Data and Location Privacy Issues in IoT Applications

The Internet of Things (IoT) is an innovative interconnected framework where all objects can interact with each other and with other people. It enhances the quality of life, business growth and efficiency in multiple domains. However, the heterogeneity of the "Things" that can be associated in such conditions makes interoperability among them a difficult issue. Moreover, the data exchanged between IoT system components are normally not protected. This leads to users losing their privacy, hence, making it difficult to share and reuse data for purposes other than what they were originally set up for. In this paper, we address these challenges in the context of IoT applications considering user’s data and location privacy as not to be shared between these ‘Things’. We first describe two use case scenarios of IoT users in healthcare applications. The first scenario describes an attacker capturing the data traveling from/to the server. The second scenario describes the case of a server acting as a malicious party (i.e., an attacker). The two scenarios highlight data and location privacy issues of IoT users. Based on the use-case scenarios, the paper presents a generic framework for IoT data and location privacy, including a description of entities and interactions among them. The paper then analyzes potential privacy threats in this framework, in order to identify a set of general privacy requirements, with an emphasis on data and location privacy. These requirements will provide guidance to future solutions for secure IoT communication and/or risk assessment.