| Title | Ensuring Compliance of IoT Devices with Their Privacy Policy Agreement |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Subahi, Alanoud, Theodorakopoulos, George |
| Conference Name | 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud) |
| Date Published | aug |
| Keywords | cloud computing, compliance, Computer science, data privacy, GDPR, Human Behavior, Informatics, Internet of Things, Internet of Things devices, IoT devices, IoT manufacturers, IoT policy, IoT privacy policy, IoT privacy policy agreement, mobile computing, policy test bed, privacy, Privacy Policies, privacy policy agreement, pubcrawl, Scalability, security, security of data, smart phone, smart phones, test bed, test equipment |
| Abstract | In the past few years, Internet of Things (IoT) devices have emerged and spread everywhere. Many researchers have been motivated to study the security issues of IoT devices due to the sensitive information they carry about their owners. Privacy is not simply about encryption and access authorization, but also about what kind of information is transmitted, how it used and to whom it will be shared with. Thus, IoT manufacturers should be compelled to issue Privacy Policy Agreements for their respective devices as well as ensure that the actual behavior of the IoT device complies with the issued privacy policy. In this paper, we implement a test bed for ensuring compliance of Internet of Things data disclosure to the corresponding privacy policy. The fundamental approach used in the test bed is to capture the data traffic between the IoT device and the cloud, between the IoT device and its application on the smart-phone, and between the IoT application and the cloud and analyze those packets for various features. We test 11 IoT manufacturers and the results reveal that half of those IoT manufacturers do not have an adequate privacy policy specifically for their IoT devices. In addition, we prove that the action of two IoT devices does not comply with what they stated in their privacy policy agreement. |
| DOI | 10.1109/FiCloud.2018.00022 |
| Citation Key | subahi_ensuring_2018 |
Ensuring Compliance of IoT Devices with Their Privacy Policy Agreement