Privacy at your Hands: Efficient Privacy-Enhancing Technologies for the Internet of Things

The Internet of Things (IoT) is a rapidly growing ecosystem that encompasses often constrained IoT devices, featuring limited processing power, storage resources, and low energy consumption, allowing them to be deployed for specific use cases, e.g., to automate tasks or collect data. At the same time, fostering constrained devices in different environments may require to execute real-time computations onboard, due to scarce Internet connection and no mobile coverage or real-time constraints, without the possibility to involve trusted third parties (TTPs). Such challenging scenarios require the IoT operator or the user to store sensitive information onboard the IoT devices, e.g., data associated with Intellectual Property (IP) rights or Personal Identification Information (PII). This leads to major security and privacy concerns both for users and Service Providers (SPs), due to the ease of accessing and hijacking IoT devices. An adversary could collect and use the PII to impersonate the user. Furthermore, regulations such as the General Data Protection Regulation (GDPR) and the upcoming Cyber Resilience Act (CRA) mandate that SPs keep user data fully private, making SPs responsible for any unauthorized disclosure. Privacy-Enhancing Technologies (PETs) are a valuable tool to address such privacy concerns in traditional IT domains. PETs include a wide range of techniques that allow to achieve input privacy, privacy-preserving computation, and output privacy. However, PETs introduce additional computational burden caused by the underlying cryptographic techniques. This overhead is often manageable in the traditional IT domain, while such a burden represents a problem when integrated in the IoT domain. To address privacy concerns in the IoT ecosystem and to avoid the computational overhead of PETs, IoT devices usually delegate complex computations to TTPs, e.g., the Cloud or powerful Edge nodes. However, in scenarios where TTPs are unavailable, it is necessary to understand how to re-design and engineer PETs to enable their usage directly on IoT devices. Note that integrating PETs on IoT devices comes with different challenges and trade-offs, depending on: (i) the environment where IoT devices are deployed, e.g., locations with scarce Internet connection, (ii) the type of data they access, e.g., real-time data evaluation, and (iii) the limited available resources, e.g., battery life. The mentioned challenges lead to the following main research question: How can we design and deploy Privacy-Enhancing Technologies effectively and efficiently so to be supported on constrained IoT devices and networks? We answer the question by investigating relevant privacy concerns in real-world IoT use cases. First, we identify privacy concerns emerging when two closely-deployed IoT networks use the same communication technology and working on the same spectrum at the same time leads to interferences, packet losses, and Quality of Service degradation. However, uncontrolled disclosure of the internal channel usage could lead to confidentiality issues. To solve this problem, we design a protocol that allows two networks to discover interfering operations without revealing any internal confidential details. Another IoT-based application scenario we consider is the one of Autonomous Vehicles (AVs). To guarantee the safe deployment of AVs in daily life, we need to detect in advance mutual occurring collisions in their path. However, identifying collisions requires the exchange of the mutual trajectories, potentially leaking private path information, e.g., the location of storage sites, and may also reveal private users' data. To address the problem, we propose a fully-accurate interactive protocol allowing privacy-preserving trajectory matching among AVs. Another problem we address is the secure attestation for IoT devices that run multiple software for various tasks onboard. Therefore, integrating the Trusted Platform Modules on IoT devices allows to remotely attest the authenticity and integrity of all such programs. Enabling traditional binary remote attestation reveals all the running processes on the system and raises privacy and intellectual property concerns. To address this problem, we propose a remote attestation method with constrained disclosure. Another problem we consider is the shared usage of emerging technologies such as Unmanned Aerial Vehicles (UAVs), a.k.a. drones. Drone-as-a-Service (DaaS) is an increasingly adopted business model, which enables possibly unskilled users with no background knowledge to operate drones and run automated drone-based tasks. Therefore, the resources provided by drones are typically managed by multiple parties, which requires the integration of multi-party access control solutions. In this context, the leakage of the access control policies might disclose confidential information. To address this privacy problem, we propose a privacy-preserving multi-party access control solution tailored to the application scenarios of Third-Party UAV Services. Finally, another real-world IoT-based application we consider is the deployment of drones for goods delivery and humanitarian operations in hard-to-reach areas characterized by scarce or absent Internet connection. Such drones use state-of-the-art biometric face verification techniques to hand out goods securely. However, adversaries active in the field could capture the drone and access all the information stored therein, including sensitive biometric information of the goods' recipient. To address the concern, we propose Obscura, the first solution for privacy-preserving face verification on commercial drones. Overall, this thesis provides manifold contribution: (i) we identify many real-world IoT-related use cases generating privacy concerns; (ii) we identify privacy-enhancing technologies suitable for addressing these challenges; (iii) we design new algorithms and strategies to integrate such PETs on real-world constrained IoT devices while dealing effectively and efficiently with the constraints of the IoT ecosystem; and finally, (iv) we extensively evaluate such solutions on relevant real-world IoT devices to showcase their effectiveness and efficiency.