Building private-by-design IoT systems

Open Access
Author:
Description:
With the rapid adoption of Internet of Things (IoT) technologies and a growing amount and variety of sensitive data collected by various IoT systems, the mechanisms commonly used to ensure individual privacy and security are still insufficient. Numerous security breaches and sensitive data leaks have become a commonplace. This is mainly due to the fact that traditional security mechanisms can only restrict access to a given IoT data source, but not what can be done with that data after the access has been granted. In this thesis, we reimagine the concept of IoT systems design which aims to give users full control of sensor data generated by their devices, and to provide mechanisms for users to specify and enforce their privacy and security preferences regarding sensor data collection, processing and sharing. To achieve these goals, we propose several novel systems that collectively span across several domains: local, cloud and mobile. For the local domain, we present HomePad, a privacy-aware smart hub for home environment which allows users to determine how various IoT applications (apps) access and process sensitive data collected by smart devices, and to block those apps that violate the privacy preferences specified by the users. To this end, HomePad introduces two key design concepts: (1) a novel dataflow programming model which makes sensitive data flows within apps explicit, and (2) an element-based app structure which allows to model any smart home app as a directed graph and automatically verify its data flows against user-defined privacy policies using Prolog predicates. For the cloud domain, we propose PatrIoT, a private-by-design IoT platform that extends HomePad's dataflow programming model to the cloud. It leverages Intel SGX to prevent unauthorized access to the sensor data by untrusted cloud providers, and offers homeowners an intuitive security abstraction named flowwall which allows them to specify easy-to-use policies for controlling sensitive sensor data flows within the apps they install. ...
Contributors:
UCL - SST/ICTM/INGI - Pôle en ingénierie informatique ; UCL - Ecole Polytechnique de Louvain ; Sadre, Ramin ; Legay, Axel ; Pecheur, Charles ; Haddadi, Hamed ; Domingos, Henrique
Year of Publication:
2021
Document Type:
info:eu-repo/semantics/doctoralThesis ; [Doctoral and postdoctoral thesis]
Language:
eng
Subjects:
Internet of Things (IoT) ; Privacy policy ; Data privacy ; Dataflow programming model ; Private-by-design ; Security
DDC:
005 Computer programming, programs & data (computed)
Rights:
info:eu-repo/semantics/openAccess
Relations:
URL:
http://hdl.handle.net/2078.1/254399
Content Provider:
DIAL@UCLouvain (Université catholique de Louvain)  Flag of Belgium