End-2-end privacy architecture for IoT

End-2-end privacy architecture for IoT

Master Thesis

Rapid growth and the pervasive cyber-physical nature of Internet of Things (IoT) technology influences both, commer- cial/industrial as well as personal environments. „Data is the new gold“ – in the future: billions of inter-connected devices and cloud-services collect, analyze, infer and disseminate (personal) data to make our everyday life smarter.
Interaction between IoT and our personal lives, with information processing in domains like eHealth, location-based services, smart cities and smart environments calls for privacy protection [3]. „The capacity to correlate information is going to change all of those interactions, and I lose power over a great deal of my life when there’s a massive amount of information over me that I don’t have control over“ worries Goeff Webb [2].
Fortunately, many solutions to enhance privacy already exist and are well researched in form of Privacy Enhancing Technologies (PETs). For example: onion routing for origin anonymity, spatial location cloaking against location tracking, k-anonymity for anonymous data disclosure and data encryption for confidentiality. But, do we really know how to use and combine them correctly?


  1. Formalization of a PET taxonomy based on existing definitions, e.g., Heurix et al [6].
  2. Formalization of PET composition
  3. A privacy metric derived from PET-composed systems
  4. Proposal and evaluation of a novel privacy architecture
  5. Implementation of an evaluating privacy architecture prototype for health tracking scenarios

Privacy as an interdisciplinary concept of personal freedom turned out to be complex, hard to define and hard to enforce in the age of IoT. Following, I concrete those problems and present the resulting research questions of my thesis.

  1. PETs are based on different characteristics like different scenarios, application domains (eHealth etc.), threat models, privacy goals etc. To the best of my knowledge, there is no research about a general formalization of PETs and no formal models to compose PETs with different assumptions. Furthermore, research about privacy metrics for IoT-systems, using composed PETs is missing.
    • How to formalize the characteristics of PETs?
    • How to formally compose PETs with different characteristics?
    • How to derive a privacy metric, for IoT-systems using composed PETs?
  2. State-of-the-art IoT architectures and systems only address privacy selectively [4], either by providing pseudonymity within the device domain, or by preventing profiling at the cloud domain. A comprehensive and practical IoT privacy solution that covers all domains and aspects of privacy, as well as supports privacy policy negotiation between customer and service provider is missing.
    • How to design a PET-based IoT privacy architecture that addresses informational privacy, end-to-end across all IoT-domains (from device, over connection, to cloud domain)?
    • How to design privacy policies based on informational privacy goals for IoT-systems using the PET-based privacy architecture?

Start: 01.03.2016

Ende: 30.09.2016


  • Jörg Daubert

Forschungsgebiete: CASED, CRISP, Telecooperation, privacy-trust, CYSEC , – SPIN: Smart Protection in Infrastructures and Networks