Abstract
Security and privacy aspects are crucial for the acceptance of IoT environments. Accordingly, this chapter will focus on new approaches to enable end user to better control and protect their privacy and personal data. In particular, it will describe the work carried out in the context of the EU project SMARTIE, which proposed a user-centric platform for secure exchange and sharing based on the use of advanced cryptographic schemes. This platform is, in turn, an instantiation of a reference functional architecture derived from the IoT-A project that is also explained. Furthermore, the chapter provides a description about the use of specific technologies and approaches that are employed in the context of Smart Buildings, where data protection aspects are addressed through the mentioned platform.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
References
J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, Internet of Things (IoT): a vision, architectural elements, and future directions. Futur. Gener. Comput. Syst. 29(7), 1645–1660 (2013)
G. Kortuem, F. Kawsar, V. Sundramoorthy, D. Fitton, Smart objects as building blocks for the internet of things. IEEE Internet Comput. 14(1), 44–51 (2010)
E. Rescorla, N. Modadugu, Datagram transport layer security version 1.2. (No. RFC 6347) (2012)
L. Seitz, S. Gerdes, G. Selander, M. Mani, S. Kumar, Use cases for authentication and authorisation in constrained environments (No. RFC 7744) (2016)
J.L. Hernández-Ramos, D.G. Carrillo, A. Skarmeta, F. Gonçalves, L. Cortesão, J.M. Bohli, M. Bauer, SMARTIE: a secure platform for Smart Cities and IoT. Eng. Secure Intern. Things Syst. 2, 75 (2016)
D. Bonino, M.T.D. Alizo, A. Alapetite, T. Gilbert, M. Axling, H. Udsen, et al., Almanac: internet of things for smart cities, in Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference, (IEEE, New York, 2015), pp. 309–316
H.C. Pöhls, V. Angelakis, S. Suppan, K. Fischer, G. Oikonomou, E.Z. Tragos, et al., RERUM: building a reliable IoT upon privacy-and security-enabled smart objects, in Wireless Communications and Networking Conference Workshops (WCNCW), 2014 IEEE, (IEEE, New York, 2014), pp. 122–127
J.B. Bernabe, I. Elicegui, E. Gandrille, N. Gligoric, A. Gluhak, C. Hennebert, et al., SocIoTal—the development and architecture of a social IoT framework, in Global internet of things summit (GIoTS), 2017, (IEEE, New York, 2017), pp. 1–6
A. Bassi, M. Bauer, M. Fiedler, T. Kramp, R. Van Kranenburg, S. Lange, S. Meissner, Enabling things to talk (Springer, Berlin, 2016)
T. Cooper, R. LaSalle, Guarding and growing personal data value. Accenture Institute for High Performance (2015)
A. Poikola, K. Kuikkaniemi, H. Honko, Mydata a nordic model for human-centered personal data management and processing. Finnish Ministry of Transport and Communications (2015)
D. Ferraiolo, J. Cugini, D.R. Kuhn. Role-based access control (RBAC): features and motivations. In Proceedings of 11th annual computer security application conference (1995), pp. 241–248
E. Yuan, J. Tong, Attributed based access control (ABAC) for web services, in Web Services, 2005. ICWS 2005. Proceedings. 2005 IEEE International Conference, (IEEE, New York, 2005)
T. Moses, Extensible access control markup language (xacml) version 2.0. Oasis Standard, 2005 (2005)
J.L. Hernández-Ramos, A.J. Jara, L. Marín, A.F. Skarmeta Gómez, DCapBAC: embedding authorisation logic into smart things through ECC optimisations. Int. J. Comput. Math. 93(2), 345–366 (2016)
C.M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, T. Ylonen, SPKI certificate theory (1999), RFC2693
M. Jones, J. Bradley, N. Sakimura, Json web token (jwt) (No. RFC 7519) (2015)
J.B. Bernabe, J.L.H. Ramos, A.F.S. Gomez, TACIoT: multidimensional trust-aware access control system for the Internet of Things. Soft. Comput. 20(5), 1763–1779 (2016)
T. Hardjono, E. Maler, M. Machulak, D. Catalano. User-managed access (uma) profile of oauth 2.0. Kantara Initiative, Recommendation, 04 (2014)
J.L. Hernández-Ramos, J.B. Bernabe, M. Moreno, A.F. Skarmeta, Preserving smart objects privacy through anonymous and accountable access control for a m2m-enabled internet of things. Sensors 15(7), 15611–15639 (2015)
J. Camenisch, E. Van Herreweghen, Design and implementation of the idemix anonymous credential system, in Proceedings of the 9th ACM conference on Computer and communications security, (ACM, New York, 2002), pp. 21–30
Z. Shelby, K. Hartke, C. Bormann, B. Frank. The Constrained Application Protocol (CoAP)(RFC 7252), 2014 (2016)
A. Sahai, B. Waters, Fuzzy identity-based encryption. Eur. Secur. 3494, 457–473 (2005)
V. Goyal, O. Pandey, A. Sahai, B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proceedings of the 13th ACM conference on Computer and communications security, (ACM, New York, 2006), pp. 89–98
J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute-based encryption, in Security and Privacy, 2007. SP’07. IEEE Symposium on, (IEEE, New York, 2007), pp. 321–334
SMARTIE. Deliverable 2.3: SMARTIE initial architecture specification, http://www.smartie-project.eu/download/D2.3-Initial%20Architecture%20Specification.pdf
J.L. Hernandez-Ramos, J.B. Bernabé, A. Skarmeta, ARMY: architecture for a secure and privacy-aware lifecycle of smart objects in the internet of my things. IEEE Commun. Mag. 54(9), 28–35 (2016)
D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig, A. Yegin. Protocol for carrying authentication for network access (PANA) (No. RFC 5191) (2008)
J.L. Hernández-Ramos, D.G. Carrillo, R. Marín-López, A.F. Skarmeta, Dynamic security credentials pana-based provisioning for IoT smart objects, in Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum, (IEEE, New York, 2015), pp. 783–788
Acknowledgment
This chapter includes results shared by the European research project CPaaS.io (Grant Agreement N° 723076); IoTCrawler (Grant Agreement N° 779852); and Fed4IoT (Grant Agreement N° 814918), which has received partial funding from the European Commission as well as by the Spanish Ministry of Economy and Competitiveness through the Torres Quevedo program (Grant Agreement N° TQ-15-08073).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Skarmeta, A., Hernández-Ramos, J.L., Martinez, J.A. (2019). User-Centric Privacy. In: Ziegler, S. (eds) Internet of Things Security and Data Protection. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-04984-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-04984-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04983-6
Online ISBN: 978-3-030-04984-3
eBook Packages: EngineeringEngineering (R0)