Abstract
With the ever-increasing number of devices, the Internet of Things facilitates the connection between the devices in the hyper-connected world. As the number of interconnected devices increases, sensitive data disclosure becomes an important issue that needs to be addressed. In order to prevent the disclosure of sensitive data, effective and feasible privacy preservation strategies are necessary. A noise-based privacy-preserving model has been proposed in this article. The components of the noise-based privacy-preserving model include Multilevel Noise Treatment for data collection; user preferences-based data classifier to classify sensitive and non-sensitive data; Noise Removal and Fuzzification Mechanism for data access and user-customized privacy preservation mechanism. Experiments have been conducted to evaluate the performance and feasibility of the proposed model. The results have been compared with existing approaches. The experimental results show an improvement in the proposed noise-based privacy-preserving model in terms of computational overhead. The comparative analysis indicates that the proposed model without the fuzzifier has around 52–77% less computational overhead than the Data access control scheme and 46–70% less computational overhead compared to the Dynamic Privacy Protection model. The proposed model with the fuzzifier has around 48–73% less computational overhead compared to the Data access control scheme and 31–63% less computational overhead compared to the Dynamic Privacy Protection model. Furthermore, the privacy analysis has been done with the relevant approaches. The results indicate that the proposed model can customize privacy as per the users’ preferences and at the same time takes less execution time which reduces the overhead on the resource constraint IoT devices.
Similar content being viewed by others
Introduction
The amalgamation of various technologies like sensor communications, cloud computing, Internet of Things (IoT), artificial intelligence, machine and deep learning plays a vital role in the smart world [1]. IoT is a prevailing technology capable of morphing human lives by providing ease and smartness in varied conventional application domains. As shown in Figs. 1, 2, and 3, IoT is a hybrid environment that is a combination of many technologies such as sensing, data storage, data analytics, and connectivity of things. Further, IoT extends the capabilities of the physical things [2].
IoT applications like smart city, smart healthcare systems, smart building, smart transport and smart environment [3], industrial, agriculture, supply chain management [4], smart retail, location-based services, etc. may deal with sensitive data such as health information, financial information [5], location footprints, Personally Identifiable Information (PII) [6], data of personal life, etc. Data deluge from billions of entities producing information is a significant threat to privacy [7] (Fig. 4).
Privacy is the right of individuals, which helps them keep their information secret and have control over their information [8]. Privacy preservation is an important aspect that must be considered in every existing logical and physical system to reduce the possibilities of privacy breaches. Ensuring Information privacy is an increasing concern for government, business, consumer, and likewise [9]. In IoT-based networks, personal information is collected from smart devices, and weak privacy measures can misuse sensitive information. If this personal information is stolen, then results can be detrimental [10].
Some of the significant privacy challenges in IoT are as follows:
-
(1)
What private data are sensed, where is this data stored, how and who uses the data? [10]
-
(2)
Automate the process of identification of sensitive and non-sensitive data.
-
(3)
How to allow users to control and manage their data, maintain user’s anonymity, and preserve the data integrity in each phase of the data’s life cycle? [5]
-
(4)
Implementation of efficient mechanism that is suitable for pervasive infrastructure and resource-constrained IoT devices [11].
Many researchers have emphasized that privacy and security are the most challenging problems in IoT because of the risk associated with leakage of the user’s private information from several IoT services [12]. Data protection by design and by default (or privacy by design) is crucial to address privacy and protection of data [13]. Users will accept IoT-based systems only if they are secure, trustworthy, and privacy is preserved [8]. Users must be equipped with tools to retain their anonymity in an IoT-based connected world [7]. Thereby, in an IoT environment, an efficient and well-planned strategy is necessary to preserve privacy. The novelties and contributions of this paper as follows:
-
(1)
A Multilevel Noise Mechanism has been proposed for data collection to ensure privacy preservation in the Internet of Things environment.
-
(2)
A user preferences-based data classifier has been proposed to classify sensitive and non-sensitive data in the Internet of Things environment.
-
(3)
Noise Removal and Fuzzification Mechanism has been proposed for data access to ensure privacy preservation in the Internet of Things environment.
The remainder of this paper is organized as follows: “Related work and motivation” describes related work and motivation. “Adversary model and design objectives” presents adversary model and design objectives. The noise-based privacy-preserving model is described in “Noise Based Privacy Preserving model”. The experiments and results are given in “Experiments and results”, and “Limitations and future scope” concludes the paper.
Related work and motivation
The consumer’s trust can be enhanced by privacy preservation in IoT, and it can be achieved by fulfilling the privacy requirements at data generation, storage, usage, and sharing [10]. Ziegeldorf et al. [14] analyzed the privacy issues, discussed the evolving features and trends in IoT, and classified privacy threats. According to the survey [15], more research needs to be done to ensure security and privacy for the IoT paradigm’s success. With the miniature power sources, small memory, limited processing capability, and incredibly resource-constrained IoT devices [16], User privacy and data protection, authentication and identity management, trust management, policy integration, authorization and access control, end-to-end security, etc. are security and privacy challenges in the IoT that need to be addressed (Tables 1 and 2).
The personal data collection and usage of these data are challenges to individual privacy in the IoT [17]. Corcoran [18] has introduced different privacy classes and outlined some ideas for improved privacy framework for IoT, such as; data should be protected at the data source. For the mitigation of heavy computation constraints due to cryptographic operations in the sensors used in medical applications, Moosavi et al. [19] proposed a Secure and Efficient Authentication and Authorization (SEA) Architecture perform authentication and authorization on behalf of the medical sensors by the distributed smart e-health gateways. SEA architecture is based on the fact that various heavy-weight security protocols and certificate validation efficiently can be handled by smart e-health gateway and the remote end-user because both have sufficient resources.
Appavoo et al. [20] proposed a privacy-preserving model to prevent service providers from revealing sensed values, sensor types, and user preferences. The proposed work can be considered as a simple form of functional encryption. A case of a semi-trusted service provider has been considered. In this work, the author represented privacy loss (Eq. 1) in the form of mutual information [21].
\(\Psi \), V, and \(\delta \) are the random variables for the set of sensors that can be utilized, the set of sensed values, and the set of outcomes for the trigger conditions, respectively. H (S, V) represents the maximum information that can be predicted for sensors and their values.
Turgut and Boloni [22] have concentrated on the value and cost of data exchange in IoT with the other types of cost. They described an exciting relationship between the value of information and the cost of privacy (customer’s benefit from Eq. 2 and business benefit from Eq. 3) for the IoT paradigm’s success. The definition of the notations used in these equations is given in Table 4.
As a notion that trust can be directly related to privacy [23], Butun [24] mapped privacy and trust relation by integrating multi-dimensional relationship of the sensitivity level of PII items, privacy, and trust (Eq. 4).
Jayaraman et al. [25] introduced privacy-preserving IoT architecture and data ingestion scheme in which produced IoT data are split into R parts, where R is the number of servers. If a \(j\text {th}\) datum produced by an IoT device is D and the number of servers is three (R=3), then it will be split into data addends, namely \(\alpha _{1j}\), \(\alpha _{2j}\) and \(\alpha _{3j}\), where
Along with privacy-preserving IoT architecture, Jayaraman et al. also proposed a privacy pre serving data access scheme based on the Paillier cryptosystem’s homomorphic properties (Tables 1, 2).
The Dynamic Privacy Protection (DPP) model [26] is designed to ensure mobile device user privacy. DPP model generates a privacy protection plan to determine the security mode for each data or data package. In this model, privacy protection levels are classified based on privacy weight. Total privacy weight \({\mathbb {P}}\) is calculated using Eq. (6). In this equation, \(N^e(D_i)\) is the number of data or data packages \((D_i)\) that use higher-level security mode, and \(N^n(D_i)\) is the number of data or data packages that use lower-level security mode. If values of binary function s(i) = 1, then encryption will be used and if s(i) = 0 then non-encryption will be used.
Many researchers have tried to address security and privacy issues in the Internet of Things. Several privacy preservation techniques for IoT have been proposed, but to the best of our knowledge, only a little research work has been carried out to ensure end-to-end privacy, i.e., privacy preservation in all the layers in the IoT ecosystem, along with implementation and detailed results analysis. Also, Many proposed privacy-preserving frameworks are based on cryptographic operations. Many of the existing frameworks have not included data classifier mechanisms and user customization-based privacy preservation. Many of the existing work on IoT privacy has not considered the trade-off between privacy and quality-of-service in the practical scenario. This paper has addressed these issues, presents a systematic flow of IoT data, and implements and analyzes the Noise-Based Privacy-Preserving model (NBPPM model). The proposed model’s novelty is that it ensures data privacy with fair efficiency at all the layers (edge layer, middleware, and application layer) of the IoT ecosystem.
Adversary model and design objectives
This section is focused on various privacy threats associated with IoT. In the adversary model, it has been assumed that an adversary is well equipped to monitor communication channels. Any malicious insider at the data storage level (such as a rogue administrator) can access sensitive and non-sensitive data, analyze data and make inferences to gain advantages. An unauthorized user can access sensitive data at the application level, and a service provider can access user data to provide services to the user.
As an example of inference threat in IoT based healthcare application, let us assume a universal set of sensors in IoT is \(X = \{s_1, s_2, s_3, \ldots s_n\}\) where n is number of sensors in the IoT based system and a universal set of location of these sensors is \(L = \{l_1, l_2, l_3, \ldots l_n\}\). A set for data produced by the sensors in set X is \(D = \{d_1, d_2, d_3, \ldots d_n\}\). If a set of different m kinds of diseases is \(Y = \{y_1, y_2, y_3, \ldots y_m\}\). An adversary well equipped with tools and malicious intention can draw fruitful inferences by employing following inference rules in the inference attack:
where \(a_1, \ldots a_n\), \(b_1,\ldots b_n\), \(c_1, \ldots c_n\) and \(k_1, \ldots k_n\) are constants used to form specific ranges for the derivation of a useful inference rule. For example, through the above inference rules, an eavesdropper can infer patient disease, which may be private information for the patient, and through location set L, linkage-based attack can be performed, i.e., \(\{(d_1, l_1), (d_2, l_2), (d_3, l_3),\ldots (d_n, l_n)\}\). It can result in physical, mental, economic, and social exploitation of the victim.
Security and privacy threats in IoT
An overview of the major security and privacy threats [14, 38,39,40] in the IoT environment is mentioned in Table 3.
Problem definition and design objectives
The critical research problem is defined as developing a systematic model to ensure end-to-end privacy against various threats for resource-constrained IoT environments. As the components of IoT such as sensors, actuators, etc. have limited computing capabilities and are not suitable for performing complex computing operations [33], our objective was to plan and develop a model against privacy threats and incorporate privacy preservation characteristics such as to safeguard sensitive information, data access control, query privacy, and user-based privacy customization. Along with privacy preservation, our main objective was to reduce the computational overhead for resource-constrained IoT environments.
Noise based privacy preserving model
This section presents the proposed noise-based privacy-preserving model. The methodology with the structural diagram and detailed functioning of all modules involved in the NBPPM model have been described.
Overview
Let us assume a typical IoT environment consists of IoT devices, middleware, data storage, and user devices with apps that consume service providers’ services. The components of the NBPPM model are shown in Fig. 5. Data produced from a source device must be protected in-transit, in-process, and at rest from an intruder that may exist between a source device and a legitimate user device. This goal is achieved in the proposed NBPPM model by incorporating noise while data move from the data source to data storage and denoising the noise at the user device. The proposed model also incorporates the fuzzification mechanism for privacy customization. Thus, the proposed NBPPM uses twofold privacy preservation using noise and fuzzification.
Methodology
The proposed NBPPM model’s fundamental modules are the data classification module, multilevel noise treatment module, and noise removal and fuzzification module. In this subsection, each module has been described comprehensively. The overall layout of the proposed model is shown in Fig. 6.
As shown in the proposed methodology’s flowchart (Fig. 7), level 1 noise is added to all types of data (i.e., sensitive and non-sensitive data). After the level 1 noise addition, data splitting is performed on each data. A data classifier synchronized with the user customization setting performs data classification according to the user preferences. If the data attribute is sensitive, then data addends proceed for level 2 and level 3 noise addition. If the data attribute is non-sensitive, then data addends proceed for level 3 noise addition (Algorithm 1). All of these noised data addends are stored in the data repository (i.e., Cloud Storage). An authenticated user can access noised data addends using valid credentials. At the user end, data addends are de-noised using the noise removal process (Algorithm 2). Further, if a service provider requests users’ data to provide services, the service user can supply fuzzified data (based on the user privacy preferences) to the service provider (Fig. 9).
Data classification module
A data classification mechanism is a necessary step before incorporating a privacy protection mechanism. The data classification mechanism acts as a classifier to categorize data into two classes: sensitive and non-sensitive data class. One of the major issues for data classification is who and how it is decided which data attribute is sensitive and non-sensitive. The data owner is the best entity that can decide the sensitivity of his/her data for an IoT environment. In our proposed data classification mechanism, a data owner can customize his/her data privacy by setting attribute sensitivity to sensitive and non-sensitive mode at the application level, and from the application level, it will be synchronized with the data classifier module. Depending upon the sensitivity of the data, it is treated to multiple levels of noise. Further, at this point, an alternative policy can also be adopted for the data classification by considering an application-specific scenario, i.e., an IoT environment in which some of the data owners cannot judge data sensitivity correctly or may not have any knowledge about the data sensitivity. In this case, a predefined data sensitivity can be added. This predefined data sensitivity can be decided according to specific IoT applications and the General Data Protection Rules and Regulations of the particular country. For instance, in the IoT healthcare system, blood glucose level, heart rate, respiration rate, blood pressure, body temperature can be put in the sensitive category of data, and room temperature and humidity can be considered under the non-sensitive data category. A hybrid policy can also be deployed, combining predefined data classification and user-defined privacy preferences. Therefore, a user can change predefined settings according to his/her personal privacy preferences in the IoT ecosystem.
Multilevel noise treatment
In the multilevel noise treatment module of the NBPPM model, noise acts as a private key for the user. A random number generation algorithm is used to generate and divide noise into sub-noises. Let P be the generated noise; then P will be divided into three sub-noises \(P_1\), \(P_2\), and \(P_3\) through a random number generation algorithm at the user end. Each sub-noise \(P_1\), \(P_2\), and \(P_3\) is privately shared with the Data-Source, middleware, and data storage server, respectively.
Data splitting and multilevel noise treatment are two critical steps of the NBPPM model, as shown in Fig. 7. Each datum sensed D in the IoT environment is treated with sub-noise \(P_1\) at level 1 from an operator, picked out from the operator table for the sensed data of particular attribute type \(F_i\) (Table 5). Operator selection for level 1 sub-noise is based on modulo operation with the Data Identifier, i.e., from \(Q\text {th}\) position, where N=9 for Table 5. After the treatment of level 1 noise, resultant data is split into three data addends, namely X, Y, and Z. Data classifier module checks data addends X, Y, and Z for sensitivity. If these data addends are part of a sensitive attribute type data, then each of the data addends will be treated with level 2 and level 3 sub-noises. If the data addends are parts of a non-sensitive attribute, then each data addend will pass through level 3 sub-noise treatments only. For instance, as shown in Fig. 7, the sensed data D are treated with noise \(P_1\) at level 1, and then resultant data are split into three data addend, namely \({(X, Y, Z)_{F_i}}\). Then data classifier checks the sensitivity of attribute type \(F_i\). If the \(F_i\) is sensitive attribute type, then \({(X, Y, Z)_{F_i}}\) will be treated with noise \(P_2\) and \(P_3\) resulting into \({(A, B, C)_{F_i}}\) and \({(K, L, M)_{F_i}}\), respectively. If \(F_i\) is non-sensitive, then \({(X, Y, Z)_{F_i}}\) will be treated with noise \(P_3\) resulting into \({(K', L', M')_{F_i}}\). Both \({(K, L, M)_{F_i}}\) and \({(K', L', M')_{F_i}}\) are stored in the long-term storage or the cloud (Fig. 8).
Noise removal and fuzzification
Noise removal at the user device is a reverse mechanism of the Multilevel Noise treatment mechanism. In an IoT environment, the user requests a service from the service provider. In order to provide the service, user data are requested from the service provider. As shown in Fig. 9, the user accesses the requested data from long-term data storage through valid user credentials. In the proposed NBPPM model, the authentication mechanism is incorporated to verify user validity through username and password. A valid user can access noisy data through a secure channel, and then the noise removal process is initiated through sub-keys, which act as the private key for the user. The process of Noise removal and fuzzification is shown in Algorithm 2.
Privacy is ensured through the fuzzification process when data are transferred between the user and the service provider. A sub-module, termed as privacy manager shown in Fig. 9, plays a vital role in user privacy customization. A fuzzifier sub-module is synchronized with user privacy preferences. A user can set his/her privacy preferences for a particular service, and accordingly, the fuzzifier decides the quality for data to be sent to access a service.
A comprehensive overview of the functioning of the fuzzifier is as follows. As already defined, a universal set X over sensor domain as \(X = \{s_1, s_2, s_3, \ldots s_n\}\). A user can set the sensitivity level for the data attribute of a sensor node (\(s_i\)) that senses the specific parameter value. Two fuzzy sets \({\tilde{A}}\) and \({\tilde{\lambda }}\) are defined as follows:
Membership function of \({\tilde{A}}\) and \({\tilde{\lambda }}\) are \(\mu _{{\tilde{A}}}\) and \(\mu _{{\tilde{\lambda }}}\), respectively, where \(\mu _{{\tilde{A}}}\) \(\in \) [0, 1] and \(\mu _{{\tilde{\lambda }}}\) \(\in \) [0, 1]. Value of the membership function \(\mu _{{\tilde{A}}}\) may be provided through an interface for the user. Value of \(\mu _{{\tilde{A}}}\) indicates the level of the data sensitivity. Value of \(\mu _{{\tilde{\lambda }}}\) indicates about the level of obfuscation. Membership value of the \(\mu _{{\tilde{\lambda }}}\) will be decided through the value of \(\mu _{{\tilde{A}}}\). i.e., \(\mu _{{\tilde{\lambda }}}\) depends on \(\mu _{{\tilde{A}}}\) and an illustrative example of the relationship between \(\mu _{{\tilde{A}}}\) and \(\mu _{{\tilde{\lambda }}}\) may be as follows (Eq. 7 and Table 6):
where x \(\in \) X and \(c_1\) and \(c_2\) can be fixed within a range and used to add the required quantity of the noise.
Experiments and results
The Noise-Based Privacy-Preserving Model has been presented comprehensively in “Noise Based Privacy Preserving Model”. This section presents the experimental setup, findings of the experiment, performance evaluation, security, and privacy analysis to show how privacy can be protected through the proposed model.
Experimental configurations
The proposed multilevel noise function mechanism, data classification mechanism, and noise removal and fuzzification mechanism are implemented in NetBeans IDE 8.2 [45] for Java. SQLite version 3.21.0 [46] as a backend and SQLiteStudio 3.1.1 [47] is used to manage SQLite database. Proposed mechanisms are executed on the two different types of datasets. The first dataset is Activity Recognition from a Single Chest-Mounted Accelerometer [48] dataset. This dataset is collected from a wearable accelerometer mounted on the chest. Accelerometer data are collected from 15 participants performing 7 activities. The sampling frequency of the accelerometer was 52 Hz. Each record in a file contains a sequential number, x acceleration (attribute \(F_1\)), y acceleration (attribute \(F_2\)), z acceleration (attribute \(F_3\)), and label for activity attributes. The second dataset is collected from the activity tracker, a hand-wearable device, and contains three-axis Accelerometer, Detached PPG Cardio Tachometer, Infrared Wear Sensor. This activity tracker can continuously track Heart Rate, Steps, Distance, and Calories Burned parameters. It is assumed that data collected from a wearable accelerometer mounted on the chest and activity tracker device are sensitive for the user. Different results for various cases are recorded for findings and performance analysis. Initial simulation input parameters for the model are IoT parameter (D), Data Identifier (\(D_{ID}\)), Timestamp (T), Attribute Type (\(F_i\)), Total operators in a row in the operator table (N).
Results and discussion
The execution time is the time to access all the contents of a sample dataset. As shown in Eq. 8, the average execution time is the average of the total time to access the \(N_c\) number of contents of a specific attribute \(F_i\). \((t_j)_{F_i}\) is the execution time to access \(j\text {th}\) content of \(F_i\) attribute type.
A sample from the activity tracker dataset has been taken and calculated the execution time. Figure 12 shows the comparative execution time of the noise removal without fuzzification and with the fuzzification mechanism in the proposed model. It can be observed from the figure that noise removal with the fuzzification mechanism requires more execution time than noise removal without fuzzification. The sample sizes of 1000–5000 records (data points) have been taken from the Single Chest-Mounted Accelerometer dataset and calculated the average data execution time. The snapshots of the different data are shown in Figs. 10 and 11. Figure 13 presents the comparative average execution time of the noise removal without fuzzification and with the fuzzification mechanism in the proposed model for each data attribute \(F_1\), \(F_2\), and \(F_3\). A sample of the data before and after the noise treatment is shown in Table 7, and a sample of the data without fuzzification and with the fuzzification after the noise removal is shown in Table 8. As shown in Table 8, all the data of a specific attribute type are treated with a fixed amount of noise. It gives a fixed amount of difference with all data of a particular attribute type, but it is not necessary to treat data with the fixed amount of noise. Every data of the particular attribute type may be treated with different random noises, and the resultant varying difference may enhance privacy.
Figure 14 presents the findings of the comparative average execution time of the noise removal without fuzzification in the proposed model, and data access control scheme [25] for each data attribute \(F_1\), \(F_2\), and \(F_3\) of the Single Chest-Mounted Accelerometer dataset. Figure 15 presents the findings of the comparative average execution time of the noise removal with fuzzification in the proposed model and data access control scheme [25] for each data attribute \(F_1\), \(F_2\), and \(F_3\) of the Single Chest-Mounted Accelerometer dataset. It is clear from both of these figures that our proposed noise removal mechanism requires less execution time than the data access control scheme [25].
The findings presented in Fig. 16 are the comparative execution time of the noise removal without fuzzification in the proposed model, data access control scheme [25] and data access time of the DPP model [26]. Next, Fig. 17 presents the comparative execution time of the noise removal with fuzzification in the proposed model; data access control scheme [25] and data access time of the DPP model [26].
Algorithmic behavior and performance evaluation
IoT components, such as sensors, actuators, etc., have limited computing capabilities and are not suitable for performing complex computing operations. The comparative analysis shown in Table 9 indicates that the proposed model without fuzzifier has around 52–77% and 46–70% less computational overhead than the data access controls scheme and DPP model, respectively. The proposed model with the fuzzifier has around 48–73% and 31–63% less computational overhead than the data access controls scheme and DPP model, respectively. As the critical research problem to develop a systematic model to ensure end-to-end privacy against various threats for resource-constrained IoT environments and the main objective of the proposed NBPPM model, this analysis of the computational overhead for resource-constrained IoT environments shows the efficiency of the NBPPM model.
As an IoT environment deals with a massive amount of data, it is crucial to consider computational time for performance measurement. The integrated multi-dimensional relationship of sensitivity levels of personally identifiable information items, privacy, and trust (Eq. (4)) allowed the author to devise Eq. (9). It is believed that the efficiency of a privacy-preserving algorithm increases as there is a decrement in the computational time (\(\omega \)) of that algorithm, and trust value will increase with the increment in the effectiveness of the privacy-preserving algorithm. In terms of computational time, Noise Removal and Fuzzification Mechanism’s efficacy can be seen in the comparative analysis with the given existing mechanism. In particular, the findings presented show that computational time is less in our noise removal mechanism compare to the encryption-based mechanisms. A privacy customization feature has been incorporated for the user, and comparative analysis with this feature also shows better performance. The experimental results presented in “Results and discussion” validate the feasibility and applicability of the novel NBPPM model for privacy preservation in the real-world and resource constraint environment of the internet of things.
Security and privacy analysis
The proposed NBPPM model ensures security and privacy through Multilevel Noise Treatment and Fuzzification. The privacy of the data is ensured by adding noise. The noise is sub-divided into three sub-keys as described in “Multilevel noise treatment”. Sub-noise \(P_1\), \(P_2\) and \(P_3\) is privately shared with the Data-Source, middleware and data storage server, respectively. The proposed Multilevel Noise Treatment Mechanism stores sensed IoT parameter D as noisy data addends. At the data-source, every sensed parameter is converted into noisy data and then split into meaningless noisy data addends, so it is difficult to know original data without the sub-key \(P_1\) and the operator used to treat the source data with the noise \(P_1\). Further, in the proposed model, a user-customized data classifier is employed to protect sensitive data with a higher level of privacy preservation. At middleware, complexity increases for an eavesdropper to know the original sensed parameter due to the requirement of sub-noise \(P_1\), \(P_2\) and the operators used to treat the source data with the noise \(P_1\) and \(P_2\). At long-term data storage (such as cloud), it is extremely complex due to the requirement of all three sub-noises and operators used to treat the source data with the noise \(P_1\), \(P_2\) and \(P_3\). A comprehensive status of an instance of data at different levels within the NBPPM model, i.e., data before and after privacy preservation, is shown in Table 10.
Furthermore, an attacker could use vulnerabilities such as a weak credential mechanism to gain access to the data. If a user requests data through sending a data request for IoT parameter (D) (containing data field identifier (\(F_i\)), timestamp, and unique username); the authentication mechanism is used in our proposed model to authenticate the user, and thereby the non-legitimate user cannot access the sensitive data. An access control list (ACL) maintains for usernames and their credentials. Even if, at this level, an eavesdropper succeeds in accessing noisy data addend, then privacy will still be preserved since noisy data addends are meaningless. After the successful authentication, only a legitimate user will be able to access noisy data addends. Our proposed Noise Removal and Fuzzification Mechanism also provides flexible and dynamic ways to preserve privacy through the privacy manager module. A user can customize his/her sensitive attributes and level of the sensitivity of their data. Based on the privacy customization, a user-specific privacy preservation environment will be created by the fuzzifier module. A comparative analysis of different frameworks for privacy preservation in IoT is presented in Table 11.
Applicability in real life applications
The proposed NBPPM model can be used in all real-life IoT applications, especially in the application domains where data sensitivity is high. This subsection illustrates a real-life example of the NBPPM model in the IoT-based healthcare system. A typical IoT-based healthcare system involves patient (s), doctors (s), hospital (s), and IoT-based service (s). In this IoT ecosystem, a patient is the user of the IoT-based healthcare system. A patient can be equipped with sensors (that sense the patient’s health parameters), and with a mobile app, a patient can be enabled to use IoT-based healthcare services. Doctor and hospital act as a service provider. A hospital may use third-party services like cloud services to store a massive amount of the produced IoT data. In this scenario, patient’s data are sensitive because of the sensing of health-related parameters. The sensitivity of these health-related parameters may vary from patient to patient, i.e., some patients may want to keep their data private because, for them, sensed health parameters are highly sensitive and for some patients, sensed health parameters are less sensitive. In this situation, the proposed NBPPM model may play a significant role in preserving privacy. An NBPPM model-based IoT healthcare system; preserves user privacy at different levels of the IoT ecosystem, as described in “Security and privacy analysis”.
Limitations and future scope
Several different modifications, experiments, and analyses have been left for the future due to the study’s broad research scope. Future work may focus on in-depth analysis of the particular mechanisms with new proposals to try different enhanced strategies. The following subsection emphasizes the potential future scope for improvement and research directions.
Applicability and scope of the proposed solution with emerging domains
Evolutionary computations, i.e., Genetic Algorithms (GA) based obfuscation mechanism, could be applied in the proposed models. Crossover and Mutation phases can play a significant role in suppressing sensitive information in the IoT ecosystem, and managing the mutation phase to regenerate information can be a challenging step. Still, it will be interesting to develop and analyses the behavior of these kinds of optimization techniques.
Machine Learning has the potential for real-time automation, intelligent processing, and analysis of the high volume of data. The data classification mechanism of the proposed Noise-Based Privacy-Preserving Model can exploit this predictive-power of Machine Learning. This predictive-power may assist in identifying sensitive information in the IoT ecosystem and will reduce human intervention. In the future, Machine Learning-based mechanisms may be incorporated in the proposed model and analyze behavior.
Accountability is an important feature that can enhance every privacy preservation mechanism by rendering control over sensitive personal information. A procedure that keeps the history of all logs (such as a chain of all paths where sensitive data are traveled and the details of the data accessing entity) can be incorporated with the proposed models but will increase computational and space overhead. A future study can be conducted to incorporate this aspect.
There is a tradeoff between Quality of Service (QoS) provided to the user and users’ data consumed by the service provider. In the Noise-Based Privacy-Preserving Model, a sub-module (Privacy Manager) plays a crucial role in customizing user privacy, and privacy is ensured through the fuzzification process when it is transferred between the user and the service provider. Here is the scope to further optimize the membership function for the specific application and case study.
Along with the study’s future scope, the following are emerging domains where proposed solutions can be employed:
Edge computing and fog computing
As edge computing and fog computing, both paradigms move the computational capabilities closer to the data source, and these computing technologies may move data intelligence and data analytics near the IoT ecosystem’s data sources. In future work, such approaches may be adopted in our proposed privacy-preserving model to distribute trust with the enhanced privacy protection in the IoT ecosystem.
It will be interesting to develop and study the architectural integration of edge and fog computing in the privacy-preserving IoT ecosystem, privacy-preserving edge and fog data processing, and management of edge and fog nodes in the frameworks.
Blockchain
An adversary can infer significant information about the users from blockchain-based IoT networks. These systems need specific privacy-protection plans to preserve personal and device privacy. A critical perspective that causes privacy leakage in the blockchain network is address reuse. Public addresses of blockchain users are open to anyone in the network, and an adversary can easily access these addresses through internet access. A perfect anonymous transaction in the blockchain is unlikely without any particular privacy-preservation plan. Also, linking attacks can be performed over distributed ledger that contains a copy of transactions [49]. The proposed model can be applied to preserve privacy in this scenario, and it is further a future scope of the study for these use cases.
Fifth Generation technology
The lately emerging Fifth Generation (5G) technology is expected to transform every area of life by connecting everything, everywhere, by employing IoT devices. However, massively interconnected devices and high-speed data communication will bring the challenge of privacy and energy insufficiency. 5G industries and organizations require privacy-preservation for their endurance and competency. Moreover, billions of devices supposed to communicate using the 5G network will spend a considerable amount of energy while confined energy-resources. Hence, energy-optimization is a future challenge confronted by 5G industries that need to be addressed [50]. In this case, our proposed privacy-preserving model can be integrated with 5G technology, and it will be interesting to study improved privacy with the energy resource optimization in this specific use case.
Autonomous vehicles
The emergence of complex cyber-physical systems (CPS) such as an autonomous vehicle is equipped with different sensors and intelligent logic to provide advanced auxiliary services. Due to their sensor and inboard intelligence, such vehicles gather, analyze, and capitalize upon an unprecedented quantity of fine-grained data and cooperate in real-time with various stakeholders. However, such valuable data can significantly impact data-driven economies of scale, which raises questions concerning privacy and integrity-dependent situations [51]. Our proposed study’s future scope is the measurement of real-time performance with autonomous vehicles and should cover a study of the level of the balance between privacy preservation and quality of service in this specific use case.
Conclusion
The NBPPM model has been presented to address critical issues of privacy preservation in the IoT ecosystem. The proposed model ensures end-to-end privacy preservation in the IoT environment. The NBPPM is a robust and flexible model that ensures privacy preservation according to the user’s preferences. The performance of the proposed NBPPM model has been evaluated in terms of computation overheads. Our experimental results show that the computational cost in NBPPM is reasonably less in the practical scenarios. In this article, the feasibility of the proposed model has been demonstrated for the IoT’s resource-constrained environment. An exciting future work of the NBPPM model may be incorporating accountability procedures at the appropriate levels to enhance control over personal information in the IoT environment. The outcomes of this work may have a significant effect on IoT-based industries.
References
Solanki A, Nayyar A (2019) Green internet of things (g-IoT): Ict technologies, principles, applications, projects, and challenges. In: Handbook of research on big data and the IoT, IGI Global. pp 379–405
Virkki J, Chen L (2013) Personal perspectives: individual privacy in the IoT. Adv Internet Things 3(02):21
Krishnamurthi R, Kumar A, Gopinathan D, Nayyar A, Qureshi B (2020) An overview of IoT sensor data processing, fusion, and analysis techniques. Sensors 20(21):6076
Jain SK, Kesswani N (2019) Smart judiciary system: a smart dust based IoT application. In: International conference on emerging technologies in computer engineering. Springer, pp 128–140
Perera C, Ranjan R, Wang L, Khan SU, Zomaya AY (2015) Big data privacy in the Internet of Things era. IT Prof 17(3):32–39
Jain SK, Kesswani N (2019) Privacy threat model for IoT. In: International conference on Internet of Things and connected technologies. Springer, pp 278–293
Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Comput Netw 57(10):2266–2279
Porambage P, Ylianttila M, Schmitt C, Kumar P, Gurtov A, Vasilakos AV (2016) The quest for privacy in the Internet of Things. IEEE Cloud Comput 3(2):36–45
Smith HJ, Dinev T, Xu H (2011) Information privacy research: an interdisciplinary review. MIS Quart 35(4):989–1016
Khan WZ, Aalsalem MY, Khan MK, Arshad Q (2019) Data and privacy: Getting consumers to trust products enabled by the internet of things. IEEE Consum Electron Magaz 8(2):35–38
Ahmed AIA, Ab Hamid SH, Gani A, Khan MK et al (2019) Trust and reputation for internet of things: fundamentals, taxonomy, and open research challenges. J Netw Comput Appl 145:102409
Sen AAA, Eassa FA, Jambi K, Yamin M (2018) Preserving privacy in internet of things: a survey. Int J Inf Technol 10(2):189–200
Fabiano N (2017) Internet of things and blockchain: legal issues and privacy. the challenge for a privacy standard. In: 2017 IEEE international conference on Internet of Things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData), IEEE, pp 727–734
Ziegeldorf JH, Morchon OG, Wehrle K (2014) Privacy in the Internet of Things: threats and challenges. Secur Commun Netw 7(12):2728–2742
Abomhara M, Køien GM (2014) Security and privacy in the Internet of Things: current status and open issues. In: (2014) international conference on privacy and security in mobile systems (PRISMS). IEEE 1–8
Sennan S, Ramasubbareddy S, Luhach AK, Nayyar A, Qureshi B (2020) CT-RPL: cluster tree based routing protocol to maximize the lifetime of Internet of Things. Sensors 20(20):5858
Caron X, Bosua R, Maynard SB, Ahmad A (2016) The Internet of Things (IoT) and its impact on individual privacy: an Australian perspective. Comput Law Secur Rev 32(1):4–15
Corcoran PM (2016) A privacy framework for the internet of things. In: (2016) IEEE 3rd world forum on Internet of Things (WF-IoT). IEEE 13–18
Moosavi SR, Gia TN, Rahmani A-M, Nigussie E, Virtanen S, Isoaho J, Tenhunen H (2015) Sea: a secure and efficient authentication and authorization architecture for IoT-based healthcare using smart gateways. Procedia Comput Sci 52:452–459
Appavoo P, Chan MC, Bhojan A, Chang E-C (2016) Efficient and privacy-preserving access to sensor data for internet of things (iot) based services. In: 2016 8th International conference on communication systems and networks (COMSNETS). IEEE 1–8
Sankar L, Rajagopalan SR, Poor HV (2013) Utility-privacy tradeoffs in databases: an information-theoretic approach. IEEE Trans Inf Foren Secur 8(6):838–852
Turgut D, Boloni L (2017) Value of information and cost of privacy in the Internet of Things. IEEE Commun Mag 55(9):62–66
Daubert J, Wiesmaier A, Kikiras P (2015) A view on privacy and trust in IoT. In: 2015 IEEE international conference on communication workshop (ICCW), IEEE. pp 2665–2670
Butun I (2017) Privacy and trust relations in Internet of Things from the user point of view. In: 2017 IEEE 7th annual computing and communication workshop and conference (CCWC). IEEE 1–5
Jayaraman PP, Yang X, Yavari A, Georgakopoulos D, Yi X (2017) Privacy preserving Internet of Things: from privacy techniques to a blueprint architecture and efficient implementation. Future Gener Comput Syst 76:540–549
Gai K, Choo K-KR, Qiu M, Zhu L (2018) Privacy-preserving content-oriented wireless communication in Internet-of-Things. IEEE Internet Things J 5(4):3059–3067
Yi X, Willemson J, Nait-Abdesselam F (2013) Privacy-preserving wireless medical sensor network. In: 2013 12th IEEE international conference on trust, security and privacy in computing and communications, IEEE. pp 118–125
Liu J, Zhang C, Fang Y (2018) Epic: a differential privacy framework to defend smart homes against internet traffic analysis. IEEE Internet Things J 5(2):1206–1217
Chen Z, Tian L (2017) Privacy-preserving model of IoT based trust evaluation. IEICE Trans Inf Syst 100(2):371–374
Zhou W, Piramuthu S (2015) Information relevance model of customized privacy for IoT. J Bus Ethics 131(1):19–30
Samani A, Ghenniwa HH, Wahaishi A (2015) Privacy in Internet of Things: a model and protection framework. Procedia Comput Sci 52:606–613
Shabalala M, Tarwireyi P, Adigun M (2014) Privacy monitoring framework for enhancing transparency in cloud computing. In: 2014 IEEE 6th international conference on adaptive science and technology (ICAST). IEEE, pp 1–7
Song T, Li R, Mei B, Yu J, Xing X, Cheng X (2017) A privacy preserving communication protocol for IoT applications in smart homes. IEEE Internet Things J 4(6):1844–1852
Zhang C, Li C, Zhao Y (2015) A balance privacy-preserving data aggregation model in wireless sensor networks. Int J Distrib Sens Netw 11(6):937280
Boussada R, Elhdhili ME, Saidane LA (2017) Privacy preserving solution for Internet of Things with application to ehealth. In: 2017 IEEE/ACS 14th international conference on computer systems and applications (AICCSA). IEEE, pp 384–391
Jain SK, Kesswani N (2020) Iotp an efficient privacy preserving scheme for Internet of Things environment. Int J Inf Secur Privacy (IJISP) 14(2):116–142
Jain SK, Kesswani N, Agarwal B (2020) Security, privacy and trust: privacy preserving model for Internet of Things. Int J Intell Inf Database Syst 13(2–4):249–277
Berrehili FZ, Belmekki A (2016) Privacy preservation in the Internet of Things. In: International symposium on ubiquitous networking. Springer, pp 163–175
Liang H, Wu D, Xu J, Ma H (2015) Survey on privacy protection of android devices. In: 2015 IEEE 2nd International conference on cyber security and cloud computing. IEEE, pp 241–246
Al-Gburi A, Al-Hasnawi A, Lilien L (2018) Differentiating security from privacy in Internet of Things: a survey of selected threats and controls. In: Computer and network security essentials. Springer, pp 153–172
What personal data is considered sensitive? (2018) European commission–European commission. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_en. Accessed: 05-09-2020
Article 4(13), (14) and (15), Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1489-1-1 . Accessed: 05-09-2020
Article 9, Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e2051-1-1 . Accessed: 05-09-2020
Recitals (51) to (56) of the GDPR, Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e40-1-1. Accessed: 05-09-2020
Netbeans.org. NetBeans IDE 8.2. https://netbeans.org/downloads/8.2/. Accessed: 27-02-2019
Hipp R et. al SQLite (Version 3.8.10.2) [Computer software]. SQLite Development Team. https://www.sqlite.org/download.html. Accessed: 24-10-2017
SQLiteStudio 3.1.1. https://sqlitestudio.pl/index.rvt?act=download. Accessed: 30-11-2016
UCI machine learning repository. https://archive.ics.uci.edu/ml/datasets/Activity+Recognition+from+Single+Chest-Mounted+Accelerometer. Accessed: 15 Feb 2019
Hassan MU, Rehmani MH, Chen J (2019) Privacy preservation in blockchain based IoT systems: integration issues, prospects, challenges, and future research directions. Future Gener Comput Syst 97:512–529
Humayun M, Jhanjhi N, Alruwaili M, Amalathas SS, Balasubramanian V, Selvaraj B (2020) Privacy protection and energy optimization for 5G-aided industrial Internet of Things. IEEE Access 8:183665–183677
Karnouskos S, Kerschbaum F (2017) Privacy and integrity considerations in hyperconnected autonomous vehicles. Proc IEEE 106(1):160–170
Acknowledgements
The authors would like to thank the Ministry of Human Resource Development, Government of India, for the Global Initiative of Academic Networks (GIAN). GIAN network provides us general ideas for the IoT ecosystem. Furthermore, the authors are thankful to the UCI Machine Learning Repository [48] that helps to fulfill the necessary data required in the experiment. Finally, the authors wish to thank reviewers for their precious time and comments. This research was supported by UGC: Maulana Azad National Fellowship formulated and funded by the Ministry of Minority Affairs [Grant F11/2015MANF/(SAWebsite)].
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Jain, S.K., Kesswani, N. A noise-based privacy preserving model for Internet of Things. Complex Intell. Syst. 9, 3655–3679 (2023). https://doi.org/10.1007/s40747-021-00489-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40747-021-00489-5