04 Sep

30 ways to improve IoT privacy

    Much work still must be done before the industrial and municipal Internet of Things (IoT) becomes widely adopted outside of the circle of innovators. One field, privacy, well understood by the public and private sector in the context of the cloud, PCs and mobile, is in the early stage of adaptation for the IoT.

    The sheer volume of data that will be collected and the new more granular architecture of the IoT present new privacy concerns that need to be resolved on an equal scale as the platform’s forecasted growth.

    A demonstration of this new aspect of privacy and compliance is the Privacy Guidelines for Internet of Things: Cheat Sheet, Technical Report (pdf) by Charith Perera, researcher at the Newcastle University in the U.K. The nine-page report details 30 points about implementing strong privacy protections. This report is summarized below.

    30 ways IoT developers can improve IoT privacy

    1. Minimize data acquisition
    Software architects should look at the frequency and type of data collected in the context of the application and should not collect more data than the task requires. The platform should control which data an application receives.

    2. Minimize the number of data sources
    Aggregation of data from multiple sources allows malicious parties to identify sensitive personal information of an individual that could lead to privacy violations.

    3. Minimize raw data intake
    Raw data could lead to secondary usage and privacy violation. Therefore, IoT platforms should consider converting or transforming raw data into secondary context data.

    4. Minimize knowledge discovery
    IoT applications should discover only the knowledge necessary to achieve their primary objectives. For example, if the objective is to recommend food plans, the app should not attempt to infer users’ health status without their explicit permission.

    5. Minimize data storage
    Raw data should be deleted once secondary context is derived.

    6. Minimize the data retention period
    Longer retention periods give malicious parties more time to breach and exfiltrate data.

    7. Support hidden data routing
    To make it more difficult for internet activities to be traced back to the users, this guideline suggests that IoT applications should support and employ an anonymous routing mechanism.

    8. Anonymize data
    Remove personally identifiable information (PII) before the data gets used by IoT applications so that the people described by the data remain anonymous.

    9. Encrypt data communications
    Typically, device-to-device communications are encrypted at the link layer using special electronic hardware included in the radio modules. Gateway-to-cloud communication is typically secured through HTTPS using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).

    10. Encrypt data during processing
    Sometimes the party processing the data should not be able to read the data or the computational results. Process data while they are in encrypted form. For example, homomorphic encryption is a form of encryption that allows computations to be carried out on cipher-text, thus generating an encrypted result that, when decrypted, matches the result of operations performed on the plain-text.

    11. Encrypt data in storage
    Encrypted data storage reduces any privacy violations due to malicious attacks and unauthorized access.

    12. Reduce data granularity
    IoT applications should request the minimum level of granularity that is required to perform their primary tasks. A higher level of granularity could lead to secondary data usage and eventually privacy violations. For example, location can be coarse-based on cell tower location or fine-based on address.

    13. Query answering
    Raw data can lead to identification and privacy violations due to secondary usage. Instead of providing a numeric response to a query a relative scale, e.q. 1 – 5 should be used.

    14. Block repeated queries
    Query responses should block multiple queries that maliciously could discover knowledge that violates user privacy, such as analyzing intersections of multiple results.

    15. Distribute data processing
    Distributed data processing avoids centralized large-scale data gathering and exfiltration.

    16. Distribute data storage
    Distributed data storage reduces any privacy violation due to malicious attacks and unauthorized access. It also reduces privacy risks due to unconsented secondary knowledge discovery.

    17. Knowledge discovery based on aggregated data
    New knowledge, such as the visitors to the park were young students during a time period, is sufficient for a gift shop to perform time series sales analysis. But the exact timing of their movement is not necessary.

    18. Aggregate geography-based data
    Geographic data should be aggregated within boundaries. For example, how many electric vehicles are in use in each city should not store details about individual vehicles.

    19. Aggregate data based on chain
    A query that asks for a count or average should be aggregated as the data passes from node to node to reduce the amount of centralized data subject to breach or secondary usage.

    20. Aggregate data based on time period
    Energy consumption of a given house can be acquired and represented in aggregated form as 160 kWh per month instead of gathering energy consumption daily or hourly.

    21. Aggregate data based on category
    Aggregating based on a category that meets the needs of the analysis rather than exact data prevents secondary use. For example, categorizing a household’s energy use in the range of 150 – 200 kWh instead of exact usage.

    22. Disclose information to users
    Data subjects should be adequately informed whenever data they own is acquired, processed or disseminated.

    23. Apply controls
    It is the software architects’ responsibility to consider what kind of controls are useful to data owners, especially when data owners are not knowledgeable. Some of the considerations: 1) data granularity, 2) anonymization technique, 3) data retention period, and 4) data dissemination.

    24. Log events
    Logging of events during all phases will allow both internal and external parties to examine what happened in the past to make sure a given system performed as promised.

    25. Perform audits regularly
    Systematic independent audits and examination of the logs, procedures, processes, hardware and software specifications should be performed regularly. Outside parties should by bound by non-disclosure agreements.

    26. Make apps open source
    Wherever possible IoT applications should be made available under open-source license so that outside parties can review the code and compliance demonstrated.

    27. Use data flow diagrams
    Data flow diagrams used by unified modeling language will allow interested parties to understand the data flows of a given IoT application and how data is treated for a demonstration of compliance.

    28. Get IoT apps certified
    Certifications given by a neutral authority will add trustworthiness to IoT applications.

    29.  Use industry standards
    Industry-wide standards such as AllJoyn and the All Seen Alliance typically inherit security measures that would reduce some privacy risks.

    30. Comply with policies and regulations
    Adherence to policies, laws, and regulations such as ISO 29100, OECD privacy principles and the European Commission’s rules on the protection of personal data will reduce privacy risks.

    Share this