Aggregated Risk Modelling of Personal Data Privacy in Internet of Things

Abstract

There is a growing interest in personal data mining and user profiling to improve the surveillance practices for rapid analysis of underlying business patterns. User profiling from Personally Identifiable Information (PII) is one such technique to breach personal data privacy in mobile devices, web browser, smart homes, Internet of Things (IoT) etc. This study proposes a PII risk factor by bringing aggregated risk modelling of personal information in the IoT environment. Intuitively, most of the IoT devices are produced by identical manufacturers. Similarly, smart devices typically assemble facts from plentiful devices where collected information’s owners are mutually inclusive. Proposed Massive Personal Information Clustering (MPIC) model shows that IoT product manufacturing companies can cluster PII collected from a) IoT device managing application and b) device data flow. Subsequently, owner-centric aggregated IoT device data can reveal user ID, which was not considered by other studies. Our approach was validated by satisfactory data analysis from IoT standardization organization (Open Connectivity Forum), Android and iOS app store. The analysis shows 80-90 percent of available IoT devices are manufactured by 6-10 major companies with 5 potential PII threats. Personal information like location, email, biological ID, contextual actions and social graph are at risk if collective information gathering (aggregation) through multiple IoT devices are not correctly measured. Finally, research directions in establishing privacy preservation in smart IoT ecosystem are advocated.