PrivySeC: A secure and privacy-compliant distributed framework for personal data sharing in IoT ecosystems

Abstract

The contemporary era experiences an unprecedented dependence on data generated by individuals via an array of interconnected devices constituting the Internet of Things (IoT). The information amassed through IoT devices serves many objectives, including prescriptive analytics and predictive maintenance, preemptive healthcare measures, disaster mitigation, operational efficiency, and increased yield. In contrast, most applications or systems that rely on user-generated data to fulfill their business objectives face challenges in adhering to privacy protocols. Consequently, users are exposed to many privacy risks. Such infringements upon privacy provisions give rise to apprehensions regarding the authenticity of the processed data. Hence, this paper presents weaknesses and challenges in current practices and proposes “PrivySeC,” a distributed ledger technology (DLT) based framework for privacy-preserving and secure sharing of personally and non-personally identifiable information. The security analysis indicates that the proposed solution ensures data privacy by design and complies with most of the requirements mandated by various privacy regulations. Similarly, PrivySeC promises low transaction latency and provides high throughput. Although we have created a privacy-preserving solution for sharing smart farm data, it can be customized to meet the specific privacy requirements of individual applications.