Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Ensuring compliance of IoT devices with their Privacy Policy Agreement

Subahi, Alanoud and Theodorakopoulos, Georgios ORCID: https://orcid.org/0000-0003-2701-7809 2018. Ensuring compliance of IoT devices with their Privacy Policy Agreement. Presented at: 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud), Barcelona, Spain, 6-8 August. 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud). Barcelona, Spain: IEEE, pp. 100-107. 10.1109/FiCloud.2018.00022

[thumbnail of Ensuring compliance of IoT devices with their Privacy Policy Agreement.pdf]
Preview
PDF - Accepted Post-Print Version
Download (279kB) | Preview

Abstract

In the past few years, Internet of Things (IoT) devices have emerged and spread everywhere. Many researchers have been motivated to study the security issues of IoT devices due to the sensitive information they carry about their owners. Privacy is not simply about encryption and access authorization, but also about what kind of information is transmitted, how it used and to whom it will be shared with. Thus, IoT manufacturers should be compelled to issue Privacy Policy Agreements for their respective devices as well as ensure that the actual behavior of the IoT device complies with the issued privacy policy. In this paper, we implement a test bed for ensuring compliance of Internet of Things data disclosure to the corresponding privacy policy. The fundamental approach used in the test bed is to capture the data traffic between the IoT device and the cloud, between the IoT device and its application on the smart-phone, and between the IoT application and the cloud and analyze those packets for various features. We test 11 IoT manufacturers and the results reveal that half of those IoT manufacturers do not have an adequate privacy policy specifically for their IoT devices. In addition, we prove that the action of two IoT devices does not comply with what they stated in their privacy policy agreement.

Item Type: Conference or Workshop Item (Speech)
Date Type: Published Online
Status: Published
Schools: Computer Science & Informatics
Publisher: IEEE
ISBN: 97815386750-8
Date of First Compliant Deposit: 6 June 2019
Date of Acceptance: 17 May 2018
Last Modified: 04 Nov 2022 12:26
URI: https://orca.cardiff.ac.uk/id/eprint/123089

Citation Data

Cited 12 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics