Position paper: Towards end-to-end privacy for publish/subscribe architectures in the internet of things

Stevan Coroller; Sophie Chabridon; Maryline Laurent; Denis Conan; Jean Leneutre

doi:10.1145/3286719.3286727

Position paper: Towards end-to-end privacy for publish/subscribe architectures in the internet of things

Stevan Coroller, Sophie Chabridon, Maryline Laurent, Denis Conan, Jean Leneutre

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The Internet of Things paradigm lacks end-to-end privacy solutions to consider its full adoption in real life scenarios in the near future. The recent enactment of the EU General Data Protection Regulation (GDPR) indeed emphasises the need for stronger security and privacy measures for personal data processing and free movement, including consent management and accountability by the data controller and processor. In this paper, we suggest an architecture to enforce end-to-end data usage control in Distributed Event-Based Systems (DEBS), from data producers to consumer services, taking into account some of the GDPR requirements concerning consent management and data processing transparency. Our architecture proposal is based on UCON _ABC usage control models, which we overlap with a distributed hash table overlay for scalability and fault-tolerance concerns, and across and within systems data usage control. Our proposal highlights the benefits of combining both DEBS and end-user usage control architectures. To complete our approach, we quickly survey existing encryption models that ensure data confidentiality in topic-based Publish/Subscribe systems and highlight the remaining obstacles to transpose them to content-based DEBS with an overlay of brokers.

Original language	English
Title of host publication	M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference
Publisher	Association for Computing Machinery, Inc
Pages	35-40
Number of pages	6
ISBN (Electronic)	9781450361187
DOIs	https://doi.org/10.1145/3286719.3286727
Publication status	Published - 10 Dec 2018
Externally published	Yes
Event	2018 Workshop on Middleware and Applications for the Internet of Things, M4IOT 2018, Part of Middleware 2018 Conference - Rennes, France Duration: 10 Dec 2018 → 11 Dec 2018

Publication series

Name	M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference

Conference

Conference	2018 Workshop on Middleware and Applications for the Internet of Things, M4IOT 2018, Part of Middleware 2018 Conference
Country/Territory	France
City	Rennes
Period	10/12/18 → 11/12/18

Keywords

Content-based Distributed Event-Based Systems
IoT
Privacy
Usage Control

Access to Document

10.1145/3286719.3286727

Cite this

Coroller, S., Chabridon, S., Laurent, M., Conan, D., & Leneutre, J. (2018). Position paper: Towards end-to-end privacy for publish/subscribe architectures in the internet of things. In M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference (pp. 35-40). (M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference). Association for Computing Machinery, Inc. https://doi.org/10.1145/3286719.3286727

Coroller, Stevan ; Chabridon, Sophie ; Laurent, Maryline et al. / Position paper : Towards end-to-end privacy for publish/subscribe architectures in the internet of things. M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference. Association for Computing Machinery, Inc, 2018. pp. 35-40 (M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference).

@inproceedings{c84eb5a7b47c4fb3bdce558a8b4c6b21,

title = "Position paper: Towards end-to-end privacy for publish/subscribe architectures in the internet of things",

abstract = " The Internet of Things paradigm lacks end-to-end privacy solutions to consider its full adoption in real life scenarios in the near future. The recent enactment of the EU General Data Protection Regulation (GDPR) indeed emphasises the need for stronger security and privacy measures for personal data processing and free movement, including consent management and accountability by the data controller and processor. In this paper, we suggest an architecture to enforce end-to-end data usage control in Distributed Event-Based Systems (DEBS), from data producers to consumer services, taking into account some of the GDPR requirements concerning consent management and data processing transparency. Our architecture proposal is based on UCON ABC usage control models, which we overlap with a distributed hash table overlay for scalability and fault-tolerance concerns, and across and within systems data usage control. Our proposal highlights the benefits of combining both DEBS and end-user usage control architectures. To complete our approach, we quickly survey existing encryption models that ensure data confidentiality in topic-based Publish/Subscribe systems and highlight the remaining obstacles to transpose them to content-based DEBS with an overlay of brokers.",

keywords = "Content-based Distributed Event-Based Systems, IoT, Privacy, Usage Control",

author = "Stevan Coroller and Sophie Chabridon and Maryline Laurent and Denis Conan and Jean Leneutre",

note = "Publisher Copyright: {\textcopyright} 2018 Copyright held by the owner/author(s). Publication rights licensed to ACM.; 2018 Workshop on Middleware and Applications for the Internet of Things, M4IOT 2018, Part of Middleware 2018 Conference ; Conference date: 10-12-2018 Through 11-12-2018",

year = "2018",

month = dec,

day = "10",

doi = "10.1145/3286719.3286727",

language = "English",

series = "M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference",

publisher = "Association for Computing Machinery, Inc",

pages = "35--40",

booktitle = "M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference",

}

Coroller, S, Chabridon, S , Laurent, M , Conan, D & Leneutre, J 2018, Position paper: Towards end-to-end privacy for publish/subscribe architectures in the internet of things. in M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference. M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference, Association for Computing Machinery, Inc, pp. 35-40, 2018 Workshop on Middleware and Applications for the Internet of Things, M4IOT 2018, Part of Middleware 2018 Conference, Rennes, France, 10/12/18. https://doi.org/10.1145/3286719.3286727

Position paper: Towards end-to-end privacy for publish/subscribe architectures in the internet of things. / Coroller, Stevan; Chabridon, Sophie ; Laurent, Maryline et al.
M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference. Association for Computing Machinery, Inc, 2018. p. 35-40 (M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Position paper

T2 - 2018 Workshop on Middleware and Applications for the Internet of Things, M4IOT 2018, Part of Middleware 2018 Conference

AU - Coroller, Stevan

AU - Chabridon, Sophie

AU - Laurent, Maryline

AU - Conan, Denis

AU - Leneutre, Jean

PY - 2018/12/10

Y1 - 2018/12/10

N2 - The Internet of Things paradigm lacks end-to-end privacy solutions to consider its full adoption in real life scenarios in the near future. The recent enactment of the EU General Data Protection Regulation (GDPR) indeed emphasises the need for stronger security and privacy measures for personal data processing and free movement, including consent management and accountability by the data controller and processor. In this paper, we suggest an architecture to enforce end-to-end data usage control in Distributed Event-Based Systems (DEBS), from data producers to consumer services, taking into account some of the GDPR requirements concerning consent management and data processing transparency. Our architecture proposal is based on UCON ABC usage control models, which we overlap with a distributed hash table overlay for scalability and fault-tolerance concerns, and across and within systems data usage control. Our proposal highlights the benefits of combining both DEBS and end-user usage control architectures. To complete our approach, we quickly survey existing encryption models that ensure data confidentiality in topic-based Publish/Subscribe systems and highlight the remaining obstacles to transpose them to content-based DEBS with an overlay of brokers.

AB - The Internet of Things paradigm lacks end-to-end privacy solutions to consider its full adoption in real life scenarios in the near future. The recent enactment of the EU General Data Protection Regulation (GDPR) indeed emphasises the need for stronger security and privacy measures for personal data processing and free movement, including consent management and accountability by the data controller and processor. In this paper, we suggest an architecture to enforce end-to-end data usage control in Distributed Event-Based Systems (DEBS), from data producers to consumer services, taking into account some of the GDPR requirements concerning consent management and data processing transparency. Our architecture proposal is based on UCON ABC usage control models, which we overlap with a distributed hash table overlay for scalability and fault-tolerance concerns, and across and within systems data usage control. Our proposal highlights the benefits of combining both DEBS and end-user usage control architectures. To complete our approach, we quickly survey existing encryption models that ensure data confidentiality in topic-based Publish/Subscribe systems and highlight the remaining obstacles to transpose them to content-based DEBS with an overlay of brokers.

KW - Content-based Distributed Event-Based Systems

KW - IoT

KW - Privacy

KW - Usage Control

U2 - 10.1145/3286719.3286727

DO - 10.1145/3286719.3286727

M3 - Conference contribution

AN - SCOPUS:85061787577

T3 - M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference

SP - 35

EP - 40

BT - M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference

PB - Association for Computing Machinery, Inc

Y2 - 10 December 2018 through 11 December 2018

ER -

Coroller S, Chabridon S , Laurent M , Conan D , Leneutre J. Position paper: Towards end-to-end privacy for publish/subscribe architectures in the internet of things. In M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference. Association for Computing Machinery, Inc. 2018. p. 35-40. (M4IOT 2018 - Proceedings of the 2018 Workshop on Middleware and Applications for the Internet of Things, Part of Middleware 2018 Conference). doi: 10.1145/3286719.3286727

Position paper: Towards end-to-end privacy for publish/subscribe architectures in the internet of things

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this