Developing A Privacy Risk Analysis Framework for Heterogeneous IoT Network
The Internet of Things (IoT) collect a massive amount of data that raises several privacy concerns, such as lack of inconsistency between and IoT device’s requirements and its privacy policy or non-compliance with different privacy regulations. Additionally, due to IoT devices’ inadequate user interface, providing a detailed and real-time notification is one of the significant privacy challenges in the IoT. To address these challenges, this thesis proposes a privacy risk analysis framework called Protected Heterogeneous IoT Network (PHIN). PHIN has the following two goals. First, it aims at identifying privacy risks from four perspectives: i) inconsistency between an IoT device and its privacy policy, ii) inference risk of PII, iii) incompatibility between users’ privacy preferences and the device’s privacy settings, and iv) non-compliance with multiple privacy regulations. Second, PHIN provides users with a detailed two-layered privacy risk report prior to deploying a new IoT device. To evaluate the framework’s effectiveness, the thesis aims to assess the PHIN in a real heterogeneous IoT network.