|
Interest in the Internet-of-Things (IoT) has increased tremendously over the past few years. Our homes, buildings, and even cities are starting to be instrumented with devices, sensors, and actuators that will provide new capabilities to users, help automate the mundane tasks in their lives, and ultimately to improve quality of life. However, a primary challenge to the long-term success of IoT is privacy. IoT sensors and actuators will be diverse and embedded all around us in the infrastructure, largely in shared spaces with unclear kinds of controls and feedback; further these devices and apps that use them will often be created by developers with little awareness or knowledge of privacy. This project takes a first-principles based approach towards enabling holistic privacy controls to address these concerns, developing an open source IoT stack which will include new privacy mechanisms, privacy models, and systems support for privacy notifications, allowing other researchers and practitioners to build upon them. The research results will serve as an educational resource for students, particularly those from underrepresented groups, and as course projects through new and existing courses taught by the researchers, such as Ubiquitous Personal Smart Agents, User-Focused Sensing Systems and Distributed Systems.
The overarching goal of this proposal is to support privacy in Internet of Things deployments from an end-to-end perspective, taking an interdisciplinary approach to address fundamental issues in IoT privacy along four main thrusts: (1) conducting a series of interviews and surveys to understand user concerns about IoT privacy (e.g. type of data, granularity, purpose, and so on); (2) developing a suite of novel privacy mechanisms on top of an IoT software stack to make it easier for developers and end-users to manage privacy, including new forms of access control, a stream-based functional programming approach that makes it easier for developers to get personal data in a privacy-sensitive manner, and developer support for specifying purposes of data access and usage; (3) designing and evaluating new kinds of privacy notifications, as well as ways to inspect and offer some control over what specific sensors are doing; and (4) designing and evaluating new kinds of policies for letting administrators and end-users manage sensitive data, including proximity and temporal degradation of data. These proposed ideas will be implemented, deployed, and evaluated in an extensive IoT living lab testbed that is being deployed at the university. The work will lead to significant interdisciplinary advances at the intersection of cyber-physical systems, human-computer interaction, and usable privacy.
|
SaTC: CORE: Medium: End-to-End Support for Privacy in the Internet -of-things