Protecting user privacy in the connected world
Faculty of Engineering and Applied Science, Ontario Tech University (University of Ontario Institute of Technology)
This project developed technologies that help people control their privacy over data sharing and dissemination in the public domain.
Specifically, the project developed technologies that place users at the center of control over the sharing and dissemination of their private data to make the Internet of Things (IoT) an unobtrusive technology through the design and implementation of a generic privacy framework. The framework enables users to flexibly define abstract and high-level privacy goals that can be used to generate runtime policies that capture the user's constraints on private data sharing according to the operational context.
The proposed framework includes a global resource registry for devices and services, personal privacy broker, and policy enforcement mechanisms. The personal privacy broker implements a privacy-aware discovery algorithm that uses both query and on-demand requests, which can use high-level settings to only respond to authorized discovery requests using self-contained authorization tokens. Therefore, devices belonging to the user are only discoverable by authorized users/services. The broker also implements a novel, policy negotiation protocol to enforce user-defined policies on IoT devices collecting data from the user domain and streaming it to the outside world.
An Android application has also been developed to provide a user-friendly multimodal interface where the user can define privacy policies and tie them to certain locations for access restrictions or approvals. The application can then connect to devices belonging to the user and monitor data streaming to identify any privacy violating data collection practises. The developed techniques could be used in both online interactions and local IoT environments.
Taken together, the deliverables created through this project allow users to manage their changing privacy preferences and constraints according to who is receiving the data, for what purpose and in what context.
Project deliverables are available in the following language(s):
The deliverables of this project are:
- Resource Registry: A distributed resource registry to provide necessary data storage and handling for resource registration (resources include devices and services).
- Privacy-aware Discovery Protocol: This protocol supports ubiquitous data access and enables users to discover nearby resources on demand in a P2P fashion, even if resources are not registered using direct signal scanning.
- Policy Announcement and Negotiation Protocol: This protocol facilitates privacy negotiation and enforces user-defined policies on surrounding data collection practices.
- Privacy Broker: This acts as a personal privacy guard by watching out and analyzing all data streaming out of the user’s domain, whether from their own connected devices or devices surrounding them.
- Proof-of-concept Prototype: An Android application puts these concepts all together in action as a proof-of-concept prototype to demonstrate the utility and usability of the proposed framework.
More information can be found on the IoT Research Lab website.
OPC Funded Project
This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.
Dr. Khalid Elgazzar, Canada Research Chair in the Internet of Things
Faculty of Engineering and Applied Science
Ontario Tech University
2000 Simcoe Street North
Oshawa, Ontario L1G 0C5 Canada
- Date modified: