Abstract
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR’s provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users’ consents, while ensuring selective and minimal disclosure of personal information as well as user’s unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.
Highlights
Nowadays, the wide availability of mobile devices and applications has increased the adoption and diffusion of Smart Information and Communication Technology (ICT) Systems (SISs), such as smart homes, smart cities, and smart campuses
We firstly describe the main concepts related to Smart Cities, the General Data Protection Regulation (GDPR), Consent Management, and Access Control (AC) and their related works; we briefly present our proposal, which will be discussed in the remainder of the paper
It provides a reference architecture in the AC environment including components like the Policy Administration Point (PAP), which is in charge of managing the policies, or the Policy Decision Point (PDP), which evaluates the policy against the request and returns the authorization decision
Summary
The wide availability of mobile devices and applications has increased the adoption and diffusion of Smart Information and Communication Technology (ICT) Systems (SISs), such as smart homes, smart cities, and smart campuses. Due to the appealing amount of data sharing, it could be possible that competitors would unlawfully exploit the SCs environment for collecting information for increasing their commercial solutions, selling their specific products or facilities, or the different users’ behaviors Controllers should avoid such situations and ensure that subjects’ information is correctly authorized, managed, stored, and protected by all the entities involved in the SC environment. SC should enforce specific governance procedures for demonstrating that all the components and services of the SC environment can ensure the required level of data protection As from this simple example, hidden in the golden world of SC, full of interesting, useful, and appealing features, there is an enormous amount of (personal) data that subjects and services are leaving in the different (third parties) databases without being completely aware of the risk.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
