Patrícia R. Sousa

Patrícia R. Sousa

Cybersecurity and Privacy Researcher and Developer

Privacy Preserving Middleware Platform for IoT

Published in Faculdade de Ciências da Universidade do Porto, 2021

Download paper here

Abstract:

The growing deployment of Internet of Things (IoT) technologies and the different ways sensors are connected, acquire and use personal data highlight the need for transparency, control, and tools to ensure that users’ privacy is met in increasingly complex configurations. Due to the great heterogeneity of devices and communications in these systems, users’ data becomes vulnerable and exposed. The IoT brings us a reality from a ubiquitous computational perspective, where data is shared on the Internet without users’ control. Most of the time, the information exchanged contains confidential and private data about consumers or companies. The current assurances of IoT manufacturers do not meet current and potential consumers’ growth expectations. Recent literature has highlighted some significant barriers to the growth of IoT, such as identity management, data protection technologies, data ownership, and privacy-preserving frameworks. This thesis focuses on a solution to give users control over their data. We present an architectural design and implementation of two main modules: (a) a middleware layer to control all data shared with the Internet and (b) a secure provisioning module integrated with the middleware for end-to-end authentication between devices. This thesis innovates by positioning the users as active players in their data’s control and market, behaving as data brokers for potential end-users data. We started by identifying and reviewing privacy-preserving technologies, identity management, and end-to-end solutions, focusing mainly on IoT. Unlike existing provisioning methods, this thesis proposes a solution that gives the devices an identity, eliminating the risk of impersonating attacks and allowing devices to authenticate with each other. Finally, we integrate this solution with a middleware layer that gives the users the ability to control the privacy of all their data and is independent of the device’s SDK, which can be deployed both on the home router and on the devices themselves so that it can be easily integrated into multiple use-case scenarios.

Recommended Citation: Sousa, Patrícia Raquel Vieira. “Privacy Preserving Middleware Platform for IoT.” (2021).