Privacy guidance for IoT has been proposed by organisations, including OWASP, the GSM Association, and OneM2M. However, guidance regarding confidential information disclosure, one of the most alarming privacy threats, has not been instantiated nor implemented in real IoT testing environments. That is, existing methods either assume static data, which makes them unsuited for these environments, or focus on the prevention of other privacy threats. Therefore, Modio has designed and implemented Qiqbus components to help IoT manufacturers or service providers to assess the privacy strength of their devices and/or services against confidential information disclosure. Our Qiqbus ‘privacy analysis’ feature enables: (i) automatic detection and classification of confidential data from streaming data collected from experiments, (ii) evaluation of the level of privacy protection offered by encryption, de-identification, and anonymisation (we apply the privacy methods and measures of Poulis, Loukides et al. https://doi.org/10.1016/j.jbi.2016.11.001 for anonymization), (iii) option for users to express their preferences, regarding information that is deemed as confidential, through privacy policies, and (iv) visualisation of the outcomes of the privacy tests using intuitive and informative User Interfaces (UIs). To offer such functionality, we developed methods based on machine learning, Big Data analytics, and web-based visualisation, using Qiqbus, our commercial platform for large-scale machine learning and analytics for streaming data.
We hereby depict an indicative PrivacyAnalyzer User Interface displaying at real time the outcomes of our privacy analysis.
The UI is fully customisable from the end-user. Our goal is to release our software as open source so that it receives maximum acceptance by the community, enabling citizens to take advantage of data-driven applications and e-services.
PrivacyAnalyzer was partially supported by the F-INTEROP H2020 project.