Smart cities, connected vehicles, smart homes, and connected healthcare devices are examples of how the Internet of Things (IoT) are expected to revolutionize our lives in the decades ahead by exploiting a wealth of user-specific data to significantly improve user experiences. However, sharing of such data can compromise a user's privacy, and this threat to user-privacy has emerged as a critical risk to the widespread adoption of IoT. This highlights an important and fundamental challenge critical to the Science of Cyber-Physical Systems: even if IoT data is carefully anonymized, significant privacy leaks can occur due to the sheer amount of the data generated and the use of powerful mathematical techniques by an adversary to match current behavior with traces of past user behavior. This project will develop a systematic approach to understand the fundamental underpinnings of privacy in IoT systems, and develop provably private IoT implementations that are robust to uncertainties in the models. A key advantage of this approach is that it can achieve provable privacy, i.e., no algorithm can break the privacy of the user. The project also continues the team's education and engagement of a diverse set of students, including the significant involvement of undergraduate students in the research program, and creates and promotes free and open access educational materials. The technical problems considered in the project are organized into two main thrusts. In Thrust 1, the theoretical foundations for IoT privacy are built. The main goal is to obtain a fundamental understanding of the degree to which the utility of IoT approaches can be maintained while employing privacy-preserving mechanisms to provably prevent an adversary from compromising a user's privacy by matching a given trace to prior user behavior. Critical to this thrust is achieving robust and model independent design, i.e., achieving perfect privacy with the minimum sets of assumptions about the system and data models. In Thrust 2, to validate the theory and demonstrate the potential impact of the approach, the project leverages the domain expertise of the team to apply the results of Thrust 1 in connected vehicle applications. More generally, this will indicate the degree to which the data of a given user can be kept private from an interested adversary while still supporting the use of such services.