FoT-PDS: A User-Centric Paradigm for Privacy-Preserving IoT
Resumo
The adoption of IoT technologies has amplified concerns regarding personal data privacy, as the continuous collection and processing of personal data expose users to structural privacy risks, including identification, localization and tracking, profiling, and linkage. Current IoT platforms primarily rely on service-centric models, offering limited user control, transparency, and support for informed consent throughout the data lifecycle. This thesis addresses these limitations by proposing FoT-PDS, a user-centric privacy-preserving IoT paradigm that integrates Personal Data Stores and the Fog of Things. The paradigm reassigns data control from service providers to users, enabling decentralized personal data management, fine-grained access control, transparency, and explicit consent. A central component of the paradigm is an AI-assisted consent mechanism that supports users in making informed consent decisions by analyzing their own data. The mechanism leverages clustering methods to evaluate potential profiling risks from users’ personal data. FoT-PDS was implemented and evaluated through both technical and empirical studies. Technical experiments demonstrate the feasibility of the consent mechanism under typical fog and IoT constraints, while a user-centric empirical study shows that the paradigm improves perceived data control, transparency, and privacy awareness. Trust is indirectly supported through increased privacy awareness, highlighting its mediating role in privacy-preserving IoT systems. These insights provide evidence that FoT-PDS can effectively mitigate privacy risks in IoT environments.
Referências
Ashton, K. (2009). That ‘Internet of Things’ thing. RFID Journal (Expert Views). Published June 22, 2009.
Bader, S. R. and Maleshkova, M. (2020). SOLIOT—decentralized data control and interactions for IoT. Future Internet, 12(6).
Boi, B., De Santis, M., and Esposito, C. (2023). A decentralized smart city using solid and self-sovereign identity. In Gervasi, O., Murgante, B., Rocha, A. M. A. C., Garau, C., Scorza, F., Karaca, Y., and Torre, C. M., editors, Computational Science and Its Applications – ICCSA 2023 Workshops, pages 149–161, Cham. Springer Nature Switzerland.
CISCO (2019). Consumer privacy survey: The growing imperative of getting data privacy right.
Fries, J., Freund, M., and Harth, A. (2023). A solid architecture for machine data exchange with access control. Proceedings of the 1st Semantic Web on Constrained Things, Hersonissos, Greece, 3412:74–81.
Ghayvat, H., Sharma, M., Gope, P., and Sharma, P. K. (2022). SHARIF: Solid pod-based secured healthcare information storage and exchange solution in Internet of Things. IEEE Transactions on Industrial Informatics, 18(8):5609–5618.
Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & Security, 64:122–134.
Mugariri, P., Abdullah, H., García-Torres, M., Parameshchari, B. D., and Abdul Sattar, K. N. (2022). Promoting information privacy protection awareness for internet of things (iot). Mobile Information Systems, 2022(1):4247651.
Pinto, G. P., Donta, P. K., Dustdar, S., and Prazeres, C. (2024). A systematic review on privacy-aware iot personal data stores. Sensors, 24:2197.
Pinto, G. P. and Prazeres, C. (2024). Towards data privacy in a fog of things. Internet Technology Letters.
Pinto, G. P. and Prazeres, C. (2025a). A User-Centric IoT Platform for Privacy With AI-Assisted Consent. IEEE Open Journal of the Computer Society, 6:1834–1846.
Pinto, G. P. and Prazeres, C. (2025b). Data Privacy in the Internet of Things: A Perspective of Personal Data Store-Based Approaches. Journal of Cybersecurity and Privacy, 5(2).
Pinto, G. P., Sousa, N. R., Da Silva, C. N., Peixoto, M. L., Figueiredo, G. B., and Prazeres, C. V. (2025). Enhancing IoT data privacy: AI-assisted consent mechanism in a PDS-based solution. Internet of Things, 34:101807.
Pinto, G. P., Sousa, N. R., and Prazeres, C. V. S. (2026). My data, my rules: an experimental study on a user-centric approach to data privacy in the internet of things. Computing, 108(3):33.
Prazeres, C. and Serrano, M. (2016). SOFT-IoT: Self-Organizing FOG of Things. In 2016 30th International Conference on Advanced Information Networking and Applications Workshops, pages 803–808.
Safa, N. S., Mitchell, F., Maple, C., Azad, M. A., and Dabbagh, M. (2022). Privacy enhancing technologies (pets) for connected vehicles in smart cities. Transactions on Emerging Telecommunications Technologies, 33(10).
Verborgh, R. (2023). Re-decentralizing the Web, for good this time. In Seneviratne, O. and Hendler, J., editors, Linking the World’s Information: Essays on Tim Berners-Lee’s Invention of the World Wide Web, pages 215–230. ACM.
Zheng, S., Apthorpe, N., Chetty, M., and Feamster, N. (2018). User perceptions of smart home IoT privacy. Proc. ACM Hum.-Comput. Interact., 2(CSCW).
