Fog-based local and remote policy enforcement for preserving data privacy in the Internet of Things

Abstract

The pervasive nature of the Internet of Things has resulted in generating a huge amount of data about the lives of IoT users. This data includes Personally Identifiable Information (PII) that reflects people's behaviors, interests, lifestyles, and everyday routines. Protecting PII from privacy violations is a challenge since IoT data need to be handled by public networks, servers, and clouds, which are untrusted parties for data owners. In this paper, a solution called Policy Enforcement Fog Module (PEFM) is proposed for protecting sensitive IoT data whenever they are accessed throughout their entire lifecycle. PEFM uses the power of policy enforcement in the edge-fog infrastructures for protecting data accessed within users’ local domains. For data that need to be sent to remote domains, PEFM uses Active Data Bundle (ADB); an executable and self-protecting construct that can run on any visited host and enforces privacy policies automatically for data accessed by these hosts. To test the feasibility of PEFM in realistic IoT systems, a framework of using PEFM as a privacy control for Foscam home security system is simulated. The experimental results show that PEFM assures data privacy via data minimization due to selective data disclosures. Better privacy controls with minimal overhead can be achieved if most PEFM processes are executed by the local fog nodes. Migrating parts of PEFM processes to remote fog nodes or the cloud incurs more overhead than using strictly local fog nodes. This overhead is the cost for a higher level of privacy regarding lifecycle data protection.