skip to main content
10.1145/3278681.3278712acmotherconferencesArticle/Chapter ViewAbstractPublication PageshtConference Proceedingsconference-collections
research-article

A data privacy model based on internet of things and cyber-physical systems reference architectures

Published: 26 September 2018 Publication History

Abstract

Data privacy concerns in the Internet of Things (IoT) and cyber - physical systems (CPS) are real, valid and accentuated. In this paper it is argued that data privacy compliance in IoT and CPS should be addressed at both technical and non-technical levels. Methods to ensure data privacy protection based on both system and organisational reference architectures are therefore required. Based on an analysis of existing reference architectures for IoT and CPS, this paper proposes a consolidated architecture relevant for ensuring data privacy for both IoT and CPS. The proposed architecture is then combined with an enterprise architecture reference framework to propose a data privacy model for IoT and CPS with a focus on both organisational and technological features and positioned to guide compliance with the South African Protection of Personal Information Act 4 of 2013 (POPI Act).1

References

[1]
Addo, I D, Ahamed, S.I., Yau, S.S., and Buduru, A., 2014. A reference architecture for improving security and privacy in Internet of Things applications. In Proceedings of the IEEE International Conference on Mobile Services (2014), 108 - 115.
[2]
Adolphs, P., Bedenbender, H., Dirzus, D., Ehlich, M., Epple, U., Hankel, M., Heidel, R., Hoffmeister, M., Huhle, H., Kärcher, B., Koziolek, H., Pichler, R., Pollmeier, S., Schewe, F., Walter, A., Waser, B., and Wollschlaeger, M., 2015. Reference architecture model industrie 4.0 (RAMI4.0).
[3]
Agarkhed, J., 2017. Security and privacy of cyber physical systems in IoT using cloud infrastructure. International Journal of Advanced Research in Computer Science 8, 8, 580 - 582.
[4]
Almeida, V.a.F., Doneda, D., and Monteiro, M., 2015. Governance challenges for the Internet of Things. IEEE Internet Computing 19, 4, 56 - 59.
[5]
Ashton, K., 2009. That 'Internet of Things' Thing. In RFID Journal Emerald Expositions.
[6]
Babar, S., Mahalle, P., Stango, A., Prasad, N., and Prasad, R., 2010. Proposed security model and threat taxonomy for the Internet of Things (IoT). Recent Trends in Network Security and Applications, 420 - 429.
[7]
Babiceanu, R.F. and Seker, R., 2016. Big Data and virtualization for manufacturing cyber-physical systems: A survey of the current status and future outlook. Computers in Industry 81, 128 - 137.
[8]
Baloyi, N. and Kotzé, P., 2017. Are Organisations in South Africa Ready to Comply with Personal Data Protection or Privacy Legislation and Regulation? In IST-Africa 2017 Conference Proceedings, P. Cunningham and M. Cunningham Eds., 1 - 11.
[9]
Baloyi, N. and Kotzé, P., 2017. Do Users Know or Care What is Done with their Personal Data: A South African Case Study. In IST-Africa 2017 Conference Proceedings, P. Cunningham and M. Cunningham Eds. IIMC, 1-11.
[10]
Baloyi, N. and Kotzé, P., 2018. A Review of Data Privacy Frameworks for the Internet of Things. CSIR.
[11]
Brettel, M., Friederichsen, N., Keller, M., and Rosenberg, M., 2014. How virtualization, decentralization and network building change the manufacturing landscape: An Industry 4.0 perspective. International Journal of Information and Communication Engineering 8, 1, 37 - 44.
[12]
Broy, M., 2010. Cyber-Physikal Systems: Innovation durch softwareintensive eingebettete Systeme.
[13]
Cate, F.H., 2006. The failure of fair information practice principles. In Consumer Protection in the Age of the Information Economy, J.K. Winn Ed. Ashgate Publishing, Hampshire, UK, 341 - 378.
[14]
Cavoukian, A. and Dixon, M., 2013. Privacy and Security by Design: An Enterprise Architecture Approach IPC, Ontario, 1-37.
[15]
Cavoukian, A., Stoddart, J., Dix, A., Nemec, I., Peep, V., and Shroff, M., 2010. Resolution on Privacy by Design. In 32nd International Conference of Data Protection and Privacy Commissioners.
[16]
Coetzee, L., Smith, A., Rubalcava, A.E., Corici, A.A., Magedanz, T., Steinke, R., Catalan, M., Paradells, J., Madhoo, H., and Willemse, T., 2015. TRESCIMO: European Union and South African Smart City Contextual Dimensions. In Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on IEEE, 770 - 776.
[17]
Cole, D.D., 2015. Assessing the leakers: criminal or heroes. Journal of National Security Law & Policy 8, 107 - 118.
[18]
Corcoran, P.M., 2016. A privacy framework for the Internet of Things. In Internet of Things (WF-IoT), 2016 IEEE 3rd World Forum on IEEE, 13-18.
[19]
Davis, M.H., Lang, U., and Shetye, S., 2015. A cybermodel for privacy by design: Building privacy protection into consumer electronics. IEEE Consumer Electronics Magazine 4, 1, 41 - 49.
[20]
Erickson, K. and Howard, P.N., 2007. A case of mistaken identity? News accounts of hacker, consumer, and organizational responsibility for compromised digital records. Journal of Computer-Mediated Communication 12, 4, 1229 - 1247
[21]
European Union, 2016. GDPR Portal: Site Overview.
[22]
Foukia, N., Billard, D., and Solana, E., 2016. PISCES: A framework for privacy by design in IoT. In 2016 14th Annual Conference on Privacy, Security and Trust (PST) IEEE, 706 - 713.
[23]
Funke, S., Daubert, J., Wiesmaier, A., Kikiras, P., and Muehlhaeuser, M., 2015. End-2-End privacy architecture for IoT. In Communications and Network Security (CNS), 2015 IEEE Conference on IEEE, 705 - 706.
[24]
Government of South Africa, 1996. Constitution of the Republic of South Africa, 1 - 182.
[25]
Government of South Africa, 2000. Promotion of Access to Information Act 2 of 2002.
[26]
Government of South Africa, 2013. Protection of Personal Information Act 4 of 2013.
[27]
Government of the United Kingdom, 1998. Data Protection Act 29 of 1998.
[28]
Ico, 2013. Privacy impact assessment and risk management. Information Commissioner's Office, Wilmslow.
[29]
Ico, 2013. Privacy in mobile apps: Guidance for app developers. Information Commissioner's Office, Wilmslow.
[30]
Information & Privacy Commissioner of Ontario, 2013. Privacy by Design.
[31]
Institute of Directors Southern Africa, 2016. King IV Report on Corporate Governance for South Africa 2016.
[32]
Iso/Iec, 2013. Information technology - Security techniques - Information security managment systems - Requirements. In ISO/IEC 27001:2013 ISO, Geneva, 1 - 23.
[33]
Iso/Iec/Ieee, 2011. Systems and software engineering - Architecture description. In ISO/IEC/IEEE 42010:2011 International Organization for Standardization, Geneva.
[34]
Itu, 2005. The Internet of Things International Telecommunication Union.
[35]
Jacobsson, A. and Davidsson, P., 2015. Towards a model of privacy and security for smart homes. In Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on IEEE, 727 - 732.
[36]
Jazdi, N., 2014. Cyber Physical Systems in the Context of Industry 4.0 In Automation, Quality and Testing, Robotics, 2014 IEEE International Conference.
[37]
Jazdi, N., 2014. Cyber Physical Systems in the Context of Industry 4.0 In Proceedings of the Automation, Quality and Testing, Robotics, 2014 IEEE International Conference (2014).
[38]
Kabanov, I., 2016. Effective frameworks for delivering compliance with personal data privacy regulatory requirements. In Privacy, Security and Trust (PST), 2016 14th Annual Conference IEEE, 551 - 554.
[39]
Khan, R., Khan, S.U., Zaheer, R., and Khan, S., 2012. Future Internet: The Internet of Things architecture, possible applications and key challenges. In 2012 10th International Conference on Frontiers of Information Technology (FIT) IEEE, 257 - 260.
[40]
Lee, E.A. and Seshia, S.A., 2011. Introduction to Embedded Systems LeeSeshia.org.
[41]
Lee, J., Bagheri, B., and Kao, H., 2015. A Cyber-Physical Systems architecture for Industry 4.0-based manufacturing systems. Manufacturing Letters 3, 18 - 23.
[42]
Lin, S.-W., Miller, B., Durand, J., Bleakley, G., Chigani, A., Martin, R., Murphy, B., and Crawford, M., 2017. The Industrial Internet of Things volume G1: Reference architecture. Industrial Internet Consortium.
[43]
Lin, S., Miller, B., Durand, J., Bleakley, G., Chigani, A., Martin, R., Murphy, B., and Crawford, M., 2017. The Industrial Internet of Things volume G1: Reference architecture. Industrial Internet Consortium.
[44]
Ma, Z., Hudic, A., Shaaban, A., and Plosz, S., 2017. Security viewpoint in a reference architecture model for cyber-physical production systems. In Security and Privacy Workshops (EuroS&PW), 2017 IEEE European Symposium IEEE, 153 - 159.
[45]
Madakam, S., Ramaswamy, R., and Tripathi, S., 2015. Internet of Things (IoT): A literature review. Journal of Computer and Communications 3, 164-173.
[46]
Mcafee, 2014. Securing the Internet of Things. McAfee.
[47]
Miclea, L. and Sanislav, T., 2011. About dependability in cyber-physical systems. In Design & Test Symposium (EWDTS) IEEE, 17-21.
[48]
Minerva, R., Biru, A., and Rotondi, D., 2015. Towards a definition of the Internet of Things (IoT). IEEE Internet Initiative.
[49]
Nymity, 2018. Privacy management accountability framework.
[50]
Oecd, 1980. Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data.
[51]
Oecd, 2013. Supplementary explanatory memorandum to the revised recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data (2013). In OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data OECD, 19 -37.
[52]
Oetzel, M.C. and Spiekermann, S., 2012. Privacy-by-Design Through Systematic Privacy Impact Assessment - A Design Science Approach. In European Conference on Information Systems 2012 Proceedings Association for Information Systems Electronic Library, Online, 160 - 171.
[53]
Panetta, K., 2016. 7 Technologies Underpin the Hype Cycle for the Internet of Things, 2016 Gartner.
[54]
Perera, C., Mccormick, C., Bandara, A.K., Price, B.A., and Nuseibeh, B., 2016. Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms. In Proceedings of the 6th International Conference on the Internet of Things ACM, 83 - 92.
[55]
Petroulakis, N.E., Askoxylakis, I.G., Traganitis, A., and Spanoudakis, G., 2013. Human Aspects of Information Security, Privacy and Trust. Springer.
[56]
Porambage, P., Ylianttila, M., Schmitt, C., Kumar, P., Gurtov, A., and Vasilakos, A.V., 2016. The quest for privacy in the Internet of Things. IEEE Cloud Computing 3, 2, 36 - 45.
[57]
Sadeghi, A., Wachsmann, C., and Waidner, M., 2015. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd annual design automation conference ACM, 54 - 59.
[58]
Schlechtendahl, J., Keinert, M., Kretschmer, F., Lechler, A., and Verl, A., 2015. Making existing production systems Industry 4.0-ready. Production Engineering 9, 1, 143 - 148. DOI= http://dx.doi.org/
[59]
Sherwood, J., Clark, A., and Lyna, D., 2009. Enterprise Security Architecture. SABSA.
[60]
Solove, D.J., 2002. Conceptualizing Privacy. California Law Review 90, 4, 1087 - 1155.
[61]
Stankovic, J.A., 2014. Research directions for the Internet of Things. IEEE Internet Things Journal 1, 1, 3-9.
[62]
Tan, L. and Wang, N., 2010. Future internet: The Internet of Things. In 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE) IEEE, 376 - 380.
[63]
Tesfachew, T., 2016. Key challenges in the development and implementation of data protection laws. In Data Protection Regulations and International Data Flows: Implications for Trade and Development United Nations, Geneva, 7 - 22.
[64]
Thinakaran, K., Dhillon, J.S., Gunasekaran, S.S., and Chen, L.F., 2017. A CONCEPTUAL PRIVACY FRAMEWORK for privacy-aware IoT health applications. In 6th International Conference on Computing and Informatics, Kuala Lumpur, 175 - 183.
[65]
Torkaman, M. and Seyyedi, M.A., 2016. Analyzing IoT Reference Architecture Models. International Journal of Computer Science and Software Engineering 5, 8, 154 - 160.
[66]
Torre, H., Koceva, F., Sanchez, O.R., and Adorni, G., 2016. A framework for personal data protection in the IoT. In Proceedings of the ICITST'(2016), 384 - 391.
[67]
Van Rest, J., Boonstra, D., Everts, M., Van Rijn, M., and Van Paassen, R., 2012. Designing privacy-by-design. In Annual Privacy Forum Springer, 55 - 72.
[68]
Van Thienen, S., Clinton, A., Mahto, M., and Sniderman, B., 2016. Industry 4.0 and the chemicals industry. Deloitte University Press.
[69]
Varghese, A. and Tandur, D., 2014. Wireless requirements and challenges in Industry 4.0. In Proceedings of 2014 International Conference on Contemporary Computing and Informatics (IC3I) IEEE, Piscataway, 634 - 638.
[70]
Wang, L., Törngren, M., and Onori, M., 2015. Current status and advancement of cyber-physical systems inmanufacturing. Journal of Manufacturing Systems 37, 517 - 527.
[71]
Weinberg, B.D., Milne, G.R., Andonova, Y.G., and Hajjat, F.M., 2015. Internet of Things: Convenience vs. privacy and secrecy. Business Horizons 58, 615 - 624.
[72]
Westin, A.F., 1968. Privacy and freedom. Washington and Lee Law Review 25, 1, 166 - 170.
[73]
Weyrich, M. and Ebert, C., 2016. Reference architectures for the Internet of Things. Software Technology, 112 - 116.
[74]
Wu, M., Lu, T., Ling, F., Sun, L., and Du, H., 2010. Research on the architecture of Internet of Things. In Proceedings 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE 2010), W. Desheng, W. Ruofeng and X. Yi Eds. IEEE, Piscataway, 484 - 487.
[75]
Zachman, J.A., 2016. The Framework for Enterprise Architecture: Background, Description and Utility Zachman International, Monument.

Cited By

View all
  • (2022)Cyber Physical System: Security Challenges in Internet of Things System2022 Sixth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC55078.2022.9987256(117-122)Online publication date: 10-Nov-2022
  • (2020)Modelling Security Aspects with ArchiMate: A Systematic Mapping Study2020 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)10.1109/SEAA51224.2020.00094(577-584)Online publication date: Aug-2020
  • (2020)Privacy Engineering Methodologies: A survey2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT)10.1109/3ICT51146.2020.9311949(1-6)Online publication date: 20-Dec-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SAICSIT '18: Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists
September 2018
362 pages
ISBN:9781450366472
DOI:10.1145/3278681
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 September 2018

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. POPI act
  2. cyber-physical systems
  3. data privacy
  4. internet of things
  5. reference architecture

Qualifiers

  • Research-article

Conference

SAICSIT '18

Acceptance Rates

Overall Acceptance Rate 187 of 439 submissions, 43%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)15
  • Downloads (Last 6 weeks)1
Reflects downloads up to 15 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Cyber Physical System: Security Challenges in Internet of Things System2022 Sixth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)10.1109/I-SMAC55078.2022.9987256(117-122)Online publication date: 10-Nov-2022
  • (2020)Modelling Security Aspects with ArchiMate: A Systematic Mapping Study2020 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)10.1109/SEAA51224.2020.00094(577-584)Online publication date: Aug-2020
  • (2020)Privacy Engineering Methodologies: A survey2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT)10.1109/3ICT51146.2020.9311949(1-6)Online publication date: 20-Dec-2020
  • (2020)Data Privacy Compliance Benefits for Organisations – A Cyber-Physical Systems and Internet of Things StudyInformation and Cyber Security10.1007/978-3-030-43276-8_12(158-172)Online publication date: 8-Mar-2020
  • (2019)Guidelines for Data Privacy ComplianceProceedings of the South African Institute of Computer Scientists and Information Technologists 201910.1145/3351108.3351143(1-12)Online publication date: 17-Sep-2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media