Abstract
In today’s highly connected cyber-physical environments, users are becoming more and more concerned about their privacy and ask for more involvement in the control of their data. However, achieving effective involvement of users requires improving their privacy decision-making. This can be achieved by: (i) raising their awareness regarding the direct and indirect privacy risks they accept to take when sharing data with consumers; (ii) helping them in optimizing their privacy protection decisions to meet their privacy requirements while maximizing data utility. In this article, we address the second goal by proposing a user-centric multi-objective approach for context-aware privacy management in connected environments, denoted δ-Risk. Our approach features a new privacy risk quantification model to dynamically calculate and select the best protection strategies for the user based on her preferences and contexts. Computed strategies are optimal in that they seek to closely satisfy user requirements and preferences while maximizing data utility and minimizing the cost of protection. We implemented our proposed approach and evaluated its performance and effectiveness in various scenarios. The results show that δ-Risk delivers scalability and low-complexity in time and space. Besides, it handles privacy reasoning in real-time, making it able to support the user in various contexts, including ephemeral ones. It also provides the user with at least one best strategy per context.
- Betsy George, James M. Kang, and Shashi Shekhar. 2009. Spatio-temporal sensor graphs (stsg): A data model for the discovery of spatio-temporal patterns. Intell. Data Anal. 13, 3 (2009), 457–475. Google Scholar
Digital Library
- Karam Bou Chaaya, Mahmoud Barhamgi, Richard Chbeir, Philippe Arnould, and Djamal Benslimane. 2019. Context-aware system for dynamic privacy risk inference: Application to smart IoT environments. Future Gen. Comput. Syst. 101 (2019), 1096–1111.Google Scholar
Cross Ref
- Mikhail A. Lisovich, Deirdre K. Mulligan, and Stephen B. Wicker. 2010. Inferring personal information from demand-response systems. IEEE Secur. Privacy 8, 1 (2010), 11–20. Google Scholar
Digital Library
- Nicholas Vollmer. 2018. Table of contents EU General Data Protection Regulation (EU-GDPR). https://www.privacy-regulation.eu/en/.Google Scholar
- State of California Department of Justice. 2018. California Consumer Privacy Act (CCPA). https://oag.ca.gov/privacy/ccpa.Google Scholar
- C. Castelluccia, M. Cunche, D. Le Metayer, and V. Morel. 2018. Enhancing transparency and consent in the IoT. In Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroSPW’18). 116–119. DOI:http://dx.doi.org/10.1109/EuroSPW.2018.00023Google Scholar
- I. D. Addo, S. I. Ahamed, S. S. Yau, and A. Buduru. 2014. A reference architecture for improving security and privacy in Internet of Things applications. In Proceedings of the IEEE International Conference on Mobile Services. 108–115. DOI:http://dx.doi.org/10.1109/MobServ.2014.24 Google Scholar
Digital Library
- Santosh Kumar, Sanjay Kumar Singh, Amit Kumar Singh, Shrikant Tiwari, and Ravi Shankar Singh. 2018. Privacy preserving security using biometrics in cloud computing. Multimedia Tools Appl. 77, 9 (2018), 11017–11039. Google Scholar
Digital Library
- David W. Chadwick and Kaniz Fatema. 2012. A privacy preserving authorisation system for the cloud. J. Comput. Syst. Sci. 78, 5 (2012), 1359–1373. Google Scholar
Digital Library
- Akber Datoo. 2018. Data in the post-GDPR world. Computer Fraud and Security 9 (2018), 17–18.Google Scholar
Cross Ref
- Tim Collins. 2018. Marketing firm exactis leaks 340 million files containing private data. Mail Online (2018). https://www.dailymail.co.uk/sciencetech/article-5900071/Marketing-firm-Exactis-leaks-340-million-files-containing-private-data.html.Google Scholar
- Mahmoud Barhamgi, Charith Perera, Chirine Ghedira, and Djamal Benslimane. 2018. User-centric privacy engineering for the Internet of Things. IEEE Cloud Comput. 5, 5 (2018), 47–57.Google Scholar
Cross Ref
- Victoria Y. Pillitteri and Tanya L. Brewer. 2014. Guidelines for Smart Grid Cybersecurity. Technical Report NISTIR 7628 Revision 1. National Institute of Standards and Technology. DOI:http://dx.doi.org/10.6028/NIST.IR.7628r1Google Scholar
- Alston S. Householder. 2013. The Theory of Matrices in Numerical Analysis. Courier Corporation.Google Scholar
- D. Nagarajan, T. Tamizhi, M. Lathamaheswari, and J. Kavikumar. 2019. Traffic control management using Gauss Jordan method under neutrosophic environment. In AIP Conference Proceedings, Vol. 2112.Google Scholar
- L. Shang, S. Petiton, and M. Hugues. 2009. A new parallel paradigm for block-based Gauss-Jordan algorithm. In Proceedings of the 8th International Conference on Grid and Cooperative Computing. 193–200. Google Scholar
Digital Library
- L. M. Aouad and S. G. Petiton. 2006. Parallel basic matrix algebra on the Grid’5000 large scale distributed platform. In Proceedings of the IEEE International Conference on Cluster Computing. 1–8.Google Scholar
- Ling Shang, Zhijian Wang, Serge G. Petiton, Yuansheng Lou, and Zhizhong Liu. 2008. Large scale computing on component based framework easily adaptive to cluster and grid environments. In Proceedings of the 3rd ChinaGrid Annual Conference. IEEE, 70–77. Google Scholar
Digital Library
- Lamine M. Aouad, Serge G. Petiton, and Mitsuhisa Sato. 2005. Grid and cluster matrix computation with persistent storage and out-of-core programming. In Proceedings of the IEEE International Conference on Cluster Computing. IEEE, 1–9.Google Scholar
Cross Ref
- Mingqiang Xue, Panos Kalnis, and Hung Keng Pung. 2009. Location diversity: Enhanced privacy protection in location based services. In Proceedings of the International Symposium on Location-and Context-Awareness. Springer, 70–87. Google Scholar
Digital Library
- Alexander Chernev, Ulf Böckenholt, and Joseph Goodman. 2015. Choice overload: A conceptual review and meta-analysis. J. Consum. Psychol. 25, 2 (2015), 333–358.Google Scholar
Cross Ref
- Ann Cavoukian and Michelle Chibba. 2018. Start with privacy by design in all big data applications. In Guide to Big Data Applications. Springer, 29–48.Google Scholar
- Ann Cavoukian. 2012. Privacy by design [leading edge]. IEEE Technol. Soc. Mag. 31, 4 (2012), 18–19.Google Scholar
Cross Ref
- 2018. ISO/PC 317 Consumer Protection: Privacy by Design for Consumer Goods and Services. https://www.iso.org/committee/6935430/x/catalogue/.Google Scholar
- Ricardo Neisse, Gary Steri, Gianmarco Baldini, Elias Tragos, I. Nai Fovino, and Maarten Botterman. 2014. Dynamic context-aware scalable and trust-based IoT security, privacy framework. Internet of Things Applications: From Research and Innovation to Market Deployment, IERC Cluster Book.Google Scholar
- Everton de Matos, Ramão Tiago Tiburski, Leonardo Albernaz Amaral, and Fabiano Hessel. 2018. Providing context-aware security for IoT environments through context sharing feature. In Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’18). IEEE, 1711–1715.Google Scholar
Cross Ref
- Mehdi Gheisari, Guojun Wang, Wazir Zada Khan, and Christian Fernández-Campusano. 2019. A context-aware privacy-preserving method for IoT-based smart city using software defined networking. Comput. Secur. 87 (2019), 101470.Google Scholar
Digital Library
- Tidiane Sylla, Mohamed Aymen Chalouf, Francine Krief, and Karim Samaké. 2019. Towards a context-aware security and privacy as a service in the Internet of Things. In Proceedings of the International Conference on Information Security Theory and Practice (IFIP’19). 240–252.Google Scholar
- Vangalur Alagar, Alaa Alsaig, Olga Ormandjiva, and Kaiyu Wan. 2018. Context-based security and privacy for healthcare IoT. In Proceedings of the IEEE International Conference on Smart Internet of Things (SmartIoT). IEEE, 122–128.Google Scholar
Cross Ref
- Delphine Christin, Martin Michalak, and Matthias Hollick. 2013. Raising user awareness about privacy threats in participatory sensing applications through graphical warnings. In Proceedings of the International Conference on Advances in Mobile Computing and Multimedia. 445–454. Google Scholar
Digital Library
- Majid Hatamian and Jetzabel Serna-Olvera. 2017. Beacon alarming: Informed decision-making supporter and privacy risk analyser in smartphone applications. In Proceedings of the IEEE International Conference on Consumer Electronics. IEEE, 468–471.Google Scholar
Cross Ref
- Xuejun Zhang, Xiaolin Gui, Feng Tian, Si Yu, and Jian An. 2014. Privacy quantification model based on the Bayes conditional risk in Location-based services. Tsinghua Sci. Technol. 19, 5 (2014), 452–462.Google Scholar
- Mishtu Banerjee, Rosa Karimi Adl, Leanne Wu, and Ken Barker. 2011. Quantifying privacy violations. In Proceedings of the Workshop on Secure Data Management. Springer, 1–17. Google Scholar
Digital Library
Index Terms
δ-Risk: Toward Context-aware Multi-objective Privacy Management in Connected Environments
Recommendations
Synthesising Privacy by Design Knowledge Toward Explainable Internet of Things Application Designing in Healthcare
Privacy by Design (PbD) is the most common approach followed by software developers who aim to reduce risks within their application designs, yet it remains commonplace for developers to retain little conceptual understanding of what is meant by privacy. ...
Context-aware System for Dynamic Privacy Risk Inference
AbstractWith the rapid expansion of smart cyber–physical systems and environments, users become more and more concerned about their privacy, and ask for more involvement in the protection of their data. However, users may not be necessarily ...
Privacy in Digital Identity Systems: Models, Assessment, and User Adoption
Electronic GovernmentAbstractThe use of privacy protection measures is of particular importance for existing and upcoming users’ digital identities. Thus, the recently adopted EU Regulation on Electronic identification and trust services (eIDAS) explicitly allows the use of ...






Comments