Skip to Main content Skip to Navigation
Conference papers

Authenticated and Privacy-Preserving Consent Management in the Internet of Things

Abstract : As the Internet of Things (IoT) starts providing meaningful solutions in multiple domains, users expect to take full advantage of the features and benefits of smart devices, but not at the cost of privacy loss. They want to keep control over their own data, e.g. through consent and authorization management. This paper proposes a lightweight privacy-preserving solution for managing user's consent relative to specific purposes (obligations). The originality of our proposal is manyfold. First, the consent is issued cryptographically by the user over some consented specific purposes, thus it protects both the user and the service provider against possible repudiations. Second, the users' privacy is preserved as the protocol supports untraceability over the channel, and pseudonymity with regard to the service provider. Pseudonyms are fully managed by the users themselves through suitable use of Hierarchical Identity-Based Signature (HIBS). Third, the solution is lightweight in terms of communication and computation, thus making it suitable for IoT resource constrained environments. Fourth, an illustrative car-sharing use case is presented where users are able to personalize their driving experience. Fifth, a formal validation of the protocol is provided with the AVISPA tool, along with an informal security and privacy analysis. Sixth, our approach addresses part of the European General Data Protection Regulation (GDPR), as it supports user consent management and helps providers with handling accountability.
Document type :
Conference papers
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-02147191
Contributor : Sophie Chabridon <>
Submitted on : Tuesday, June 4, 2019 - 3:01:00 PM
Last modification on : Thursday, December 3, 2020 - 3:38:15 PM

File

1-s2.0-S1877050919304995-main....
Publication funded by an institution

Licence


Distributed under a Creative Commons Attribution - NonCommercial - NoDerivatives 4.0 International License

Identifiers

Citation

Maryline Laurent, Jean Leneutre, Sophie Chabridon, Imane Laaouane. Authenticated and Privacy-Preserving Consent Management in the Internet of Things. ANT 2019: 10th International Conference on Ambient Systems, Networks and Technologies (ANT), Apr 2019, Leuven, Belgium. pp.256-263, ⟨10.1016/j.procs.2019.04.037⟩. ⟨hal-02147191⟩

Share

Metrics