Authors:
Imran Makhdoom
1
;
Ian Zhou
1
;
Mehran Abolhasan
1
;
Justin Lipman
1
and
Wei Ni
2
Affiliations:
1
University of Technology Sydney, New South Wales and Australia
;
2
Data61-CSIRO, Marsfield, New South Wales and Australia
Keyword(s):
Internet of Things, Smart City, Security and Privacy, Blockchain, EU GDPR Compliance.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Data and Application Security and Privacy
;
Data Engineering
;
Data Integrity
;
Data Protection
;
Databases and Data Security
;
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Information Assurance
;
Information Systems Auditing
;
Internet Technology
;
Network Security
;
Privacy
;
Privacy Enhancing Technologies
;
Security and Privacy for Big Data
;
Security and Privacy in Social Networks
;
Security in Distributed Systems
;
Security in Information Systems
;
Security Information Systems Architecture and Design and Security Patterns
;
Web Information Systems and Technologies
;
Wireless Network Security
Abstract:
The ubiquitous use of Internet of Things (IoT) ranges from industrial control systems to e-Health, e-commerce, smart cities, supply chain management, smart cars, cyber-physical systems and a lot more. However, the data collected and processed by IoT systems especially the ones with centralized control are vulnerable to availability, integrity, and privacy threats. Hence, we present “PrivySharing,” a blockchain-based innovative framework for integrity and privacy-preserving IoT data sharing in a smart city environment. The proposed scheme is distinct from existing technologies on many aspects. The data privacy is preserved by dividing the blockchain network into various channels, where every channel processes a specific type of data such as health, smart car, smart energy or financial data. Moreover, access to user data within a channel is controlled by embedding access control rules in the smart contracts. In addition, users' data within a channel is further isolated and secured by u
sing private data collection. Likewise, the REST API that enables clients to interact with the blockchain network has dual security in the form of an API Key and OAuth 2.0. The proposed solution also conforms to some of the significant requirements outlined in the European Union General Data Protection Regulation. Lastly, we present a system of reward in the form of a digital token “PrivyCoin” for the users for sharing their data with the stakeholders/third parties.
(More)