Content uploaded by Fathy Eassa
Author content
All content in this area was uploaded by Fathy Eassa on Mar 18, 2018
Content may be subject to copyright.
ORIGINAL RESEARCH
Preserving privacy in internet of things: a survey
Adnan Ahmed Abi Sen
1
•Fathy Albouraey Eassa
1
•Kamal Jambi
1
•
Mohammad Yamin
2
Received: 8 December 2017 / Accepted: 15 February 2018
ÓBharati Vidyapeeth’s Institute of Computer Applications and Management 2018
Abstract Internet of things (IOT) paradigm is changing
day to day lives towards sophisticated automation and
enhancing living standards of our societies. The most of
‘‘Things’’ in IOT are having limited power, storage, and
computational capabilities. Therefore data is collected,
manipulated and stored in the clouds. The benefit of
‘‘anytime and anywhere’’ access of data gives rise to
serious security and privacy issues and lead to many
problems like exposure of user’s personal and sensitive
information and loss of the trust between parties. These
challenges need to be addressed with adequately with
utmost care. From an operational point of view, the major
concern for IOT is ‘‘Privacy’’. In this article, we discuss
difference between privacy and security. Further, and
present several approaches and techniques that are being
used to fulfill the privacy requirements. This comparative
study also contains advantages and disadvantages of the
mentioned approaches. Finally, we discuss the future
opportunities, trends, and provide recommendations about
the privacy for IOT based applications and services.
Keywords IOT Privacy Security Cloud Fog Smart
city Big data
1 Introduction
Our lives have become like a virtual world. People are able
to work, communicate, shop, learn, entertain, control, and
monitor for anything from anywhere, at anytime through
many devices over the internet [1,2]. The fundamental
objective of IOT is to provide ubiquitous access to
numerous devices and machines on service providers
(SPs), covering many areas such as location based services
(LBS), smart home, smart city, E-Health [3,4], E-Learning
[5], E-Business [6,7], etc. [8,9] as illustrated in Fig. 1.
Although the number of IOT objects may reach fifty billion
things in 2020 [10,47].
There is no common definition of IOT, however all
definitions refer to ‘‘anything or many things that cooperate
with each other, connect to Internet, generate any data,
provide any service to any user and enable him to access
the services from anywhere, at any time by any available
network’’ [11,12].
The most of IOT applications use cloud storage and
process data to gain context-awareness (great capabilities,
savings cost, availability, accessibility). Further this is used
to gain knowledge and helps in decision making [1,13].
The cloud is not able to meet all the requirements of IOT
application and services. To overcome this, Fog computing
was introduced [14].
Fog is a recent computing model that can be seen as an
advancement and extension of the cloud to serve network
parties. It is developed with decent storage however far less
than that of the clouds. These Fog nodes reside closer to the
users for computational tasks and perform some sort of
&Adnan Ahmed Abi Sen
adnanmnm@hotmail.com
Fathy Albouraey Eassa
fathy55@yahoo.com
Kamal Jambi
kjambi@kau.edu.sa
Mohammad Yamin
myamin@kau.edu.sa
1
College Computing and Information Technology, King
Abdulaziz University, Jeddah, Saudi Arabia
2
Faculty of Economics and Administration, King Abdulaziz
University, Jeddah, Saudi Arabia
123
Int. j. inf. tecnol.
https://doi.org/10.1007/s41870-018-0113-4
filtering before sending data to the cloud [15]. The Fog has
introduced new features like its role as a third smart party,
providing distributed computing, supporting real time, or
time-sensitive applications, speeding up emergency detec-
tion, improving performance, reducing latency and traffic
on the network etc. [16,17]. Any device has the ability to
do some computation or processing operations and caching
some data. It may act as an access point, router, server,
smartphone, box, etc. In addition, it can be a slave to a
small or large company, be it public or private. The whole
features make the fog an optimal candidate to support the
IOT applications in addition to the cloud [18,92].
This relation among IOT objects, cloud and fog has
found that many of the challenges faced are as heteroge-
neous environment, continued monitoring, mobility, man-
ageability, scalability, resource-constrained of devices,
energy, participatory sensing, analyzing and transferring
big data, performance, threats of privacy and security etc.
[19–21]. However, the most researchers have considered
privacy and security as the most challenging problem in
IOT because many of IOT services can pose a risk to users’
personal information. They were regarded as intelligent
monitoring agents for all daily actions, behavior patterns,
and private lives of the user, In addition, it can over time
discover information is absent from user himself [22], this
indicates to the importance of privacy [13,23].
Unfortunately, there is no standard structure for IOT so
far. Moreover, there isn’t any standard format for the
queries, but the formula commonly used in its applications
is:
f\Latitude;Longitude [;\Data Query
jj
POI [;\USERID [g:
That created main goals for protection each part from
the formula [24,25]
½Location LocðÞ;Query QðÞand Identity ðIDÞ:
There are more issues in IOT. For example, threats and
attacks on the privacy of IOT environment can happen on
saved data in a device that is connected to Internet, data on
link between device and SP, and data on the cloud/SP
‘‘from outer attacker or SP itself or its maintainer’’ which
can be malicious or un-trusted, and that is the most dan-
gerous [26].
In this article we have provided compassion between the
privacy and security, surveyed and compared various
aspects of privacy and security, and discussed recent trends
and the open problem in this domain.
In the remainder of this article, we discuss our
achievements in detail. In Sect. 2, we survey literature
related with privacy, in Sect. 3describe the difference
between privacy and security, in Sect. 4we discuss pro-
posed classification. Finally, in Sect. 5, we discuss an open
issue in IOT privacy, and then conclude and discuss future
trends.
2 Literature reviews
There are many survey and research articles and books
which have dealt with IOT. Many of them lay emphasis on
the necessity of addressing privacy of IOT [27–29], and
they provide definitions, factors, and recommendations.
However, a few of the approaches in the literature have
tried to relax this issue. Nevertheless there is an introspect
of ideas between them, and there isn’t an aggregation of all
approaches that can be used for preserving privacy in IOT
[26]. Many of these papers focus on security more than
privacy and some of them consider privacy as part of
security [30]. Some of these approaches are explained here:
Authors in [24] have provided a general classification
for privacy protection methods in LBS, and those in [31]
have searched about the most used techniques for LBS
users’ privacy and classified them to third trusted party
(TTP) or un-trusted. Researchers in [32] have shown some
techniques that achieve location privacy with more atten-
tion for those use computational operations, whereas in [1]
we find a highlight on the IOT, and referenced to security
threats and privacy’s importance in protection for the
personal information on the devices, communication,
storage and processing. In [12], authors have emphasized
on the need to find rules to protect the privacy and security
(confidential, trust, and access policy).
Authors in [33] have defined the privacy and pointed out
many treatments like the awareness and control to
enhancing user’s privacy, work in [25] has designed a
standard format to descript data in IOT which contains
personal info, and suggested using encryption, anonymity,
minimize data, authenticate and control to protect their
privacy, in [29] focus is on the structure and layers with
applications of IOT, work in [34] provides general view
about IOT and its enablers, authors in [35] asset that there
are many challenges as sensing and identification in the
IOT, it considered the security is a confidentiality, trust,
and privacy. Research in [36] processed the privacy issue
Fig. 1 IOT and some of its applications
Int. j. inf. tecnol.
123
in the market and put three objects for privacy (intervene-
ability, transparency, and unlink-ability) and some tech-
niques for preserving it as fine-grain (aggregate approach),
anonymize, minimize data, access, and policy, in [37]
authors have come up with four Characteristics for IOT
related to security and privacy (uncontrolled, heterogene-
ity, constrained resources, and scalability), then provided
very useful architecture in addition to some solutions for
privacy as anonymity, pseudonym, unlink-ability, identity
manager, and network security.
Authors in [38] have divided the architecture to five
layers, and reviewed some approaches to preserving
privacy (anonymity, statistical values instead of details,
TTP), [39] claimed that we have to pursue privacy
protection because the success in IOT applications
related to privacy, security and trust, In [40]wefind
classification for all privacy approaches in IOT with a
viewpoint for smart city applications. Work in [41]
deemed the privacy as the information that person dis-
closes about himself or it is his relations with others.
Then it goes on to provide some principles to respect
privacy of data, Research in [42] proposed a new legal
environment with IOT, respecting legitimacy, trans-
parency and accountability, Authors in [43]havedis-
cussed the ability of adaptive with attacks and seeking
for privacy by using secure techniques.
Although many of recent researchers have contributed to
many issues associated with IOT. However, we haven’t
found a comprehensive treatment of privacy and security in
IOT. This article attempts to fill this gap.
3 Privacy vs. security
As discussed earlier many researchers treat privacy as part
of security [35]. Although there are significant large vol-
ume of overlaps and some intersections between both
concepts, there is a remarkable differences in these terms
[12,33,44,45]. In this research, we illustrate these
differences.
Privacy is a term related to persons and their data,
especially personal or sensitive data, which emphasizes the
need to protect data should not be exploited, accessed
without permission or used in a way that the owner doesn’t
expect (How using data).In addition, Privacy means that
every person has the right to determine the degree of his/
her interaction with the environment or the amount of data
allowed for public view [1,27]. While Security is older
concept tries to protect data and devices from outer attack,
spyware, and subversion. In general, the manufacturers
have cared about their hardware security more than the
privacy of user [30,46].
Particular, privacy can be penetrated by collecting the
amount of data about the user and analyzing it, while for
security, it is enough to detect information like user’s
password. In addition, security is to protect data between
trusted-parties mostly from a foreign attacker, while in the
privacy some parties are un-trusted as SP, so it has to deal
with it and you know that it may be adversary [90].
In this work, we focused on privacy in IOT envi-
ronment. Privacy of (ID, Loc, and Q) can be hacked in
any phase of data cycle (collecting, aggregating, trans-
ferring, storing, processing) [1], Fig. 2illustrates the
fundamental concerns related to privacy and security.
We do not find current approaches focusing on saving
data privacy on a device, instead we find a lot of interest
about preserving data on a link or on a server with
different levels of trust in SP, Third Party (TP), peers, or
without trust at all [31]. We also find many examples of
violation of privacy in IOT applications as smart devi-
ces, social media, phones apps, LBS, smart health, etc.
are found [48–50].
Fig. 2 Difference between privacy and security
Int. j. inf. tecnol.
123
4 Our main classification
We have classified the previous approaches of preserving
privacy in the IOT to eleven classes according to their
behaviors, and then we grouped them in four classes pre-
sented in Fig. 3, depending on the trust issue which con-
sidered as one of the main axes of privacy. For each one,
we described its advantages and disadvantages in addition
to future issues and some open problems.
Hint: sometimes there is a method of specific approach
but it has special behavior, different from others in this
approach.
4.1 Anonymity
4.1.1 Discussion and recommendation
This approach can be useful with separate queries and with
taking in account hiding the relation between identity and
other sensitive data like location, time, etc. which can
reveal this hidden identity.
4.2 Working with data
4.2.1 Discussion and recommendation
These techniques are very important to protect a user form
external attacker, when the service provider doesn’t require
details information. That makes it a good solution for many
applications like energy systems for example amount of
consumed electricity in the selected duration.
4.3 Access control and user’s request
Fig. 3 Classification of privacy approaches
Definition and techniques
This approach tries to hide the identity of users in many ways as
Pseudonyms, Nickname, or Hashing value for some personal
information. It is used for privacy-preserving against all party
[17,43]
Advantages
It is used for preserving privacy from all parties and there is no
need for trust in anyone. It is simple for the user; also this
approach can be used for any type of privacy protection
Disadvantages
It is not active when a user connects internet to SP because SP or
any attacker will rely on IP address of the user to detect a lot of
info and violate a privacy of this user
Definition and techniques
It protects personal or sensitive data by using encryption,
steganography, perturbation (add noise), moves data continuously,
distributes data, deletes data periodically, removes personal part,
prevents storing, and minimize data by using data mining or
statistical techniques [22,51]
Advantages
Some methods are used for partial privacy from the whole
attackers as minimize or changing data. Other techniques are
preserving privacy just form outer attack as encryption or
steganography and other because they need a trusted party
Disadvantages
Partial protection causes inaccuracy response, while the other
techniques require full trust in the SP which is the most dangerous.
Moreover encryption, steganography or distributed data effect
adversely on the performance
Open issues
Using data mining or statistical methods to minimize data still
open issue for the researcher to find a better technique for
detecting and quantify the personal info. Also finding a new
method for encryptions and steganography with higher
performance and a higher level of privacy. But all these methods
can be used only in some apps and special cases
Definition and techniques
This approach gives the user ability to access, edit and remove his
stored data on the server. The user can also lock and unlock his
data for using by SP, get an alert (notice and choice) and ask him
the privilege when SP needs to use his data, repeat request
authorization, or disable/enable connection to minimize the
number of connections to SP [43]
Advantages
It is simple and increase privacy of user from outer attack
Disadvantages
It supposes that SP is trust
Open issues
How to make sure that SP applies its announced policy
Int. j. inf. tecnol.
123
4.4 Awareness, policy, and laws
4.4.1 Discussion and recommendations of 4.3 and 4.4
techniques
These types of techniques need high support from govern-
ment to monitor and control the companies which provide
services. For example many of applications in the Android
system request permission to use mobile camera or micro-
phone; however these applications can exploit by recording
video or voice of user without any alert or notification.
4.5 Obfuscation and land-marking
Authors in [53] have shown a new style that allows users
to express their privacy preferences and proposed new
metric based on obfuscation, [54] presented a framework
that can achieve computational efficiency with obfuscation.
In [55], a new framework known as Casper method is
proposed which makes hides the user identity through
blurring its exact real location, and [56] provides a new
algorithm to enhance the obfuscation method disassociated
with dependency on geometric method.
4.5.1 Discussion and recommendation
Obfuscation is a very fine approach for single or sequential
queries. However it still needs more attention about per-
formance of its algorithms, by enhancing the accuracy of
result and taking in account capabilities of attackers like
their knowledge about the map, drawing track for user
movement or detecting the noise of data.
4.6 Mix zone
Researchers in [57] have discussed drawbacks related to
mix-zone technique that depends on road network and
rectangle shape and provided methods to build more effi-
cient area, through engineering and statistical behavior,
[58] processed the mix-zone optimizing mathematical
pattern that minimizes the computation complexity with
Fig. 4 Example of obfuscation technique Fig. 5 Mix zone technique
Definition and techniques
The Recent trend for a higher level of users’ knowledge about
their rights to save their privacy. In addition, some laws and
policies which must companies respect them [52]
Advantages
It is very necessary to find these things to increase the privacy of
user from all attack
Disadvantages
It is theory and needs a big privilege to sure that companies apply
these rules
Open issue
Searching to find techniques to monitor the behavior of SP. And
finding tool to detect the amount of violation privacy from any
software or code
Definition and techniques
Obfuscation uses the mathematical and transformation functions to
change the sensitive information as for locations. Land-marking
relies on known places as the location of the query instead of the
real coordinates [53–56]. See Fig. 4
Advantages
Practically It protects the privacy of user location and can be used
to changing some personal data as age, salary, etc
Disadvantages
Effects diversely on performance and accuracy of response
Definition and techniques
It divides the area into many of zones and user has to take a new
nickname in each zone [57–59]. See Fig. 5
Advantages
It is better than approaches which relied on one nickname and
provides a good degree of privacy from the attacker
Disadvantages
Also, there will be not effective if the user uses the same Internet
to connect to a server that means SP will rely on real IP address of
this user for tracing him
Int. j. inf. tecnol.
123
good results, and [59] developed a new way for dealing
mix-zone by taking in account a real-world roads as
heterogynous and density of traffic.
4.6.1 Discussion and recommendation
Mix-zone is another useful approach for preventing tracing
of user’s movement. However to enhance the efficiency of
this approach, the areas have to be overlapping, not equal,
in addition to add noise to period in each zone, and take in
account the traffic and paths.
4.7 Third trust party (TTP) (cloaking area and K-
anonymity)
The TTP based on road network and user traffic prediction
that led to minimize the queries response time are discussed
in [61], dependency on clock area to provide privacy pro-
tection from LBS with continuous for queries is discussed in
[62], a special approach to minimize the clacking area can be
found in [63], a central party that can provide adoptive
algorithms to bluer the users’ locations can be found in [64],
methods which were followed in the k-anonymity are un-
useful for some spatial users’ distributions [65], and there are
many drawbacks of the methods that use k-anonymity, which
paper in [66]. A flexible way for user to determine a mini-
mum level of his K-anonymity with TTP appears in [67],
dependence of generating a systematic noise and merging it
with user’s location before creating the Cloaking area and
then sending the area’s coordinates to LBS server as queries
location can be found in [68].
Research in [69,70] relies on k-anonymity by using a new
technique ‘‘Semantic Cloaking’’ or ‘‘Movement Vector’’
which takes in account user’s movement to reduce the area
size and the cost, and [71] discusses the ineffectiveness of
k-anonymity techniques in the works which didn’t focus on
the natural and type of users inside the cloaking region, so it
treated this issue by using special profile for each one.
4.7.1 Discussion and recommendation
Third trusted party is a good approach with systems that
users can’t change or add noise to their data like medical
applications. However it still needs more attention and
clarification about trust issues like finding blind third party
which can be used to protect privacy and in the same time
can’t penetrate to the type of users in the Cloaking area in
addition to the nature and size of area itself and the degree
of similarity of all areas to resist and prevent some attack
as homogeneity attack.
4.8 Private information retrieval (PIR)
Fig. 6 Cache technique with TTP
Definition and techniques
It can be used when the user doesn’t trust in SP, but trust in
another party, so the user will send his query to TTP who will hide
user’s identity by sending a query to SP then return response. Two
main techniques for this approach. First, one ‘‘K-anonymity’’ with
TTP called anonymizer and it creates homogeneity or clustering
between k-users to prevent discrimination them (user from other
k-1 in the same area) by hidden the user’s ID. Next is ‘‘Cloaking
Area’’ here there is TTP in each specific area, it will send queries
instead of K-user with same static location (x, y), and then process
the responses from SP by mathematic operations to find real
answers for each user according to his query and his actual
location [60–71]. See Fig. 6
Advantages
Preserving privacy of user identity or location from SP
Disadvantages
It shifted the problem of trust from SP to TP, in addition, there is
overhead on the TTP with the Cloaking method
Open Problem
How user can deal with a third party (TP) without trust it
Collaboration users to create their cloak area without TTP
Definition and techniques
This approach enables a user to send his query and get response of
selected records from a SP/DB without exposing the identity
record to SP. This is done by providing a group of rows instead of
just one specific row. So the user needs efficiently retrieve the
required record from this group and sometimes from multi-
servers’ with encrypted DBs [72–74]. See Fig. 7
Advantages
It provides privacy against the most of adversaries and attackers
Disadvantages
The cost of implementing is a very expensive, and this protocol
causes an overhead of computation and on a link. Moreover, this
framework requires using an encryption and dealing with multi-
servers, which is unrealistic
Open problem
Find a fine algorithm for encryption, sharing keys or split the key
of encryption
Int. j. inf. tecnol.
123
The PIR to protect user privacy against attackers without
needing to TTP is discussed in [72,73], and [74] has
treated PIR and obfuscation with hardware-based (mid
server) to discharge the load and be suitable with real-time
applications.
4.8.1 Discussion and recommendation
Private information retrieval approach is a good approach
to get data from server without revealing the specification
of the required data instead its effect is on the performance
of a system and needs some policies to be existed in the
server provider side and that isn’t always possible. So it is a
good thing to make integration between this approach and
another one ass TTP to increase the efficiency of the both
techniques.
4.9 Dummies
Generating dummies before sending a query to LBS
server is presented in [75], in [76] discussion of generating
dummies issue and provided tools to help the user in
achieving that takes place, and [77] provided an algorithm
for dummy location selection to generate dummies by
taking in account the probability of areas and entropy
metric.
4.9.1 Discussion and recommendation
Dummy approach is a very good with the discrete queries.
However, it has to work with generating smart dummies
which can be useful in the future requests, and make the
possibility of disclosing them by server provider very hard.
4.10 Cooperation between peers
Cooperation issue among users in P2P by exchanging
POIs, or exchanging a part of queries is discussed in [78],
in [79] we find a mixture between cryptography and
cooperation techniques through exchanging queries or
cryptography keys before connecting to SP, [80] users
cooperated to create highly homogeneity through forming
an obfuscation area, and work in [81] is based on collab-
oration also, but exchanging will be applied on clocking
Fig. 8 Example of Dummy Technique
Definition and techniques
Instead of sending the real query, user A will send a group of false
queries with the real one, these quires have different locations or
different query types to obscure the real within them from SP
[75–77]. See Fig. 8
Advantages
protects the privacy against both the outer attacker and SP
Disadvantages
It is difficult to generate good dummies continuously. In addition,
there is a possibility of detection the real query by an attacker after
following the queries of user for an interval of time
Open problem
Generating high-efficiency dummies is still an open problem
Definition and techniques
Users/peers collaborate directly in deferent ways to preserving
their privacy as sharing answers of queries, exchanging answers
between a user in the crowd, or cooperation to protect themselves
from TTP or SP [78–83]. See Fig. 9
Advantages
It is for disguising the personality of users from another attacker or
SP or reducing the number of communications with it as possible
because SP stills the most dangerous
Disadvantages
The limitations in these approaches are represented in the
necessary for existence all users in the same region (like a wireless
connection) in addition to trust factor between users of each other
Open problem
Actually the reliability between users each other still an open issue
in addition to the reputation of peers
Fig. 7 Example of PIR Technique (Encryption Method)
Int. j. inf. tecnol.
123
regions. Authors in [82] have proposed a new method for
collaboration by collecting the peers who have similar
POIs in a group to dilution the overhead and decrease the
connections number with SP, and authenticate the answers,
and [83] discusses cooperation between users to blur their
locations from SP without needing to TTP.
4.10.1 Discussion and recommendation
Cooperation between peers is a very important approach
when user doesn’t trust any other party. Thus authors can
collaborate with other user to exchange the benefits and
enhance the privacy level. However the configuration for
communications between peers isn’t easy to achieve. Also
there are many types or algorithm for cooperation which
can be used, and other types can be proposed too. Finally
the integration among this approach and others can pave
the road for novel techniques.
4.11 Caching
Information in crowd [84,87] which lets users caching
the answers of his queries to help other users have same
query in future instead of connecting to SP, in [88,89]we
find a proposal of cache-cloak system in a trusted server or
memory in TTP to provide k-anonymity in the real-time
and caching some answers for future queries, and [85,86]
have suggested to set a cache at the access point of each
cell and using smart dummies when user connects to SP to
enhance the cache hit-ratio.
4.11.1 Discussion and recommendation
Caching technique can be used always to enhance privacy
and performance by decreasing the number of connections
with server providers. However this approach needs
specific configuration as smart city, or to integrate with
other approaches. In addition it can be used to find tools for
indirect cooperation between peers which can create new
diminution in the privacy approaches.
Finally, Fig. 11 is a comparative table between previous
approaches with five main metrics (performance, trust,
goal, accuracy of results, and protection).
5 Discussion and open issues
In the light of the forgone discussion it is evident that
privacy and security is the biggest threat facing IOT future.
We haven’t encountered standard module or framework for
specifically preserving privacy in IOT and smart city
application. This module, we hope, would help developers
or companies in this domain towards a suitable protection
for privacy according to natural of applications and its
equipment. In addition one should be able can get advan-
tages of available possibilities in this environment.
Unfortunately, there isn’t standard framework and proto-
cols for IOT either, and the same is true for the static
architecture, which have made this research topic more
complex. Moreover, there isn’t any privacy protection
approach free of anomalies and drawbacks as we showed in
previous taxonomy. We shall return to further research
reporting on this topic to focus on this important point to
create module or tool just for privacy, which could be
installed on any IOT object like Fog, Smart phone, etc.
This tool would be assembled with privacy techniques and
each one would be specialized in specific case or sensitive
data type (see Fig. 12).
In IOT there are five types of sensitive data which are
(identity, location, device type, time, data/query) and for
these types we need different approaches to achieve com-
prehensive protection. In this case, any company searches
for offering privacy feature in its services and applications
will use this tool only. So according to the developer or
company settings or choices, as selecting the type of data
which is sensitive, the module will determine the best one
or more of approaches. For examples, in the medical
Fig. 9 Example of cooperation technique (swapping)
Definition and techniques
It relies on the caching to store answers of some queries, then
using them for futures queries, that will reduce the number of
connections with SP, which is considered the most risk. Often this
approach is used with other approaches and needs a special
infrastructure [84–91]. See Fig. 10
Advantages
that will reduce the number of connections in the LBS and
increase the privacy of users
Disadvantages
This approach can be achieved in the smart city where smart
infrastructure is available, in addition, to needing trust between
users in the area of the cache. In addition, there is a connection
between users and SP in the case of missing
Open problem
Improving the cache hit ratio to achieve more privacy
Int. j. inf. tecnol.
123
applications which need to patient file, the approaches
which protect identity will be used with third party, and for
location the dummy is fine, while obfuscation is more
suitable with continues queries, for time or type the sta-
tistical or cooperation will be used, etc.
Finally, all previous privacy approaches need to
enhancing and find new methods and techniques to avoid
their disadvantages as we pointed out in our recommen-
dations in the Sect. 4.10. In addition to need to create a
novel approaches which can be used with IOT applications
not only LBS applications.
Fig. 10 Example of caching
technique
Fig. 11 Comparative between
all approaches
Int. j. inf. tecnol.
123
6 Conclusion
In this paper, we have presented a brief overview of IOT
and its tools which have become representative smart
observer in every house. Further, we explicated a major
difference between the privacy and security concepts. Then
we reviewed all approaches and techniques which tried
preserving privacy in IOT with referred to many references
and papers. In addition we mentioned to pros and cons of
each one. Moreover, we have pointed out some open
problems and future issues related with these techniques. In
particular none of the existing approaches is perfect. So we
claim that this survey clearly separates security and privacy
and focuses on the privacy approaches in the IOT envi-
ronment. In future, we endeavor to conduct a more deeper
investigation for different approaches for privacy and give
bring about some useful insights into each of the methods.
7 Future trend
All approaches still suffering from many of open problems
to date (efficiency, performance, result in accuracy, and
need trust), so the future works have to focus on addressing
these open problems. Moreover, many of the approaches
are old and obsolete as they do not utilize recent devel-
opments in technology and mechanisms related with the
protection of privacy. In the light of forgone discussion we
recommend the use of the fog computing in the subsequent
works to investigate new horizons for preserving privacy
relying on fog properties as (its position close to client,
wireless connectivity, and ability to caching, filtering and
processing data before sending it to SP in addition to col-
laboration between fogs themselves).
Finally, we realize that there is a need to develop gen-
eral standard framework for privacy in IOT. We also need
to take care about the privacy on smart devices.
References
1. Kumar JS, Patel DR (2014) A survey on internet of things:
Security and privacy issues. Int J Comput Appl 90(11)
2. Schrammel J, Hochleitner C, Tscheligi M (2011) Privacy, trust
and interaction in the internet of things. In: International joint
conference on ambient intelligence. Springer, Berlin, pp 378–379
3. Sun L, Yamin M, Mushi C, Liu K, Alsaigh M, Chen F (2014)
Information analytics for healthcare service discovery. J Healthc
Eng 5(4):457–478
4. Chetty G, Yamin M (2015) Intelligent human activity recognition
scheme for e-health applications. Malays J Comput Sci
28(1):59–69
5. Al-Ismail M, Gedeon T, Yamin M (2017) Effects of personality
traits and preferences on M-learning. Int J Inf Technol 9(1):77–86
6. Basahel A, Yamin M (2017) Measuring success of e-government
of Saudi Arabia. Int J Inf Technol 9(3):287–293
7. Yamin M, Al Harbi O (2016) Online shopping adoption in Saudi
Arabia: An empirical research. Int Multiling Acad J 2(1)
8. Yamin M, A Al Amri S (2016) Mobile applications and cus-
tomers satisfaction in saudi electricity company. Int Multiling
Acad J 2(1)
9. Smith IG (ed) (2012) The internet of things 2012: new horizons.
CASAGRAS2
10. Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D (2014) Security of the
internet of things: perspectives and challenges. Wireless Netw
20(8):2481–2501
11. Cirani S, Picone M, Gonizzi P, Veltri L, Ferrari G (2015) Iot-oas:
an oauth-based authorization service architecture for secure ser-
vices in iot scenarios. IEEE Sens J 15(2):1224–1234
12. Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Secu-
rity, privacy and trust in internet of things: the road ahead.
Comput Netw 76:146–164
13. Lee JY, Lin WC, Huang YH (2014) A lightweight authentication
protocol for internet of things. In: Next-generation electronics
(ISNE), 2014 International Symposium. IEEE, pp 1–2
14. Dastjerdi AV, Gupta H, Calheiros RN, Ghosh SK, Buyya R
(2016) Fog computing: principles, architectures, and applica-
tions.arXiv:1601.02752.
15. Saharan KP, Kumar A (2015) Fog in comparison to cloud: a
survey. Int J Comput Appl 122(3)
16. Hu P, Ning H, Qiu T, Zhang Y, Luo X (2016) Fog computing-
based face identification and resolution scheme in internet of
things. In: IEEE transactions on industrial informatics
17. Gudymenko I, Borcea-Pfitzmann K, Tietze K (2011) Privacy
implications of the internet of things. In: International joint
conference on ambient intelligence. Springer, Berlin, pp 280–286
18. Suryawanshi R, Mandlik G (2015) Focusing on mobile users at
edge and internet of things using fog computing. Int J Sci Eng
Technol Res 4(17):3225–3231
19. Takabi H, Joshi JB, Ahn GJ (2010) Security and privacy chal-
lenges in cloud computing environments. IEEE Secur Priv
8(6):24–31
20. Roman R, Lopez J, Mambo M (2016) Mobile edge computing,
fog et al.: a survey and analysis of security threats and challenges.
Future Gener Comput Syst 78:680–698
Fig. 12 Proposed module for privacy in IOT
Int. j. inf. tecnol.
123
21. Zhou J, Cao Z, Dong X, Vasilakos AV (2017) Security and pri-
vacy for cloud-based IoT: challenges. IEEE Commun Mag
55(1):26–33
22. Ukil A, Bandyopadhyay S, Pal A (2014) Iot-privacy: to be private
or not to be private. In: Computer communications workshops
(INFOCOM WKSHPS), 2014 IEEE conference. IEEE,
pp 123–124
23. Da Xu L, He W, Li S (2014) Internet of things in industries: a
survey. IEEE Trans Ind Inf 10(4):2233–2243
24. Wernke M, Skvortsov P, Du
¨rr F, Rothermel K (2014) A classi-
fication of location privacy attacks and approaches. Pers Ubiquit
Comput 18(1):163–175
25. Vernesan O, Friess P, Woysch G, Guillemin P, Gusmeroli S,
Sundmaeker H, Moessner K et al (2012) Europe’s IoT strategic
research agenda 2012. In: Internet of things, pp 22–23
26. Said O, Masud M (2013) Towards internet of things: survey and
future vision. Int J Comput Netw 5(1):1–17
27. Sundmaeker H, Guillemin P, Friess P, Woelffle
´S (2010) Vision
and challenges for realising the internet of things. In: Cluster of
European Research Projects on the internet of things, European
Commission, vol 3, no 3, pp 34–36
28. Vermesan O, Friess P (eds) (2014) Internet of things-from
research and innovation to market deployment, vol 29. River
Publishers, Aalborg
29. Atzori L, Iera A, Morabito G (2010) The internet of things: a
survey. Comput Netw 54(15):2787–2805
30. Borgohain T, Kumar U, Sanyal S (2015) Survey of security and
privacy issues of internet of things. arXiv:1501.02211
31. Solanas A, Domingo-Ferrer J, Martı
´nez-Balleste
´A (2008)
Location privacy in location-based services: beyond TTP-based
schemes. In: Proceedings of the 1st international workshop on
privacy in location-based applications (PILBA), pp 12–23
32. Bettini C, Mascetti S, Wang XS, Freni D, Jajodia S (2009)
Anonymity and historical-anonymity in location-based services.
In: Privacy in location-based applications. Springer, Berlin,
pp 1–30
33. Ziegeldorf JH, Morchon OG, Wehrle K (2014) Privacy in the
internet of things: threats and challenges. Secur Commun Netw
7(12):2728–2742
34. Vermesan O, Friess P, Guillemin P, Gusmeroli S, Sundmaeker H,
Bassi A, Doody P et al (2011) Internet of things strategic research
roadmap. In: Internet of things-global technological and societal
trends, vol 1, pp 9–52
35. Miorandi D, Sicari S, De Pellegrini F, Chlamtac I (2012) Internet
of things: vision, applications and research challenges. Ad Hoc
Netw 10(7):1497–1516
36. Perera C, Ranjan R, Wang L, Khan SU, Zomaya AY (2015) Big
data privacy in the internet of things era. IT Prof 17(3):32–39
37. Vasilomanolakis E, Daubert J, Luthra M, Gazis V, Wiesmaier A,
Kikiras P (2015) On the security and privacy of internet of things
architectures and systems. In: Secure internet of things (SIoT),
2015 international workshop. IEEE, pp 49–57
38. Kraijak S, Tuwanut P (2015) A survey on IoT architectures,
protocols, applications, security, privacy, real-world implemen-
tation and future trends. In: 11th international conference on
wireless communications, networking and mobile computing
(WiCOM 2015), Shanghai, 21–23 September 2015
39. Porambage P, Ylianttila M, Schmitt C, Kumar P, Gurtov A,
Vasilakos AV (2016) The quest for privacy in the internet of
things. IEEE Cloud Comput 3(2):36–45
40. Zhang K, Ni J, Yang K, Liang X, Ren J, Shen XS (2017) Security
and privacy in smart city applications: challenges and solutions.
IEEE Commun Mag 55(1):122–129
41. Caron X, Bosua R, Maynard SB, Ahmad A (2016) The internet of
things (IoT) and its impact on individual privacy: an Australian
perspective. Comput Law Secur Rev 32(1):4–15
42. Weber RH (2009) Internet of things—need for a new legal
environment? Comput Law Secur Rev 25(6):522–527
43. Weber RH (2010) Internet of things-new security and privacy
challenges. Comput Law Secur Rev 26(1):23–30
44. Wang J, Zhang Z, Xu K, Yin Y, Guo P (2013) A research on
security and privacy issues for patient related data in medical
organization system. Int J Secur Appl 7(4):287–298
45. Roman R, Zhou J, Lopez J (2013) On the features and challenges
of security and privacy in distributed internet of things. Comput
Netw 57(10):2266–2279
46. Yan Z, Zhang P, Vasilakos AV (2014) A survey on trust man-
agement for internet of things. J Netw Comput Appl 42:120–134
47. Vermesan O, Friess P (eds) (2013) Internet of things: converging
technologies for smart environments and integrated ecosystems.
River Publishers, Denmark
48. Thierer AD (2015) The internet of things and wearable technol-
ogy: addressing privacy and security concerns without derailing
innovation. Richmond J Law Technol 21(2)
49. Rutledge RL, Massey AK, Anto
´n AI (2016) Privacy impacts of
IoT devices: a smart TV case study. In: Requirements engineer-
ing conference workshops (REW), IEEE international. IEEE,
pp 261–270
50. Thierer AD (2014) The internet of things and wearable technol-
ogy: addressing privacy and security concerns without derailing
innovation. Richmond J Law Technol 21(1)
51. Phadnis M, Kadam GV (2016) Efficient geosocial application
query processing with privacy preserving policy. Int J Eng Dev
Res 188–194
52. Bhattasali T, Chaki R, Chaki N (2013) Study of security issues in
pervasive environment of next generation internet of things. In:
Computer information systems and industrial management.
Springer, Berlin, pp 206–217
53. Ardagna CA, Cremonini M, Damiani E, Di Vimercati SDC,
Samarati P (2007) Location privacy protection through obfusca-
tion-based techniques. In: IFIP annual conference on data and
applications security and privacy. Springer, Berlin, pp 47–60
54. Duckham M, Kulik L (2005) A formal model of obfuscation and
negotiation for location privacy. In: International conference on
pervasive computing. Springer, Berlin, pp 152–170
55. Mokbel MF, Chow CY, Aref WG (2006) The new casper: query
processing for location services without compromising privacy.
In: Proceedings of the 32nd international conference on very
large data bases. VLDB endowment, pp 763–774
56. Damiani ML, Bertino E, Silvestri C (2008) Protecting location
privacy through semantics-aware obfuscation techniques. In:
Trust management II. Springer US, pp 231–245
57. Palanisamy B, Liu L (2011) Mobimix: protecting location pri-
vacy with mix-zones over road networks. In: Data engineering
(ICDE), 2011 IEEE 27th International conference. IEEE,
pp 494–505
58. Beresford AR, Stajano F (2004) Mix zones: user privacy in
location-aware services. In: Pervasive computing and communi-
cations workshops, 2004. Proceedings of the second IEEE annual
conference. IEEE, pp 127–131
59. Liu X, Li X (2012) Privacy preserving techniques for location
based services in mobile networks. In: Parallel and distributed
processing symposium workshops & PhD forum (IPDPSW),
2012 IEEE 26th international. IEEE
60. Kalnis P et al (2007) Preventing location-based identity inference
in anonymous spatial queries. Knowl Data Eng IEEE Trans
19(12):1719–1733
61. Pingley A, Zhang N, Fu X, Choi HA, Subramaniam S, Zhao W
(2011) Protection of query privacy for continuous location based
services. In: INFOCOM, 2011 proceedings IEEE. IEEE,
pp 1710–1718
Int. j. inf. tecnol.
123
62. Xu T, Cai Y (2007) Location anonymity in continuous location-
based services. In: Proceedings of the 15th annual ACM inter-
national symposium on Advances in geographic information
systems. ACM, p 39
63. Xu T, Cai Y (2008) Exploring historical location data for anon-
ymity preservation in location-based services. In: INFOCOM
2008. The 27th conference on computer communications. IEEE,
pp 547–555
64. Gruteser M, Grunwald D (2003) Anonymous usage of location-
based services through spatial and temporal cloaking. In: Pro-
ceedings of the 1st international conference on Mobile systems,
applications and services. ACM, pp 31–42
65. Ghinita G, Kalnis P, Skiadopoulos S (2007) PRIVE: anonymous
location-based queries in distributed mobile systems. In: Pro-
ceedings of the 16th international conference on World Wide
Web. ACM, pp 371–380
66. Shokri R, Troncoso C, Diaz C, Freudiger J, Hubaux JP (2010)
Unraveling an old cloak: k-anonymity for location privacy. In:
Proceedings of the 9th annual ACM workshop on privacy in the
electronic society. ACM, pp 115–118
67. Gedik B, Liu L (2008) Protecting location privacy with person-
alized k-anonymity: architecture and algorithms. IEEE Trans
Mob Comput 7(1):1–18
68. Theodorakopoulos G (2015) The same-origin attack against
location privacy. In: Proceedings of the 14th ACM workshop on
privacy in the electronic society. ACM
69. Zhang X et al (2015) A novel location privacy preservation
method for moving object. Int J Secur Appl 9(2):1–12
70. Song D et al (2015) A privacy-preserving continuous location
monitoring system for location-based services. Int J Distrib Sens
Netw 2015:14
71. Jagwani P, Kaushik S (2016) Secure cloaking area based on user
profile similarity. Int J Eng Technol 8(6):458–461
72. Xu T, Cai Y (2009) Feeling-based location privacy protection for
location-based services. In: Proceedings of the 16th ACM con-
ference on computer and communications security. ACM,
pp 348–357
73. Ghinita G, Kalnis P, Khoshgozaran A, Shahabi C, Tan KL (2008)
Private queries in location based services: anonymizers are not
necessary. In: Proceedings of the 2008 ACM SIGMOD interna-
tional conference on management of data. ACM, pp 121–132
74. Dang H, Chang E-C (2015) PrAd: enabling privacy-aware loca-
tion based advertising
75. Kido H, Yanagisawa Y, Satoh T (2005) An anonymous com-
munication technique using dummies for location-based services.
In: Pervasive services, 2005. ICPS’05. proceedings. International
conference. IEEE, pp 88–97
76. Shankar P, Ganapathy V, Iftode L (2009) Privately querying
location-based services with Sybil query. In: Proceedings of the
11th international conference on ubiquitous computing. ACM,
pp 31–40
77. Niu B, Li Q, Zhu X, Cao G, Li H (2014) Achieving k-anonymity
in privacy-aware location-based services. In: INFOCOM, 2014
proceedings IEEE. IEEE, pp 754–762
78. Rebollo-Monedero D, Forne J, Domingo-Ferrer J (2012) Query
profile obfuscation by means of optimal query exchange between
users. IEEE Trans Dependable Secure Comput 9(5):641–654
79. Domingo-Ferrer J, Bras-Amoro
´s M, Wu Q, Manjo
´n J (2009)
User-private information retrieval based on a peer-to-peer com-
munity. Data Knowl Eng 68(11):1237–1252
80. Domingo-Ferrer J (2006) Microaggregation for database and
location privacy. In: International workshop on next generation
information technologies and systems. Springer, Berlin,
pp 106–116
81. Chow CY, Mokbel MF, Liu X (2006) A peer-to-peer spatial
cloaking algorithm for anonymous location-based service. In:
Proceedings of the 14th annual ACM international symposium on
advances in geographic information systems. ACM, pp 171–178
82. Hashem T et al (2015) A unified framework for authenticating
privacy preserving location based services. In: Second interna-
tional ACM workshop on managing and mining enriched geo-
spatial data. ACM
83. Mokbel MF, Chow C-Y (2006) Challenges in preserving location
privacy in peer-to-peer environments. In: Web-age information
management workshops, 2006. WAIM’06. Seventh international
conference. IEEE
84. Shokri R, Theodorakopoulos G, Papadimitratos P, Kazemi E,
Hubaux JP (2014) Hiding in the mobile crowd: locationprivacy
through collaboration. IEEE Trans Dependable Secure Comput
11(3):266–279
85. Niu B, Li Q, Zhu X, Cao G, Li H (2015) Enhancing privacy
through caching in location-based services. In: Computer com-
munications (INFOCOM), 2015 conference. IEEE,
pp 1017–1025
86. Zhu X, Chi H, Niu B, Zhang W, Li Z, Li H (2013) Mobicache:
when k-anonymity meets cache. In: Global communications
conference (GLOBECOM), 2013 IEEE. IEEE, pp 820–825
87. Santos F et al (2011) Collaborative location privacy with rational
users. In: Decision and game theory for security. Springer, Berlin,
pp 163–181
88. Meyerowitz J, Choudhury R (2009) Hiding stars with fireworks:
location privacy through camouflage. In: Proceedings of the 15th
conference on mobile computing and networking. ACM,
pp 345–356
89. Chen Y et al (2008) Cache management techniques for privacy
preserving location-based services. In: Mobile data management
workshops, 2008. MDMW 2008. Ninth international conference.
IEEE
90. Abomhara M, Køien GM (2014) Security and privacy in the
internet of things: current status and open issues. In: Privacy and
security in mobile systems (PRISMS), 2014 international con-
ference. IEEE, pp 1–8
91. Yamin M, Sen AAA (2018) Improving privacy and security of
user data in location based services. Int J Ambient Comput Intell
(IJACI) 9(1):19–42
92. Abi Sen A, Albouraey F, Jambi KA (2017) Preserving privacy of
smart cities based on the fog computing. In: Smart societies
infrastructure, technologies, and applications (SCITA), Springer
Int. j. inf. tecnol.
123
