The growth of IoT applications has resulted in generating massive volumes of data about people and their surroundings. Significant portions of these data are sensitive since they reflect peoples’ behaviors, interests, lifestyles, etc. Protecting sensitive IoT data from privacy violations is a challenge since these data need to be handled by public networks, servers and clouds, most of which are untrusted parties for data owners. In this study, a solution called Policy Enforcement Fog Module (PEFM) is proposed for protecting sensitive IoT data. The primary task of the PEFM solution is mandatory enforcement of privacy policies for sensitive IoT data—whenever these data are accessed, throughout their entire lifecycle. The key feature of PEFM is its placement within the fog computing infrastructure, which assures that PEFM operates as closely as possible to data sources within the edge of the IoT network. PEFM enforces privacy policies directly for data accessed by local IoT applications, using components inherited from the eXtensible Access Control Markup Language (XACML) architecture. PEFM also assures enforcement of privacy policies for data accessed by remote IoT applications, using XACML and Active Data Bundles (ADBs) that can run on any visited host and enforce policies automatically for data accessed by these hosts.
The Foscam Home Surveillance System (FHSS) was selected as a proof-of-concept case study to test the capabilities of PEFM in protecting sensitive surveillance data. The privacy threats in FHSS are investigated, and the framework of using PEFM for FHSS to address these threats is proposed. Different scenarios are discussed regarding the privacy risk of having malicious insiders or attackers in the system for both local and remote data usages. A scenario with no risk is considered as a baseline with which a scenario with a certain level of privacy risk is compared.
To evaluate the performance of the proposed framework, a comprehensive simulation design, based on realistic FHSS configurations, is developed. Simulation experiments were implemented using SimPy, a process-based discrete-event simulation framework based on standard Python, running in the PyCharm, IDE environment. The experimental results are discussed in terms of the privacy goals achieved by PEFM and the corresponding system performance overhead introduced in terms of latency and throughput. Our results show that PEFM increases users’ control for their data with the number of enforced privacy policies. However, the overhead introduced by enforcing increased polices should not exceed the threshold determined by the real-time constraints. We show that PEFM assures selective data disclosure with better performance than for the baseline mainly due to data minimization. Finally, the results indicate that better privacy controls with minimal overhead can be achieved if most PEFM processes are executed by the local fog nodes. Migrating parts of PEFM processes to remote fog nodes or the cloud incurs more overhead than using strictly local fog nodes. This overhead is the price to be paid for a higher level of privacy in terms of lifecycle data protection. So, there is a tradeoff between overhead and the desired level of privacy. The overhead should be acceptable by applications that are not time-sensitive with hard deadlines.
|Commitee:||Abdel-Qader, Ikhlas, Car, Steve, Gupta, Ajay|
|School:||Western Michigan University|
|School Location:||United States -- Michigan|
|Source:||DAI-A 80/08(E), Dissertation Abstracts International|
|Keywords:||Fog module, Internet of Things, Policy enforcement|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be