|
In the upcoming evolution of the Internet of Things (IoT), it is anticipated that billions of devices will be connected to the Internet. While IoT promises a more connected and smarter world, this pervasive large-scale data collection, storage, sharing, and analysis raise many privacy concerns. In the current IoT ecosystem, IoT service providers have full control of the collected user data. They use the data for smart IoT system and device control. They could also use the data for other purposes not consented to by the users. This project proposes a novel data usage control framework, PrivacyGuard, that aims to empower data owners with full control over how their sensitive data is used so as to protect the data from certain types of privacy breaches. PrivacyGuard ensures that user data can only be used only by user-approved programs and each use of data has a non-repudiable usage record. Students from underrepresented minority groups will be involved in the research activities.
The proposed PrivacyGuard framework aims to achieve this goal by seamlessly integrating two new technologies, smart contract over blockchain and attested trusted execution environment (TEE). There are four key research thrusts in this project. The first thrust focuses on the design of an IoT data protection framework that coexists with the existing architecture at different layers of communication. The second research thrust aims to develop novel techniques to enable the confidential execution of contract function off-chain, by exploiting hardware-assisted TEE and its associated attestation technologies. The third thrust focuses on smart contract designs to effectively embed user-defined privacy policies and trustworthy tracking of data usage using the blockchain. The last thrusts integrates the aforementioned components to develop an open-source framework prototype.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
|
SaTC: CORE: Medium: Collaborative: Toward Enforceable Data Usage Control in Cloud-based IoT Systems