Efficient and privacy-preserving access to sensor data for Internet of Things (IoT) based services

Abstract

As a major driver of the Internet of Things (IoT), sensors are harvesting data, from their environments, that service providers make use to trigger the appropriate services. These service providers require access to a wide range of personal data, which are often sensitive. In this paper, we propose a lightweight privacy-preserving trust model based on the observation that a large class of applications can be provisioned based on simple threshold detection. The key issue we address in this work is how to minimize privacy loss in the presence of untrusted service providers so that providers are prevented from disclosing information to third parties for secondary uses. Our work can be considered as a lightweight approach to functional encryption (FE) for privacy-preservation. The main algorithm in the proposed model is a uniformization scheme that uses a combination of sensor aliases to hide the identity of the sensing source and per-function initialization vector to reveal information only to relevant service providers. We have implemented a prototype of the proposed scheme on TelsoB, thereby demonstrating the feasibility of the proposed scheme on resource-constrained devices.