A Privacy Engineering Framework for the Internet of Things
Chapter
- 4 Citations
- 1.8k Downloads
Abstract
This paper describes a privacy engineering framework for the Internet of Things (IoT). It shows how existing work and research on IoT privacy and on privacy engineering can be integrated into a set of foundational concepts that will help practice privacy engineering in the IoT. These concepts include privacy engineering objectives, privacy protection properties, privacy engineering principles, elicitation of requirements for privacy and design of associated features. The resulting framework makes the key difference between privacy engineering for IoT systems targeting data controllers, data processors and associated integrators, and privacy engineering for IoT subsystems, targeting suppliers.
Keywords
Privacy-by-design Internet of things IoT system IoT subsystem Integrator SupplierReferences
- David Sweeny, MIT Technology Review’s New Issue Reveals Annual 10 Breakthrough Technologies. Digital Press Release. 2013. Available via: http://www.technologyreview.com/pressroom/pressrelease/20130423-10-breakthrough-technologies/, last visited on 21.06.2016.
- Article 29 Data Protection Working Party: Opinion 03/2013 on purpose limitation adopted on 2 April 2013. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf;, last visited on 21.06.2016.
- Lee Rainie and Janna Anderson, The Future of Privacy. Pew Research Center. December 18, 2014. Available via: http://www.pewinternet.org/2014/12/18/future-of-privacy/, last visited on 21.06.2016.
- Directive 95/46/EC http://ec.europa.eu/justice/policies/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf, last visited on 21.06.2016.
- General Data Protection Regulation: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf, last visited on 21.06.2016.
- Mandate M530 on privacy management of security projects and services. http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail%26id=548; last visited on 21.06.2016.
- Privacy-by-Design. http://www.ipc.on.ca/english/Privacy/Introduction-to-PbD, last visited on 21.06.2016.
- Dave Evans, The Internet of Things: How the Next Evolution of the Internet Is Changing Everything. April 2011. http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf, last visited on 21.06.2016
- Tragos, E. Z., Angelakis, V., Fragkiadakis, A., Gundlegard, D., Nechifor, C. S., Oikonomou, G. & Gavras, A. (2014a, March). Enabling reliable and secure IoT-based smart city applications. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2014 IEEE International Conference on (pp. 111–116). IEEE.Google Scholar
- Pöhls, H. C., Angelakis, V., Suppan, S., Fischer, K., Oikonomou, G., Tragos, E. Z., & Mouroutis, T. (2014, April). RERUM: Building a reliable IoT upon privacy-and security-enabled smart objects. In Wireless Communications and Networking Conference Workshops (WCNCW), 2014 IEEE (pp. 122-127). IEEE.Google Scholar
- Bassi, A., Bauer, M., Fiedler, M., Kramp, T., Van Kranenburg, R., Lange, S., & Meissner, S. (2013). Enabling things to talk. Designing IoT Solutions With the IoT Architectural Reference Model, 163-211.Google Scholar
- AIOTI - High Level Architecture, 2015. https://docbox.etsi.org/smartM2M/Open/AIOTI/!!20151014Deliverables/AIOTI WG3 IoT High Level Architecture - Release_2_0-lines.pdf, last visited on 25.06.2016.
- International Organization for Standardization (ISO) (n.d.), Internet of Things Reference Architecture (IoT RA), Under development.Google Scholar
- Elias Tragos, et al., Deliverable D2.5 – Final System Architecture. RERUM Deliverable. 2014b. Available via: https://bscw.ict-rerum.eu/pub/bscw.cgi/d31979/RERUM%20deliverable%20D2_5.pdf, last visited on 21.06.2016.
- Organization for the Advancement of Structured Information Standards (OASIS) Privacy Management Reference Model and Methodology (PMRM), Version 1.0. July 2013. http://docs.oasis-open.org/pmrm/PMRM/v1.0/PMRM-v1.0.pdf, last visited on 21.06.2016.
- Leonid Titkov, Poslad Stefan, and Jim Tan Juan, An integrated approach to user-centered privacy for mobile information services. Applied Artificial Intelligence 20.2-4 (2006): 159-178.Google Scholar
- Florian Scheuer, Klaus Plößl and Hannes Federrath, Preventing profile generation in vehicular networks. Networking and Communications, 2008. WIMOB'08. IEEE International Conference on Wireless and Mobile Computing, IEEE, 2008.Google Scholar
- Elias Tragos, et al., Deliverable D2.3 - System Architecture. RERUM Deliverable. 2014c. Available via: https://bscw.ict-rerum.eu/pub/bscw.cgi/d18321/RERUM%20deliverable%20D2_3.pdf, last visited on 21.06.2016.
- Siani Pearson and Marco Casassa Mont, Sticky policies: an approach for managing privacy across multiple parties. Computer 9 (2011): 60-68.Google Scholar
- Denise Demirel et al., Deliverable D4.4 - Overview of Functional and Malleable Signature Schemes. Prisma Cloud Deliverable. 2015. Available via: https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=86456, last visited on 21.06.2016.
- Mark Manulis, et al., Group Signatures: Authentication with Privacy. Federal Office for Information Security-Study, Cryptographic Protocols Group, Department of Computer Science, Technische Universität Darmstadt, Germany, 2012.Google Scholar
- Camenisch, Jan, and Els Van Herreweghen. “Design and implementation of the idemix anonymous credential system.” Proceedings of the 9th ACM conference on Computer and communications security. ACM, 2002.Google Scholar
- Batina Lejla, et al., Low-cost elliptic curve cryptography for wireless sensor networks. Security and Privacy in Ad-Hoc and Sensor Networks (pp. 6–17). Springer Berlin Heidelberg, 2006.Google Scholar
- Jorge Cuellar, Santiago Suppan, and Henrich Poehls. Privacy-Enhanced Tokens for Authorization in ACE. Internet Draft. 2015.Google Scholar
- ISO/IEC 29134 (2016 draft) Draft International Standard. Information technology — Security techniques — Privacy impact assessment — GuidelinesGoogle Scholar
- CNIL Privacy Impact Assessment. Methodology (2015): https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-1-Methodology.pdf Tool: https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-2-Tools.pdf. Good practices: https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-3-GoodPractices.pdf, last visited on 21.06.2016
- EC Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems (2014). https://ec.europa.eu/energy/sites/ener/files/documents/2014_dpia_smart_grids_forces.pdf, last visited on 21.06.2016
- ISO/IEC 29151. (2016 draft) Draft International Standard. Code of Practice for Personally identifiable information protection,Google Scholar
- LINDDUN privacy threat analysis methodology 2015, https://distrinet.cs.kuleuven.be/software/linddun/. last visited on 21.06.2016
- Antonio Kung, PEARs: Privacy Enhancing Architectures. Annual Privacy Forum, May 21–22, 2014, Athens, Greece. Proceedings APF14 “Privacy Technologies and Policy”. Lecture Notes in Computer Science Volume 8450, 2014, pp 18–29Google Scholar
- Software Architecture in Practice (3rd Edition), Len Bass, Paul Clementz, Rick Kazman. Addison-Wesley, 2012Google Scholar
- Japp Henk Hoepman, Privacy design strategies. ICT Systems Security and Privacy Protection – 29th IFIP TC 11 Int.Conf, SEC 2014, Marrakech, MoroccoGoogle Scholar
- Kent Beck et al., Manifesto for Agile Software Development. Agile Alliance. http://agilemanifesto.org/, last visited on 29.09.2015.
- OASIS Privacy by Design Documentation for Software Engineers (PbD-SE) TC https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pbd-se, last visited on 21.06.2016.
- ISO/IEC 29100:2011. Information technology – Security techniques – Privacy framework,Google Scholar
- Sarah Spiekermann and Lorrie Cranor, Privacy Engineering. IEEE Transactions on Software Engineering, Vol. 35, Nr. 1, January/February 2009, pp. 67–82.Google Scholar
- Sesa Gürses, Carmela Troncoso, and Claudia Diaz, Engineering Privacy-by-Design. Computers, Privacy & Data Protection, 2011Google Scholar
- Antonio Kung, Johan-Christoph Freytag, and Frank Kargl, “Privacy-by-design in ITS applications. 2nd IEEE International Workshop on Data Security and Privacy in wireless Networks, June 20, 2011, Lucca, Italy.Google Scholar
- NISTIR 8062 (Draft). “Privacy Risk Management for Federal Information Systems”. May 2015. http://csrc.nist.gov/publications/drafts/nistir-8062/nistir_8062_draft.pdf, last visited on 21.06.2016.
- Marit Hansen, Meiko Jensen, and Martin Rost, Protection Goals for Engineering Privacy. 2015 International Workshop on Privacy Engineering – IWPE'15.Google Scholar
- MITRE Privacy engineering framework. July 2014. http://www.mitre.org/publications/technical-papers/privacy-engineering-framework, last visited on 21.06.2016.
- The Privacy Engineer’s Manifesto. Getting from Policy to Code to QA to Value. Michelle Finnaran Dennedy, Jonathan Fox, Thomas Finneran. Apress. ISBN13: 978-1-4302-6355-5, January 2014.Google Scholar
- PRIPARE methodology. Final version. http://pripareproject.eu/wp-content/uploads/2013/11/PRIPARE-Methodology-Handbook-Final-Feb-24-2016.pdf, last visited 21.06.2016.
- Nicolás Notario et al., PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology. 2015 International Workshop on Privacy Engineering – IWPE'15.Google Scholar
- ISO/IEC 25010:2011 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE)) — System and software quality models.Google Scholar
- ISO/IEC 27034:2011 Information technology — Security techniques — Application securityGoogle Scholar
- Martin Kost, Johann-Christoph Freytag, Frank Kargl, Antonio Kung. Privacy Verification Using Ontologies. First International Workshop on Privacy by Design (PBD 2011), August 28, 2011, Vienna, AustriaGoogle Scholar
- Ann Cavoukian. Privacy-by-Design. The seven foundational principles. https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf, last visited on 21.06.2016.
- Munawar Hafiz, A Collection of Privacy Design Patterns. Proceedings of the Pattern Language of Programs Conference, 2006.CrossRefGoogle Scholar
- Sasha Romanosky, et al., Privacy Patterns for Online Interactions. Proceedings of the Pattern Languages of Programs Conference, 2006CrossRefGoogle Scholar
- Nick Doty, Privacy Design Patterns and Anti-Patterns. Trustbusters Workshop at the Symposium on Usable Privacy and Security. July 2013.Google Scholar
- ISO 31000:2009. Risk managementGoogle Scholar
- ISO/IEC 27005:2011 Information technology — Security techniques — Information security risk managementGoogle Scholar
- ETSI. Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis ETSI TS 102 165-1 V4.2.3 (2011-03)Google Scholar
- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan. Improving Web Application Security: Threats and Countermeasures, Microsoft Corporation. Published: June 2003. Chapter 2 Threats and Countermeasures. https://msdn.microsoft.com/en-us/library/ff648641.aspx, last visited 21.06.2016.
- A. van Lamsweerde, Goal-Oriented Requirements Engineering: A Guided Tour. 5th International Symposium on Requirements Engineering, IEEE Computer Society Press, 2001Google Scholar
- ISO/IEC/IEEE 15288:2015 Systems and software engineering – System life cycle processesGoogle Scholar
Copyright information
© Springer International Publishing AG 2017