Authenticated and Privacy-Preserving Consent Management in the Internet of Things - Equipe Autonomic and Critical Embedded Systems Accéder directement au contenu
Communication Dans Un Congrès Année : 2019

Authenticated and Privacy-Preserving Consent Management in the Internet of Things

Résumé

As the Internet of Things (IoT) starts providing meaningful solutions in multiple domains, users expect to take full advantage of the features and benefits of smart devices, but not at the cost of privacy loss. They want to keep control over their own data, e.g. through consent and authorization management. This paper proposes a lightweight privacy-preserving solution for managing user's consent relative to specific purposes (obligations). The originality of our proposal is manyfold. First, the consent is issued cryptographically by the user over some consented specific purposes, thus it protects both the user and the service provider against possible repudiations. Second, the users' privacy is preserved as the protocol supports untraceability over the channel, and pseudonymity with regard to the service provider. Pseudonyms are fully managed by the users themselves through suitable use of Hierarchical Identity-Based Signature (HIBS). Third, the solution is lightweight in terms of communication and computation, thus making it suitable for IoT resource constrained environments. Fourth, an illustrative car-sharing use case is presented where users are able to personalize their driving experience. Fifth, a formal validation of the protocol is provided with the AVISPA tool, along with an informal security and privacy analysis. Sixth, our approach addresses part of the European General Data Protection Regulation (GDPR), as it supports user consent management and helps providers with handling accountability.
Fichier principal
Vignette du fichier
1-s2.0-S1877050919304995-main.pdf (380.17 Ko) Télécharger le fichier
Origine : Publication financée par une institution
Loading...

Dates et versions

hal-02147191 , version 1 (04-06-2019)

Licence

Paternité - Pas d'utilisation commerciale - Pas de modification

Identifiants

Citer

Maryline Laurent, Jean Leneutre, Sophie Chabridon, Imane Laaouane. Authenticated and Privacy-Preserving Consent Management in the Internet of Things. ANT 2019: 10th International Conference on Ambient Systems, Networks and Technologies (ANT), Apr 2019, Leuven, Belgium. pp.256-263, ⟨10.1016/j.procs.2019.04.037⟩. ⟨hal-02147191⟩
219 Consultations
267 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More