PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information

Savio Sciancalepore; Nicola Zannone

doi:10.1145/3477314.3508379

PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

5 Citations (Scopus)

42 Downloads (Pure)

Abstract

Internet of Things (IoT) platforms typically require IoT devices and users to provide fine-grained information to determine whether access to resources and services can be granted. However, this information can be sensitive for users and its disclosure can lead to severe privacy threats, forcing users to decide between receiving a service or protecting their privacy. To close this gap, this work proposes PICO, a framework for privacy-preserving access control in IoT scenarios through incomplete information. PICO allows IoT devices to evaluate the privacy risks of disclosing the information needed to access a service and determine at which level of granularity such information can be disclosed. At the same time, PICO empowers IoT platforms to evaluate access control policies even when incomplete information is provided and possibly grant access to services based on a customized service-dependent risk factor. Through simulations using data from real IoT devices, we show the existence of a trade-off between privacy and energy consumption on IoT devices running PICO, and that more privacy can be achieved for such devices only by sacrificing a consistent portion of the overall energy capacity.

Original language	English
Title of host publication	SAC '22
Subtitle of host publication	Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing
Place of Publication	New York
Publisher	Association for Computing Machinery, Inc.
Pages	147-156
Number of pages	10
ISBN (Electronic)	978-1-4503-8713-2
DOIs	https://doi.org/10.1145/3477314.3508379
Publication status	Published - 6 May 2022
Event	37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022 - Virtual, Online Duration: 25 Apr 2022 → 29 Apr 2022

Conference

Conference	37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022
City	Virtual, Online
Period	25/04/22 → 29/04/22

Funding

This work has been partially supported by the INTERSCT project, Grant No. NWA.1162.18.301, funded by Netherlands Organisation for Scientific Research (NWO). The findings reported herein are solely responsibility of the authors.

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 7 Affordable and Clean Energy

Keywords

client privacy
disclosure risk
energy-privacy trade-off
IoT security
privacy-preserving access control

Access to Document

10.1145/3477314.3508379

pdfFinal published version, 1.38 MBLicence: CC BY

Cite this

@inproceedings{2abc05d526414296af0ef783e1a69c30,

title = "PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information",

abstract = "Internet of Things (IoT) platforms typically require IoT devices and users to provide fine-grained information to determine whether access to resources and services can be granted. However, this information can be sensitive for users and its disclosure can lead to severe privacy threats, forcing users to decide between receiving a service or protecting their privacy. To close this gap, this work proposes PICO, a framework for privacy-preserving access control in IoT scenarios through incomplete information. PICO allows IoT devices to evaluate the privacy risks of disclosing the information needed to access a service and determine at which level of granularity such information can be disclosed. At the same time, PICO empowers IoT platforms to evaluate access control policies even when incomplete information is provided and possibly grant access to services based on a customized service-dependent risk factor. Through simulations using data from real IoT devices, we show the existence of a trade-off between privacy and energy consumption on IoT devices running PICO, and that more privacy can be achieved for such devices only by sacrificing a consistent portion of the overall energy capacity.",

keywords = "client privacy, disclosure risk, energy-privacy trade-off, IoT security, privacy-preserving access control",

author = "Savio Sciancalepore and Nicola Zannone",

year = "2022",

month = may,

day = "6",

doi = "10.1145/3477314.3508379",

language = "English",

pages = "147--156",

booktitle = "SAC '22",

publisher = "Association for Computing Machinery, Inc.",

address = "United States",

note = "37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022 ; Conference date: 25-04-2022 Through 29-04-2022",

}

Sciancalepore, S & Zannone, N 2022, PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information. in SAC '22: Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. Association for Computing Machinery, Inc., New York, pp. 147-156, 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022, Virtual, Online, 25/04/22. https://doi.org/10.1145/3477314.3508379

PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information. / Sciancalepore, Savio ; Zannone, Nicola.
SAC '22: Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. New York: Association for Computing Machinery, Inc., 2022. p. 147-156.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - PICO

T2 - 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022

AU - Sciancalepore, Savio

AU - Zannone, Nicola

PY - 2022/5/6

Y1 - 2022/5/6

N2 - Internet of Things (IoT) platforms typically require IoT devices and users to provide fine-grained information to determine whether access to resources and services can be granted. However, this information can be sensitive for users and its disclosure can lead to severe privacy threats, forcing users to decide between receiving a service or protecting their privacy. To close this gap, this work proposes PICO, a framework for privacy-preserving access control in IoT scenarios through incomplete information. PICO allows IoT devices to evaluate the privacy risks of disclosing the information needed to access a service and determine at which level of granularity such information can be disclosed. At the same time, PICO empowers IoT platforms to evaluate access control policies even when incomplete information is provided and possibly grant access to services based on a customized service-dependent risk factor. Through simulations using data from real IoT devices, we show the existence of a trade-off between privacy and energy consumption on IoT devices running PICO, and that more privacy can be achieved for such devices only by sacrificing a consistent portion of the overall energy capacity.

AB - Internet of Things (IoT) platforms typically require IoT devices and users to provide fine-grained information to determine whether access to resources and services can be granted. However, this information can be sensitive for users and its disclosure can lead to severe privacy threats, forcing users to decide between receiving a service or protecting their privacy. To close this gap, this work proposes PICO, a framework for privacy-preserving access control in IoT scenarios through incomplete information. PICO allows IoT devices to evaluate the privacy risks of disclosing the information needed to access a service and determine at which level of granularity such information can be disclosed. At the same time, PICO empowers IoT platforms to evaluate access control policies even when incomplete information is provided and possibly grant access to services based on a customized service-dependent risk factor. Through simulations using data from real IoT devices, we show the existence of a trade-off between privacy and energy consumption on IoT devices running PICO, and that more privacy can be achieved for such devices only by sacrificing a consistent portion of the overall energy capacity.

KW - client privacy

KW - disclosure risk

KW - energy-privacy trade-off

KW - IoT security

KW - privacy-preserving access control

UR - https://www.scopus.com/pages/publications/85130337952

U2 - 10.1145/3477314.3508379

DO - 10.1145/3477314.3508379

M3 - Conference contribution

AN - SCOPUS:85130337952

SP - 147

EP - 156

BT - SAC '22

PB - Association for Computing Machinery, Inc.

CY - New York

Y2 - 25 April 2022 through 29 April 2022

ER -

PICO: Privacy-Preserving Access Control in IoT Scenarios through Incomplete Information

Abstract

Conference

Funding

UN SDGs

Keywords

Access to Document

Other files and links

Fingerprint

Cite this