Skip to main content
SpringerLink
Log in

Toward GDPR Compliance in IoT Systems

  • Conference paper
  • First Online:
Service-Oriented Computing – ICSOC 2019 Workshops (ICSOC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12019))

Included in the following conference series:

Abstract

The General Data Protection Regulation (GDPR) allow citizens to control their data. For that, they must define and update their security data policies that are generally more sophisticated and more dynamic than classical access control policies managed by system administrators. Consequently, GDPR implementation in modern scalable and dynamic systems like IoT is still a challenge. We propose a security model for data privacy and an original solution where a GDPR consent manager is integrated using Complex Event Processing (CEP) system and following the edge computing. We show, through a smart home IoT system, the efficiency of our approach in terms of flexibility and scalability.

This project is carried out under the MOBIDOC scheme, funded by the EU through the EMORI program and managed by the ANPR.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. GDPR. https://gdpr-info.eu/. Acessed 22 Aug 2019

  2. Luckham, D.: The power of events: an introduction to complex event processing in distributed enterprise systems. In: Bassiliades, N., Governatori, G., Paschke, A. (eds.) RuleML 2008. LNCS, vol. 5321, p. 3. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88808-6_2

    Chapter  Google Scholar 

  3. Etzion, O., Niblett, P.: Event Processing in Action, 1st edn. Manning Publications, Greenwich (2010)

    Google Scholar 

  4. Verma, H., Jain, M., Goel, K., Vikram, A., Verma, G.: Smart home system based on Internet of Things. In: 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 2073–2075. IEEE, New Delhi (2016)

    Google Scholar 

  5. Pham, P.: The applicability of the GDPR to the Internet of Things. J. Data Prot. Priv. 2(3), 254–263 (2019)

    Google Scholar 

  6. Vargas, J.C.: Blockchain-based consent manager for GDPR compliance. In: Open Identity Summit 2019. Gesellschaft für Informatik, Bonn (2019)

    Google Scholar 

  7. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union. L119, 1–88 (2016)

    Google Scholar 

  8. Seo, J., Kim, K., Park, M., Park, M., Lee, K.: An analysis of economic impact on IoT under GDPR. In: 2017 International Conference on Information and Communication Technology Convergence (ICTC), pp. 879–881. IEEE, Jeju, South Korea (2017)

    Google Scholar 

  9. Wachter, S.: Normative challenges of identification in the Internet of Things: privacy, profiling, discrimination, and the GDPR. Comput. Law Secur. Rev. 34(3), 436–449 (2018)

    Article  MathSciNet  Google Scholar 

  10. Wachter, S.: The GDPR and the Internet of Things: a three-step transparency model. Law Innov. Technol. 10(2), 266–294 (2018)

    Article  Google Scholar 

  11. Castelluccia, C., Cunche, M., Le Metayer, D., Morel, V.: Enhancing transparency and consent in the IoT. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 116–119. IEEE, London, UK (2018)

    Google Scholar 

  12. Chen, C., Fu, H., Sung, T., Wang, P., Jou, E., Feng, M.: Complex event processing for the Internet of Things and its applications. In: 2014 IEEE International Conference on Automation Science and Engineering (CASE), pp. 1144–1149. IEEE, Taipei, Taiwan (2014)

    Google Scholar 

  13. Jun, C., Chi, C.: Design of complex event-processing IDS in Internet of Things. In: 2014 Sixth International Conference on Measuring Technology and Mechatronics Automation, pp. 226–229. IEEE, Zhangjiajie, China (2014)

    Google Scholar 

  14. Kaya, M., Cetin-Kaya, Y.: Complex event processing using IOT devices based on Arduino. Int. J. Cloud Comput. Serv. Architect. IJCCSA 7, 13–24 (2017)

    Article  Google Scholar 

  15. Nocera, F., Di Noia, T., Mongiello, M., Di Sciascio, E.: Semantic IoT middleware-enabled mobile complex event processing for integrated pest management. In: 7th International Conference on Cloud Computing and Services Science (2017)

    Google Scholar 

  16. Strohbach, M., Ziekow, H., Gazis, V., Akiva, N.: Towards a big data analytics framework for iot and smart city applications. In: Xhafa, F., Barolli, L., Barolli, A., Papajorgji, P. (eds.) Modeling and Processing for Next-Generation Big-Data Technologies. MOST, vol. 4, pp. 257–282. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-09177-8_11

    Chapter  Google Scholar 

  17. Rhahla, M., Allegue, S., Abdellatif, T.: A framework for GDPR compliance in big data systems. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds.) CRiSIS 2019. LNCS, vol. 12026, pp. 211–226. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41568-6_14

    Chapter  Google Scholar 

  18. Boubeta-Puig, J., Ortiz, G., Medina-Bulo, I.: Approaching the Internet of Things through integrating SOA and complex event processing. In: Handbook of Research on Demand-Driven Web Services: Theory, Technologies, and Applications, pp. 304–323. IGI Global (2014)

    Google Scholar 

  19. Lan, L., Wang, B., Zhang, L., Shi, R., Li, F.: An event-driven service-oriented architecture for Internet of Things service execution. Int. J. Online Eng. (iJOE) 11, 4 (2015)

    Article  Google Scholar 

  20. Corcoran, P., Datta, K.: Mobile-edge computing and the Internet of Things for consumers: extending cloud computing and services to the edge of the network. IEEE Consum. Electron. Mag. 5(4), 73–74 (2016)

    Article  Google Scholar 

  21. Esper. http://www.espertech.com/. Accessed 19 Aug 2019

  22. Flink Gelly API. https://flink.apache.org/news/2015/08/24/introducing-flink-gelly.html. Accessed 29 Aug 2019

  23. WSO2 CEP. https://wso2.com/products/complex-event-processor/. Accessed 19 Aug 2019

  24. Kibana. https://www.elastic.co/fr/products/kibana. Accessed 19 Aug 2019

  25. Apache Flink. https://ci.apache.org/projects/flink/flink-docs-release-1.8/. Accessed 19 Aug 2019

  26. Platform for Privacy Preferences (P3P). https://www.w3.org/P3P/. Accessed 26 Aug 2019

  27. Security Assertion Markup Language (SAML). http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html. Accessed 26 Aug 2019

  28. EXtensible Access Control Markup Language (XACML). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html. Accessed 26 Aug 2019

  29. Dynamic Tables. https://ci.apache.org/projects/flink/flink-docs-stable/dev/table/streaming/dynamic_tables.html. Accessed 27 Aug 2019

  30. Abdellatif, T., Bozga, M.: An end-to-end security model for adaptive service-oriented applications. In: Braubach, L., Murillo, J.M., Kaviani, N., Lama, M., Burgueño, L., Moha, N., Oriol, M. (eds.) ICSOC 2017. LNCS, vol. 10797, pp. 43–54. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91764-1_4

    Chapter  Google Scholar 

  31. Java-vault-driver. https://bettercloud.github.io/vault-java-driver/. Accessed 26 Aug 2019

  32. Crabtree, A., et al.: Building accountability into the Internet of Things: the IoT databox model. J. Reliable Intell. Environ. 4(1), 39–55 (2018). https://doi.org/10.1007/s40860-018-0054-5

    Article  Google Scholar 

  33. Rhahla, M., Abdellatif, T., Attia, R., Berrayana, W.: A GDPR controller for IoT systems: application to e-Health. In: 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) (2019)

    Google Scholar 

  34. Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., Kritsas, A.: ADvoCATE: a consent management platform for personal data processing in the IoT using blockchain technology. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 300–313. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_23

    Chapter  Google Scholar 

  35. Vault. https://www.vaultproject.io. Accessed 01 Aug 2019

  36. Dhillon, A., Majumdar, S., St-Hilaire, M., El-Haraki, A.: A mobile complex event processing system for remote patient monitoring. In: IEEE International Congress on Internet of Things (ICIOT) (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Polytechnic School of Tunisia, SERCOM, University of Carthage, Carthage, Tunisia

    Sahar Allegue, Mouna Rhahla & Takoua Abdellatif

  2. Proxym-Lab, Proxym-IT, Sousse, Tunisia

    Sahar Allegue & Mouna Rhahla

Authors
  1. Sahar Allegue
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mouna Rhahla
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Takoua Abdellatif
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Sahar Allegue , Mouna Rhahla or Takoua Abdellatif .

Editor information

Editors and Affiliations

  1. LAAS-CNRS, Toulouse, France

    Sami Yangui

  2. University of Sydney, Sydney, NSW, Australia

    Athman Bouguettaya

  3. Tianjin University, Tianjin, China

    Xiao Xue

  4. University of Lyon, Villeurbanne, France

    Noura Faci

  5. Télécom SudParis, Évry, France

    Walid Gaaloul

  6. Rochester Institute of Technology, Rochester, NY, USA

    Qi Yu

  7. University of Geosciences in Beijing, Beijing, China

    Zhangbing Zhou

  8. University of Toulouse 2, Toulouse, France

    Nathalie Hernandez

  9. University of São Paulo, São Paulo, Brazil

    Elisa Y. Nakagawa

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Allegue, S., Rhahla, M., Abdellatif, T. (2020). Toward GDPR Compliance in IoT Systems. In: Yangui, S., et al. Service-Oriented Computing – ICSOC 2019 Workshops. ICSOC 2019. Lecture Notes in Computer Science(), vol 12019. Springer, Cham. https://doi.org/10.1007/978-3-030-45989-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-45989-5_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-45988-8

  • Online ISBN: 978-3-030-45989-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation