Internet of Things Architecture

Internet of Things – Architecture © - 102 -

 It shall not be possible to infer the subject‘s identity by

aggregating/reasoning over information available at various sources;

 Information gained for a specific purpose shall not be used for another

purpose. E.g., the bank issuing a credit card should not use a given

client‘s purchase information (logged so to keep track of that client‘s

account) to send him advertising on goods similar to his purchaces.

To provide the above properties the IoT-A privacy model relies on the following
functional components: Authentication component, Trust and Reputation
component.

Table 3 below (excerpt from the IoT-A Threat Analysis) briefly summarizes how
these components mitigate some of the privacy threats to privacy, further
discussed in The Risk Analysis performed in IoT-A (see Section 5.2.9).

Threat Result Mitigation

Identity spoofing

User‘s identity is

spoofed

Robust user authentication procedure

preventing man-in-the-middle attacks, with

proper credentials-management policy

provided by an Authentication component.

User is involved in

transactions with a

malicious peer

Trustworthy discovery / resolution / lookup

system. Trustworthiness of the entire system

is guaranteed through its security components

(especially Authentication and Trust and

Reputation) as well as its global robustness

(security by design).

Information
Disclosure

Attacker gains

knowledge of user‘s

private parameters

The Identity Management component

enforces a robust pseudonymity scheme that

ensures anonymity and unlinkability.

Attacker gains

knowledge of user's

location

User's location can be hidden through reliance

on pseudonyms provided by Identity

Management.

Table 3 : Example of Privacy threats mitigation within IoT-A

Central to the Privacy Model is the Identity Management Functional
Component. A description of this FC is provided in deliverable 4.2 [Gruschka
2012].