Hello !
Trace: Communication Module Combo module III Module: Blockchain in IoT (M5)

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:iot-open:security_and_privacy_in_iot_ume:iot_privacy [2017/10/25 18:41] kap2foxen:iot-open:security_and_privacy_in_iot_ume:iot_privacy [2020/07/20 12:00] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== IoT privacy ======+=====  =====  
 +<box #d04a25></box> 
 +<box #d04a25></box> 
 +===== IoT Privacy ===== 
 +<box #d04a25></box> 
 +<box #d04a25></box>
  
  
-Protecting consumer privacy becomes increasingly difficult as the IoT becomes more prevalent. More devices are connected to different types of devices and this increase in connectivity and data collection results in less control. Both control of data and control of the very devices that are connected are at stake.+Protecting consumer privacy becomes increasingly tricky as the IoT becomes more prevalent. More devices are connected to different types of devices and this increase in connectivity and data collection results in less control. Both controls of data and control of the very devices that are connected are at stake.
  
-Control can be lost if someone hacks into the smartphone or computer acting as a remote for the other devices. In the case of computers and smartphones, this hacking can be done remotely and often undetected. Smartphones, just like computers, carry an enormous amount of personal information about their owners. They often link to bank accounts, email accounts, and in some cases household appliances. Stolen data can result in serious problems. Vehicles contain many computers that control their function. Initially, these computers could not be hacked into. With the increased connectivity of the IoT, however, vehicles are now at risk due to being connected to the Internet.+Control can be lost if someone hacks into the smartphone or computer acting as a remote for the other devices. In the case of computers and smartphones, this hacking can be done remotely and often undetected. Smartphones, just like computers, carry an enormous amount of personal information about their owners. They often link to bank accounts, email accounts, and in some caseshousehold appliances. Stolen data can result in serious problems. Vehicles contain many computers that control their function. Initially, these computers could not be hacked into. With the increased connectivity of the IoT, however, vehicles are now at risk due to being connected to the Internet.
  
-In another sense, control can be lost as more and more companies collect data about users. This data often paints a detailed picture of individual users through the collection of activities online. Everything you search, all of your activities online, are being tracked by companies that use that data. These companies often use the data to improve the user's experience, but they also use this data to sell users products or sell to other companies who sell users products.+In another sense, control can be lost as more and more companies collect data about users. This data often paints a detailed picture of individual users through the collection of activities online. Everything you search, all of your activities online, are being tracked by companies that use that data ((Arijit Ukil, Soma Bandyopadhyay, Arpan Pal, "Privacy for IoT: Involuntary privacy enablement for smart energy systems", Communications (ICC) 2015 IEEE International Conference on, pp. 536-541, 2015, ISSN 1550-3607.)). These companies often use the data to improve the user's experience, but they also use this data to sell users products or sell to other companies who sell users products.
  
-Innovation in this realm means that companies must alter the privacy policies that are in place as well as how they interact with these devices. Companies will need to take another look at the policies that they have in place to ensure that consumers are offered opportunities to access and control their own data. Consumers will become increasingly aware of the privacy implications of this level of connectivity through interaction with the IoT and exposure to the policies that companies provide to them.+Innovation in this realm means that companies must alter the privacy policies that are in place as well as how they interact with these devices. Companies will need to take another look at the policies that they have in place to ensure that consumers are offered opportunities to access and control their data. Consumers will become increasingly aware of the privacy implications of this level of connectivity through interaction with the IoT and exposure to the policies that companies provide to them.
  
-Frank Pasquale, law professor and EPIC advisory board member discusses privacy concerns related to the IoT in a May 2014 Pew Research Report. Pasquale states that the expansion of the IoT will result in a world that is more "prison-likewith a "small class of 'watchers' and a much larger class of the experimented upon, the watched.In another article, he reinforces the idea that the IoT "will be a tool for other people to keep tabs on what the populace is doing.+Frank Pasquale, law professor and EPIC advisory board member ((https://epic.org/privacy/internet/iot/)) discusses privacy concerns related to the IoT in a May 2014 Pew Research Report. Pasquale states that the expansion of the IoT will result in a world that is more prison-like” with a small class of 'watchers' and a much broader class of the experimented upon, the watched.” In another article, he reinforces the idea that the IoT will be a tool for other people to keep tabs on what the populace is doing. 
  
-EPIC President, Marc Rotenberg, explains in the Pew Research Report that the problem with the IoT is that "users are just another category of things,and states that this "is worth thinking about more deeply about in the future."+EPIC President, Marc Rotenberg, explains in the Pew Research Report that the problem with the IoT is that users are just another category of things,” and states that this is worth thinking about more deeply about in the future.
  
-There are many actual issues with IoT privacy and all of them must be must be in detailed explored, but here are general ways **//IoT developers can improve IoT privacy//**:+There are many real issues with IoT privacyand all of them must be in detailed explored, but here are general ways  **IoT developers can improve IoT privacy**((https://www.networkworld.com/article/3221474/internet-of-things/30-ways-to-improve-iot-privacy.html)).
  
-__Minimize data acquisition__ +**Minimize data acquisition**: 
-Software architects should look at the frequency and type of data collected in the context of the application and should not collect more data than the task requires. The platform should control which data an application receives.+software architects should look at the frequency and type of data collected in the context of the application and should not collect more data than the task requires. The platform should control which data an application receives.
  
-__Minimize the number of data sources__ +**Minimize the number of data sources**: 
-Aggregation of data from multiple sources allows malicious parties to identify sensitive personal information of an individual that could lead to privacy violations.+aggregation of data from multiple sources allows malicious parties to identify sensitive personal information of an individual that could lead to privacy violations.
  
-__Minimize raw data intake__ +**Minimize raw data intake**: 
-Raw data could lead to secondary usage and privacy violation. Therefore, IoT platforms should consider converting or transforming raw data into secondary context data.+raw data could lead to secondary usage and privacy violation. Therefore, IoT platforms should consider converting or transforming raw data into secondary context data.
  
-__Minimize knowledge discovery__+**Minimize knowledge discovery**:
 IoT applications should discover only the knowledge necessary to achieve their primary objectives. For example, if the objective is to recommend food plans, the app should not attempt to infer users’ health status without their explicit permission. IoT applications should discover only the knowledge necessary to achieve their primary objectives. For example, if the objective is to recommend food plans, the app should not attempt to infer users’ health status without their explicit permission.
  
-__Minimize data storage__ +**Minimize data storage**: 
-Raw data should be deleted once secondary context is derived.+raw data should be deleted once secondary context is derived.
  
-__Minimize the data retention period__ +**Minimize the data retention period**: 
-Longer retention periods give malicious parties more time to breach and exfiltrate data. +more extended retention periods give malicious parties more time to breach and exfiltrate data. 
  
-__Support hidden data routing__ +**Support hidden data routing**: 
-To make it more difficult for internet activities to be traced back to the users, this guideline suggests that IoT applications should support and employ an anonymous routing mechanism.+to make it more difficult for internet activities to be traced back to the users, this guideline suggests that IoT applications should support and employ an unknown routing mechanism.
  
-__Anonymize data__ +**Anonymize data**: 
-Remove personally identifiable information (PII) before the data gets used by IoT applications so that the people described by the data remain anonymous.+remove personally identifiable information (PII) before the data gets used by IoT applications so that the people described by the data remain anonymous.
  
-__Encrypt data communications__ +**Encrypt data communications**: 
-Typically, device-to-device communications are encrypted at the link layer using special electronic hardware included in the radio modules. Gateway-to-cloud communication is typically secured through HTTPS using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).+typically, device-to-device communications are encrypted at the link layer using specialised electronic hardware included in the radio modules. Gateway-to-cloud communication is generally secured through HTTPS using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
  
-__Encrypt data during processing__ +**Encrypt data during processing**: 
-Sometimes the party processing the data should not be able to read the data or the computational results. Process data while they are in encrypted form. For example, homomorphic encryption is a form of encryption that allows computations to be carried out on cipher-text, thus generating an encrypted result that, when decrypted, matches the result of operations performed on the plain-text.+sometimes the party processing the data should not be able to read the data or the computational results. Process data while they are in encrypted form. For example, homomorphic encryption is a form of encryption that allows computations to be carried out on cypher-text, thus generating an encrypted result that, when decrypted, matches the result of operations performed on the plain-text.
  
-__Encrypt data in storage__ +**Encrypt data in storage**: 
-Encrypted data storage reduces any privacy violations due to malicious attacks and unauthorized access.+encrypted data storage reduces any privacy violations due to malicious attacks and unauthorised access.
  
-__Reduce data granularity__ +**Reduce data granularity**: 
-IoT applications should request the minimum level of granularity that is required to perform their primary tasks. A higher level of granularity could lead to secondary data usage and eventually privacy violations. For example, location can be coarse-based on cell tower location or fine-based on address.+IoT applications should request the minimum level of granularity that is required to perform their primary tasks. A higher level of granularity could lead to secondary data usage and eventuallyprivacy violations. For example, location can be coarsebased on cell tower location or finebased on the address.
  
-__Query answering__ +**Query answering**: 
-Raw data can lead to identification and privacy violations due to secondary usage. Instead of providing a numeric response to a query a relative scale, e.q. 1 5 should be used.+raw data can lead to identification and privacy violations due to secondary usage. Instead of providing a numeric response to a query a relative scale, e.q. 15 should be used. 
  
-__Block repeated queries__ +**Block repeated queries:** 
-Query responses should block multiple queries that maliciously could discover knowledge that violates user privacy, such as analyzing intersections of multiple results.+query responses should block multiple queries that maliciously could discover knowledge that violates user privacy, such as analysing intersections of multiple results.
  
-__Distribute data processing__ +**Distribute data processing**: 
-Distributed data processing avoids centralized large-scale data gathering and exfiltration.+distributed data processing avoids centralized large-scale data gathering and exfiltration.
  
-__Distribute data storage__ +**Distribute data storage**: 
-Distributed data storage reduces any privacy violation due to malicious attacks and unauthorized access. It also reduces privacy risks due to unconsented secondary knowledge discovery.+distributed data storage reduces any privacy violation due to malicious attacks and unauthorised access. It also lowers privacy risks due to unconsented secondary knowledge discovery.
  
-__Knowledge discovery based on aggregated data__  +**Knowledge discovery based on aggregated data**:  
-New knowledge, such as the visitors to the park were young students during a time period, is sufficient for a gift shop to perform time series sales analysis. But the exact timing of their movement is not necessary.+new knowledge, such as the visitors to the park were young students during a time period, is sufficient for a gift shop to perform time series sales analysis. But the exact timing of their movement is not necessary.
  
-__Aggregate geography-based data__ +**Aggregate geography-based data**: 
-Geographic data should be aggregated within boundaries. For example, how many electric vehicles are in use in each city should not store details about individual vehicles.+geographic data should be aggregated within boundaries. For example, how many electric vehicles are in use in each city should not store details about individual vehicles.
  
-__Aggregate data based on time period__ +**Aggregate data based on the time period**: 
-Energy consumption of a given house can be acquired and represented in aggregated form as 160 kWh per month instead of gathering energy consumption daily or hourly.+energy consumption of a given house can be acquired and represented in aggregated form as 160 kWh per month instead of gathering energy consumption daily or hourly.
  
-__Aggregate data based on category__ +**Aggregate data based on category**: 
-Aggregating based on a category that meets the needs of the analysis rather than exact data prevents secondary use. For example, categorizing a household’s energy use in the range of 150 200 kWh instead of exact usage.+aggregating based on a category that meets the needs of the analysis rather than exact data prevents secondary use. For example, categorising a household’s energy use in the range of 150200 kWh instead of specific usage.
  
-__Disclose information to users__ +**Disclose information to users**: 
-Data subjects should be adequately informed whenever data they own is acquired, processed or disseminated.+data subjects should be adequately informed whenever data they own is acquired, processed or disseminated.
  
-__Apply controls__ +**Apply controls**: 
-It is the software architects’ responsibility to consider what kind of controls are useful to data owners, especially when data owners are not knowledgeable. Some of the considerations: 1) data granularity2) anonymization technique3) data retention period, and 4) data dissemination.+it is the software architects’ responsibility to consider what kind of controls are useful to data owners, especially when data owners are not knowledgeable. Some of the considerations:  
 +1) data granularity2) anonymisation technique3) data retention period4) data dissemination.
  
-__Log events__ +**Log events**: 
-Logging of events during all phases will allow both internal and external parties to examine what happened in the past to make sure a given system performed as promised.+logging of activities during all phases will allow both internal and external parties to examine what happened in the past to make sure a given system performed as promised.
  
-__Perform audits regularly__ +**Perform regularly audits**: 
-Systematic independent audits and examination of the logs, procedures, processes, hardware and software specifications should be performed regularlyOutside parties should by bound by non-disclosure agreements.+regular, independent audits and examination of the logs, procedures, processes, hardware and software specifications should periodically be performed. Non-disclosure agreements should bind outside parties.
  
-__Make apps open source__ +**Make apps open source**: 
-Wherever possible IoT applications should be made available under open-source license so that outside parties can review the code and compliance demonstrated.+wherever possible IoT applications should be made available under an open-source license so that outside parties can review the code and compliance demonstrated.
  
-__Use data flow diagrams__ +**Use data flow diagrams**: 
-Data flow diagrams used by unified modeling language will allow interested parties to understand the data flows of a given IoT application and how data is treated for a demonstration of compliance.+data flow diagrams used by unified modelling language will allow interested parties to understand the data streams of a given IoT application and how data is treated for a demonstration of compliance.
  
-__Get IoT apps certified__ +**Get IoT apps certified**: 
-Certifications given by a neutral authority will add trustworthiness to IoT applications+certifications given by a neutral authority will add trustworthiness to IoT applications.
- +
-__Use industry standards__ +
-Industry-wide standards such as AllJoyn and the All Seen Alliance typically inherit security measures that would reduce some privacy risks. +
- +
-__Comply with policies and regulations__ +
-Adherence to policies, laws, and regulations such as ISO 29100, OECD privacy principles and the European Commission’s rules on the protection of personal data will reduce privacy risks.+
  
 +**Use industry standards**:
 +industry-wide standards such as AllJoyn and the All Seen Alliance typically inherit security measures that would reduce some privacy risks.
  
 +**Comply with policies and regulations**:
 +adherence to policies, laws, and regulations such as ISO 29100, OECD privacy principles and the European Commission’s rules on the protection of personal data will reduce privacy risks.
  
en/iot-open/security_and_privacy_in_iot_ume/iot_privacy.1508946110.txt.gz · Last modified: (external edit)
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0