New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

News

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information.

Dubbed Peekaboo by researchers from Carnegie Mellon University, the system “leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to external cloud servers.”

Peekaboo operates on the principle of data minimization, which refers to the practice of limiting data collection to only what is required to fulfill a specific purpose.

CyberSecurity

To achieve this the system requires developers to explicitly declare the relevant data collection behaviors in the form of a manifest file that’s then fed into an in-home trusted hub to transmit sensitive data from smart home apps such as smart doorbells on a need-to-know basis.

The hub not only functions as a mediator between raw data from IoT devices and the respective cloud services, it also enables third-party auditors to vet an app developer’s data collection claims.

The manifest file, for its part, is analogous to Android’s “AndroidManifest.xml” file that details the permissions the app needs in order to access protected parts of the system or other apps.

Privacy Framework for IoT Devices

But while it is more of a binary approach in Android where apps are either unilaterally allowed or denied access to a specific feature (e.g., camera), Peekaboo makes it possible to define the data collection practices — the kind of data to be gathered, when it should be carried out, and how frequently.

“With Peekaboo, a user can install a new smart home app by simply downloading a manifest to the hub rather than a binary,” the researchers explained.

“This approach offers more flexibility than permissions, as well as a mechanism for enforcement. It also offers users (and auditors) more transparency about a device’s behavior, in terms of what data will flow out, at what granularity, where it will go, and under what conditions.”

CyberSecurity

What’s more, Peekaboo is also designed to auto-generate live privacy nutrition labels that summarize an app’s declared behavior à la Apple’s privacy labels in iOS and Android’s Data safety section.

“Peekaboo offers a hybrid architecture, where a local user-controlled hub pre-processes smart home data in a structured manner before relaying it to external cloud servers,” the researchers said.

Products You May Like

Articles You May Like

Fake Donald Trump Assassination Story Used in Phishing Scam
The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
Microsoft Seizes 240 Websites to Disrupt Global Distribution of Phish Kits

Leave a Reply

Your email address will not be published. Required fields are marked *