Privacy-sensitive architecture.
Dubbed Peekaboo by researchers.
IoT hub functions as a mediator.
Introduction:
A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data
sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University,
the system "leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to
external cloud servers."
Details:
Peekaboo operates on the principle of data minimization, which refers to the practice of limiting data collection to only what is
required to fulfill a specific purpose. To achieve this, the system requires developers to explicitly declare the relevant data
collection behaviors in the form of a manifest file that's then fed into an in-home trusted hub to transmit sensitive data from smart
home apps such as smart doorbells on a need-to-know basis.
Currently:
The hub not only functions as a mediator between raw data from IoT devices and the respective cloud services, it also enables third-party
auditors to vet an app developer's data collection claims. The manifest file, for its part, is analogous to Android's "AndroidManifest.xml"
file that details the permissions an app needs in order to access protected parts of the system or other apps.
Additional Security Info:
But while it is more of a binary approach in Android where apps are either unilaterally allowed or denied access to a specific feature
(e.g., camera), Peekaboo makes it possible to define the data collection practices in a more adjustable manner, the kind of data to be gathered,
when it should be carried out, and how frequently. With Peekaboo, a user can install a new smart home app by simply downloading a manifest to the
hub rather than a binary. This approach offers more flexibility than permissions, as well as a mechanism for enforcement. It also offers users
(and auditors) more transparency about a device's behavior, in terms of what data will flow out, at what granularity, where it will go, and under what conditions.
Closing:
What's more, Peekaboo is also designed to auto-generate live privacy nutrition labels that
summarize an app's declared behavior a la Apple's privacy labels in iOS and Android's Data safety section. Peekaboo offers a hybrid architecture,
where a local user-controlled hub pre-processes smart home data in a structured manner before relaying it to external cloud servers.
Reference link for the full story:
New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing
This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity
#privacysensitivearchitecture #IoThub #peekaboo