google Scholar
  6. 6.
    Cao, J., Carminati, B., Ferrari, E., Tan, K.L.: CASTLE: continuously anonymizing data streams. IEEE Trans. Depend. Secur. Comput. 8(3), 337–352 (2010)Google Scholar
  7. 7.
    Carretero, J., García, J.D.: The Internet of Things: connecting the world. Pers. Ubiquit. Comp. 18(2), 445–447 (2014)CrossRefGoogle Scholar
  8. 8.
    Chakravorty, A., Wlodarczyk, T., Rong, C.: Privacy preserving data analytics for smart homes. In: 2013 IEEE Security and Privacy Workshops, pp. 23–27 (2013)Google Scholar
  9. 9.
    Chan, E.M., Lam, P.E., Mitchell, J.C.: Understanding the challenges with medical data segmentation for privacy. In: Usenix Conference on Safety, Security, Privacy and Interoperability of Health Information Technologies, pp. 1–10 (2013)Google Scholar
  10. 10.
    Coopamootoo, K., Gross, T.: Why privacy is all but forgotten. Proc. Priv. Enhanc. Technol. 4, 97–118 (2017)CrossRefGoogle Scholar
  11. 11.
    Day, M., Turner, G., Drozdiak, N.: Amazon workers are listening to what you tell Alexa.
  12. 12.
    Friedewald, M., Da Costa, O., Punie, Y., Alahuhta, P., Heinonen, S.: Perspectives of ambient intelligence in home environment. Telemat. Inform. 22, 221–238 (2005)CrossRefGoogle Scholar
  13. 13.
    Guo, L., et al.: A secure mechanism for big data collection in large scale internet of vehicle. IEEE Internet Things J. 4(2), 601–610 (2017)CrossRefGoogle Scholar
  14. 14.
    Huang, X., Craig, P., Lin, H., Yan, Z.: SecIoT: a security framework for the Internet of Things. Secur. Commun. Netw. 9(16), 3083–3094 (2016)CrossRefGoogle Scholar
  15. 15.
    Huang, X., Fu, R., Chen, B., Zhang, T., Roscoe, A.: User interactive Internet of Things privacy preserved access control. In: 2012 International Conference for Internet Technology And Secured Transactions, pp. 597–602 (2012)Google Scholar
  16. 16.
    Hussain, S.H., Geetha, S., Prabhakar, M.A.: Design and implementation of an adaptive model for sustainable home automation using Internet of Things (IoT). Int. J. Adv. Eng. Tech. VII(1), 827–829 (2016)Google Scholar
  17. 17.
    Jia, Y.J., et al.: ContexloT: towards providing contextual integrity to appified IoT platforms. In: Network and Distributed System Security Symposium (NDSS), pp. 1–15 (2017)Google Scholar
  18. 18.
    Karaboga, M., et al.: Das versteckte Internet: Zu Hause - im Auto - am Körper. White paper, Forum Privatheit und selbstbestimmtes Leben in der digitalen Welt (2015)Google Scholar
  19. 19.
    Khan, M.S.N., Marchal, S., Buchegger, S., Asokan, N.: chownIoT: enhancing IoT privacy by automated handling of ownership change. In: Kosta, E., Pierson, J., Slamanig, D., Fischer-Hübner, S., Krenn, S. (eds.) Privacy and Identity 2018. IAICT, vol. 547, pp. 205–221. Springer, Cham (2019). Scholar
  20. 20.
    Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)CrossRefGoogle Scholar
  21. 21.
    Lee, H., Kobsa, A.: Understanding user privacy in Internet of Things environments. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 407–412 (2016)Google Scholar
  22. 22.
    Li, X., Niu, J., Bhuiyan, M.Z.A., Wu, F., Karuppiah, M., Kumari, S.: A robust ECC-based provable secure authentication protocol with privacy preserving for industrial Internet of Things. IEEE Trans. Ind. Inform. 14(8), 3599–3609 (2017)CrossRefGoogle Scholar
  23. 23.
    Martin, K., Nissenbaum, H.: Measuring privacy: an empirical test using context to expose confounding variables. Columbia Sci. Technol. Law Rev. 18, 176–218 (2016)Google Scholar
  24. 24.
    McReynolds, E., Hubbard, S., Lau, T., Saraf, A., Cakmak, M., Roesner, F.: Toys that listen: a study of parents, children, and internet-connected toys. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 5197–5207 (2017)Google Scholar
  25. 25.
    Naeini, P.E., et al.: Privacy expectations and preferences in an IoT world. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 399–412 (2017)Google Scholar
  26. 26.
    Ouaddah, A., Abou Elkalam, A., Ait Ouahman, A.: FairAccess: a new blockchain-based access control framework for the Internet of Things. Secur. Commun. Netw. 9(18), 5943–5964 (2016)CrossRefGoogle Scholar
  27. 27.
    Pasquale, F.: The Black Box Society: the Secret Algorithms that Control Money and Information. Harvard University Press, Cambridge (2015)CrossRefGoogle Scholar
  28. 28.
    Perera, C., McCormick, C., Bandara, A.K., Price, B.A., Nuseibeh, B.: Privacy-by-design framework for assessing Internet of Things applications and platforms. In: Proceedings of the 6th International Conference on the Internet of Things (ACM), pp. 83–92 (2016)Google Scholar
  29. 29.
    Su, J., Cao, D., Zhao, B., Wang, X., You, I.: ePASS: an expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things. Future Gener. Comp. Sys. 33, 11–18 (2014)CrossRefGoogle Scholar
  30. 30.
    Udoh, E.S., Alkharashi, A.: Privacy risk awareness and the behavior of smartwatch users: a case study of Indiana University Students. In: 2016 Future Technologies Conference (FTC), pp. 926–931 (2016)Google Scholar
  31. 31.
    Wang, X., Zhang, J., Schooler, E.M., Ion, M.: Performance evaluation of attribute-based encryption: toward data privacy in the IoT. In: 2014 IEEE International Conference on Communications (ICC), pp. 725–730 (2014)Google Scholar
  32. 32.
    Yang, J.C., Fang, B.X.: Security model and key technologies for the Internet of Things. J. China Univ. Posts Telecommun. 18, 109–112 (2011)CrossRefGoogle Scholar
  33. 33.
    Yang, L., Humayed, A., Li, F.: A multi-cloud based privacy-preserving data publishing scheme for the Internet of Things. In: Proceedings of the 32nd Annual Conference on Computer Security Applications (ACM), pp. 30–39 (2016)Google Scholar
  34. 34.
    Yang, W., Li, N., Qi, Y., Qardaji, W., McLaughlin, S., McDaniel, P.: Minimizing private data disclosures in the smart grid. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 415–427 (2012)Google Scholar
  35. 35.
    Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the Internet-of-Things. In: Proceedings of the 14th ACM Workshop on Hot Topics in Networks. Article no. 5 (2015)Google Scholar
  36. 36.
    Zeng, E., Mare, S., Roesner, F.: End user security and privacy concerns with smart homes. In: Proceedings of the Thirteenth USENIX Conference on Usable Privacy and Security (SOUPS 2017), pp. 65–80 (2017)Google Scholar
  37. 37.
    Zheng, S., Apthorpe, N., Chetty, M., Feamster, N.: User perceptions of smart home IoT privacy. In: Proceedings of the ACM on Human-Computer Interaction, vol. 2, Article no. (CSCW 200), pp. 1–20 (2018)CrossRefGoogle Scholar
  38. 38.
    Zhou, W., Jia, Y., Peng, A., Zhang, Y., Liu, P.: The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Internet Things J. 6(2), 1606–1616 (2019)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2020

Authors and Affiliations

  1. 1.Georg-August-Universität GöttingenGöttingenGermany

Personalised recommendations