PISCES : a framework for privacy by design in IoT

Foukia, Noria (School of Engineering, Architecture and Landscape (hepia), HES-SO // University of Applied Sciences Western Switzerland) ; Billard, David (Haute école de gestion de Genève, HES-SO // Haute Ecole Spécialisée de Suisse Occidentale) ; Solana, Eduardo (University of Geneva, Carouge, Switzerland)

We present PISCES (Privacy Incorporated and SeCurity Enhanced Systems) framework, which aims at establishing foundations for implementing Privacy and Security by Design (PSD) in the scope of the Internet of Things (IoT). PISCES operates a strict separation between data provider and data controller, where providers are managers of their data privacy, and controllers are accountable for the privacy and protection of the data provided. This role separation is ensured by the Controller Smart Data System (CSDS) of the Smart Data System (SDS), that handles data along with its privacy settings (metadata), defined by the user, offering the possibility of private data management for IoT. The SDS also balances user privacy against the need to access information in case of law-enforcement organization activities (e.g., police investigations in fight against crime). This is made possible thanks to the building of a Privacy Validation Chain (PVC) allowing the data owner and/or any intermediary (data controllers, data processors) to know easily by whom, and to which purpose, the data is used, thus asserting that the user rights are respected or not. Finally, PISCES is thought for Internet users and service providers to get a reasonable bargain when monetizing user data; it makes necessary to define fair and mutually acceptable conditions for using the services and the data. These conditions can give incentives for the user to allow more access to his data and for the service provider to allow free usage to some services.

Conference Type:
full paper
Economie et Services
Ingénierie et Architecture
HEG - Genève
HEPIA - Genève
CRAG - Centre de Recherche Appliquée en Gestion
inIT - Institut d'Ingénierie Informatique et des Télécommunications
Auckland, New Zealand, 12-14 December 2016
Auckland, New Zealand
12-14 December 2016
8 p.
Published in:
Proceedings of the 2016 14th Annual Conference on Privacy, Security and Trust (PST)
Appears in Collection:

Note: The status of this file is: restricted

 Record created 2020-07-10, last modified 2020-07-14

Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)