New privacy framework for IoT devices gives users control over data sharing

0
26

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a way that removes data sharing concerns and gives users control over their personal information.

dubbed peek a boo by researchers at Carnegie Mellon University, the system “uses an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to remote cloud servers.”

Peekaboo works on the principle of data minimization, which refers to the practice of limiting data collection to only what is necessary to achieve a specific goal.

To achieve this, the system requires developers to explicitly state the relevant data collection behavior in the form of a manifest file which is then fed into a trusted home hub to send sensitive data from smart home apps such as smart doorbells as needed. is. know basics.

Not only does the hub act as a mediator between raw data from IoT devices and the respective cloud services, it also allows third-party auditors to investigate an app developer’s data collection claims.

The manifest file, for its part, is analogous to Android’s “AndroidManifest.xml” file containing the permissions the app needs to access protected areas of the system or other apps.

But while it’s more of a binary approach in Android where apps are unilaterally allowed or denied access to a specific feature (e.g. camera), Peekaboo allows you to define the data collection practices – the kind of data to be collected, when it’s should be performed, and how often.

“With Peekaboo, a user can install a new smart home app by simply downloading a manifest to the hub instead of a binary file,” the researchers explain.

“This approach provides more flexibility than permissions, as well as an enforcement mechanism. It also provides users (and auditors) with greater transparency about a device’s behavior, in terms of what data will flow out, with what granularity, where it will go. go, and under what conditions.”

Additionally, Peekaboo is also designed to automatically generate live privacy food labels that summarize an app’s declared behavior a la Apple’s privacy labels in the iOS and Android Data Security section.

Peekaboo offers a hybrid architecture, where a local user-controlled hub preprocesses smart home data in a structured manner before forwarding it to remote cloud servers, the researchers said.