A Privacy Engineering Framework for the Internet of Things

  • Antonio KungEmail author
  • Frank Kargl
  • Santiago Suppan
  • Jorge Cuellar
  • Henrich C. Pöhls
  • Adam Kapovits
  • Nicolás Notario McDonnell
  • Yod Samuel Martin
Part of the Law, Governance and Technology Series book series (LGTS, volume 36)


This paper describes a privacy engineering framework for the Internet of Things (IoT). It shows how existing work and research on IoT privacy and on privacy engineering can be integrated into a set of foundational concepts that will help practice privacy engineering in the IoT. These concepts include privacy engineering objectives, privacy protection properties, privacy engineering principles, elicitation of requirements for privacy and design of associated features. The resulting framework makes the key difference between privacy engineering for IoT systems targeting data controllers, data processors and associated integrators, and privacy engineering for IoT subsystems, targeting suppliers.


Privacy-by-design Internet of things IoT system IoT subsystem Integrator Supplier 


  1. David Sweeny, MIT Technology Review’s New Issue Reveals Annual 10 Breakthrough Technologies. Digital Press Release. 2013. Available via:, last visited on 21.06.2016.
  2. Article 29 Data Protection Working Party: Opinion 03/2013 on purpose limitation adopted on 2 April 2013.;, last visited on 21.06.2016.
  3. Lee Rainie and Janna Anderson, The Future of Privacy. Pew Research Center. December 18, 2014. Available via:, last visited on 21.06.2016.
  4. General Data Protection Regulation:, last visited on 21.06.2016.
  5. Mandate M530 on privacy management of security projects and services.; last visited on 21.06.2016.
  6. Privacy-by-Design., last visited on 21.06.2016.
  7. Dave Evans, The Internet of Things: How the Next Evolution of the Internet Is Changing Everything. April 2011., last visited on 21.06.2016
  8. Tragos, E. Z., Angelakis, V., Fragkiadakis, A., Gundlegard, D., Nechifor, C. S., Oikonomou, G. & Gavras, A. (2014a, March). Enabling reliable and secure IoT-based smart city applications. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2014 IEEE International Conference on (pp. 111–116). IEEE.Google Scholar
  9. Pöhls, H. C., Angelakis, V., Suppan, S., Fischer, K., Oikonomou, G., Tragos, E. Z., & Mouroutis, T. (2014, April). RERUM: Building a reliable IoT upon privacy-and security-enabled smart objects. In Wireless Communications and Networking Conference Workshops (WCNCW), 2014 IEEE (pp. 122-127). IEEE.Google Scholar
  10. Bassi, A., Bauer, M., Fiedler, M., Kramp, T., Van Kranenburg, R., Lange, S., & Meissner, S. (2013). Enabling things to talk. Designing IoT Solutions With the IoT Architectural Reference Model, 163-211.Google Scholar
  11. International Organization for Standardization (ISO) (n.d.), Internet of Things Reference Architecture (IoT RA), Under development.Google Scholar
  12. Elias Tragos, et al., Deliverable D2.5 – Final System Architecture. RERUM Deliverable. 2014b. Available via:, last visited on 21.06.2016.
  13. Organization for the Advancement of Structured Information Standards (OASIS) Privacy Management Reference Model and Methodology (PMRM), Version 1.0. July 2013., last visited on 21.06.2016.
  14. Leonid Titkov, Poslad Stefan, and Jim Tan Juan, An integrated approach to user-centered privacy for mobile information services. Applied Artificial Intelligence 20.2-4 (2006): 159-178.Google Scholar
  15. Florian Scheuer, Klaus Plößl and Hannes Federrath, Preventing profile generation in vehicular networks. Networking and Communications, 2008. WIMOB'08. IEEE International Conference on Wireless and Mobile Computing, IEEE, 2008.Google Scholar
  16. Elias Tragos, et al., Deliverable D2.3 - System Architecture. RERUM Deliverable. 2014c. Available via:, last visited on 21.06.2016.
  17. Siani Pearson and Marco Casassa Mont, Sticky policies: an approach for managing privacy across multiple parties. Computer 9 (2011): 60-68.Google Scholar
  18. Denise Demirel et al., Deliverable D4.4 - Overview of Functional and Malleable Signature Schemes. Prisma Cloud Deliverable. 2015. Available via:, last visited on 21.06.2016.
  19. Mark Manulis, et al., Group Signatures: Authentication with Privacy. Federal Office for Information Security-Study, Cryptographic Protocols Group, Department of Computer Science, Technische Universität Darmstadt, Germany, 2012.Google Scholar
  20. Camenisch, Jan, and Els Van Herreweghen. “Design and implementation of the idemix anonymous credential system.” Proceedings of the 9th ACM conference on Computer and communications security. ACM, 2002.Google Scholar
  21. Batina Lejla, et al., Low-cost elliptic curve cryptography for wireless sensor networks. Security and Privacy in Ad-Hoc and Sensor Networks (pp. 6–17). Springer Berlin Heidelberg, 2006.Google Scholar
  22. Jorge Cuellar, Santiago Suppan, and Henrich Poehls. Privacy-Enhanced Tokens for Authorization in ACE. Internet Draft. 2015.Google Scholar
  23. ISO/IEC 29134 (2016 draft) Draft International Standard. Information technology — Security techniques — Privacy impact assessment — GuidelinesGoogle Scholar
  24. EC Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems (2014)., last visited on 21.06.2016
  25. ISO/IEC 29151. (2016 draft) Draft International Standard. Code of Practice for Personally identifiable information protection,Google Scholar
  26. LINDDUN privacy threat analysis methodology 2015, last visited on 21.06.2016
  27. Antonio Kung, PEARs: Privacy Enhancing Architectures. Annual Privacy Forum, May 21–22, 2014, Athens, Greece. Proceedings APF14 “Privacy Technologies and Policy”. Lecture Notes in Computer Science Volume 8450, 2014, pp 18–29Google Scholar
  28. Software Architecture in Practice (3rd Edition), Len Bass, Paul Clementz, Rick Kazman. Addison-Wesley, 2012Google Scholar
  29. Japp Henk Hoepman, Privacy design strategies. ICT Systems Security and Privacy Protection – 29th IFIP TC 11 Int.Conf, SEC 2014, Marrakech, MoroccoGoogle Scholar
  30. Kent Beck et al., Manifesto for Agile Software Development. Agile Alliance., last visited on 29.09.2015.
  31. OASIS Privacy by Design Documentation for Software Engineers (PbD-SE) TC, last visited on 21.06.2016.
  32. ISO/IEC 29100:2011. Information technology – Security techniques – Privacy framework,Google Scholar
  33. Sarah Spiekermann and Lorrie Cranor, Privacy Engineering. IEEE Transactions on Software Engineering, Vol. 35, Nr. 1, January/February 2009, pp. 67–82.Google Scholar
  34. Sesa Gürses, Carmela Troncoso, and Claudia Diaz, Engineering Privacy-by-Design. Computers, Privacy & Data Protection, 2011Google Scholar
  35. Antonio Kung, Johan-Christoph Freytag, and Frank Kargl, “Privacy-by-design in ITS applications. 2nd IEEE International Workshop on Data Security and Privacy in wireless Networks, June 20, 2011, Lucca, Italy.Google Scholar
  36. NISTIR 8062 (Draft). “Privacy Risk Management for Federal Information Systems”. May 2015., last visited on 21.06.2016.
  37. Marit Hansen, Meiko Jensen, and Martin Rost, Protection Goals for Engineering Privacy. 2015 International Workshop on Privacy Engineering – IWPE'15.Google Scholar
  38. MITRE Privacy engineering framework. July 2014., last visited on 21.06.2016.
  39. The Privacy Engineer’s Manifesto. Getting from Policy to Code to QA to Value. Michelle Finnaran Dennedy, Jonathan Fox, Thomas Finneran. Apress. ISBN13: 978-1-4302-6355-5, January 2014.Google Scholar
  40. Nicolás Notario et al., PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology. 2015 International Workshop on Privacy Engineering – IWPE'15.Google Scholar
  41. ISO/IEC 25010:2011 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE)) — System and software quality models.Google Scholar
  42. ISO/IEC 27034:2011 Information technology — Security techniques — Application securityGoogle Scholar
  43. Martin Kost, Johann-Christoph Freytag, Frank Kargl, Antonio Kung. Privacy Verification Using Ontologies. First International Workshop on Privacy by Design (PBD 2011), August 28, 2011, Vienna, AustriaGoogle Scholar
  44. Ann Cavoukian. Privacy-by-Design. The seven foundational principles., last visited on 21.06.2016.
  45. Munawar Hafiz, A Collection of Privacy Design Patterns. Proceedings of the Pattern Language of Programs Conference, 2006.CrossRefGoogle Scholar
  46. Sasha Romanosky, et al., Privacy Patterns for Online Interactions. Proceedings of the Pattern Languages of Programs Conference, 2006CrossRefGoogle Scholar
  47. Nick Doty, Privacy Design Patterns and Anti-Patterns. Trustbusters Workshop at the Symposium on Usable Privacy and Security. July 2013.Google Scholar
  48. ISO 31000:2009. Risk managementGoogle Scholar
  49. ISO/IEC 27005:2011 Information technology — Security techniques — Information security risk managementGoogle Scholar
  50. ETSI. Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis ETSI TS 102 165-1 V4.2.3 (2011-03)Google Scholar
  51. J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan. Improving Web Application Security: Threats and Countermeasures, Microsoft Corporation. Published: June 2003. Chapter 2 Threats and Countermeasures., last visited 21.06.2016.
  52. A. van Lamsweerde, Goal-Oriented Requirements Engineering: A Guided Tour. 5th International Symposium on Requirements Engineering, IEEE Computer Society Press, 2001Google Scholar
  53. ISO/IEC/IEEE 15288:2015 Systems and software engineering – System life cycle processesGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Antonio Kung
    • 1
    Email author
  • Frank Kargl
    • 2
  • Santiago Suppan
    • 3
  • Jorge Cuellar
    • 3
  • Henrich C. Pöhls
    • 4
  • Adam Kapovits
    • 5
  • Nicolás Notario McDonnell
    • 6
  • Yod Samuel Martin
    • 7
  1. 1.TrialogParisFrance
  2. 2.Institute of Distributed SystemsUlm UniversityUlmGermany
  3. 3.SiemensMunichGermany
  4. 4.University of PassauPassauGermany
  5. 5.EurescomHeidelbergGermany
  6. 6.Atos Consulting CanariasSanta Cruz de TenerifeSpain
  7. 7.Universidad Politécnica de MadridMadridSpain

Personalised recommendations