IoT Expunge: Implementing Verifiable Retention of IoT Data
This addresses privacy concerns for IoT users by ensuring compliance with laws like GDPR, though it is incremental as it builds on existing cloud and verification methods.
The paper tackles the problem of enforcing data retention policies for sensitive IoT data in the cloud, proposing IoT Expunge, a framework that allows providers to store data with verifiable proofs of policy adherence, and experimental results show it imposes minimal verification overhead on users.
The growing deployment of Internet of Things (IoT) systems aims to ease the daily life of end-users by providing several value-added services. However, IoT systems may capture and store sensitive, personal data about individuals in the cloud, thereby jeopardizing user-privacy. Emerging legislation, such as California's CalOPPA and GDPR in Europe, support strong privacy laws to protect an individual's data in the cloud. One such law relates to strict enforcement of data retention policies. This paper proposes a framework, entitled IoT Expunge that allows sensor data providers to store the data in cloud platforms that will ensure enforcement of retention policies. Additionally, the cloud provider produces verifiable proofs of its adherence to the retention policies. Experimental results on a real-world smart building testbed show that IoT Expunge imposes minimal overheads to the user to verify the data against data retention policies.