Date of Award
Doctor of Philosophy
Dr. Ajay Gupta
Dr. Steve Carr
Dr. Ala Al-Fuqaha
Dr. Ikhlas Abdel-Qader
data privacy, internet of things, policy enforcement fog module, information science, data
The growth of IoT applications has resulted in generating massive volumes of data about people and their surroundings. Significant portions of these data are sensitive since they reflect peoples' behaviors, interests, lifestyles, etc. Protecting sensitive IoT data from privacy violations is a challenge since these data need to be handled by public networks, servers and clouds, most of which are untrusted parties for data owners. In this study, a solution called Policy Enforcement Fog Module (PEFM) is proposed for protecting sensitive IoT data. The primary task of the PEFM solution is mandatory enforcement of privacy polices for sensitive IoT data-whenever these data are accessed, throughout their entire lifecycle. The key feature of PEFM is its placement within the fog computing infrastructure, which assures that PEFM operates as closely as possible to data sources within the edge of the IoT network. PEFM enforces privacy policies directly for data accessed by local IoT applications, using components inherited from the eXtensible Access Control Markup Language (XACML) architecture. PEFM also assures enforcement of privacy policies for data accessed by remote IoT applications, using XACML and Active Data Bundles (ADBs) that can run on any visited host and enforce policies automatically for data access by these hosts.
The Foscam Home Surveillance System (FHSS) were selected as a proof-of-concept case study to test the capabilities of PEFM in protecting sensitive surveillance data. The privacy threats in FHSS as investigated, and the framework of using PEFM for FHSS to address these threats is proposed. Different scenarios are discussed regarding the privacy risk of having malicious insiders or attackers in the system for both local and remote data usages. A scenario with no risk is considered as a baseline with which a scenario with a certain level of privacy risk is compared.
To evaluate the performance of the proposed framework, a comprehensive simulation design, based on realistic FHSS configurations, is developed. Simulation experiments were implemented using SimPy, a process-based discrete-event simulation framework based on standard Python, running in the PyCharm, IDE environment. The experimental results are discussed in terms of the privacy goals achieved by PEFM and the corresponding system performance overhead introduced in terms of latency and throughput. Our results show the PEFM increases users' control for their data with the number of enforced privacy policies. However, the overhead introduced by enforcing increased policies should not exceed the threshold determined by the real-time constraints. We show that PEFM assures selective data disclosure with better performance than for the baseline mainly due to data minimization. Finally, the results indicate that better privacy controls with minimal overhead can be achieved if most PEFM processes are executed by the local fog nodes. This overhead is the price to be paid for a higher level of privacy in terms of lifecycle data protection. So, there is a tradeoff between overhead and the desired level of privacy. The overhead should be acceptable by applications that are not time-sensitive with hard deadlines.
Al-Hasnawi, Abduljaleel, "Protecting Privacy of Data in the Internet of Things with Policy Enforcement Fog Module" (2018). Dissertations. 3352.