Data Privacy Protection in the Internet of Things

Dear Colleagues,

Nowadays, the Internet of Things (IoT) allows regular users to upload sensing data collected via their smart devices, which constitutes an indispensable component of IoT data acquisition. These users, while working as data contributors, also form a community where they are comprehensively collaborative during the procedure of data collection, communication, analysis, and services. It is believed that the IoT is a promising paradigm that brings seamless and flexible coverage for our surrounding environment via the extensive and voluntary involvement of crowds. However, this new trend also brings significant threats to data security and privacy. Sensing contents are more likely to be hijacked within the open and vulnerable system, and the sensitive information of users could be recovered. For example, trajectories recorded by mobile phones may indicate the daily status of users like health, incoming, sex orientation, etc. These threats are made even worse by the fact that users of IoTs usually continuously and unconsciously contribute sensing data to systems via devices and apps running in the background of operating systems. Moreover, the IoT also suffers high dynamics and heterogeneity due to the diverse behaviors and preference of participants. Both facts aggravate the difficulties for security and privacy preservation, which have already thwarted the current development of  IoTs.

In recent years, multiple techniques have flourished which enhance security and privacy preservation capabilities in diverse distributed systems. Some noticeable terms include federated learning, privacy-aware computing, blockchains, AI-powered security, Zero Trust, etc. These techniques have both broadened the scope of system security and also strengthened the level of privacy preservation, as continuous and heterogeneous behaviors of regular and malicious participants are both handled. 

We argue that there should also be an in-depth and comprehensive consideration on integrating these cutting-edge techniques with the design of IoTs, which includes but is not limited to novel theories, frameworks, techniques, and applications. Therefore, this Special Issue will be a virtual research forum for the sharing of insightful ideas towards secure and privacy-aware computing in IoTs.

The topics of interest include, but are not limited to:

• Fundamental theories on security and privacy preservation in IoTs;
• Privacy-aware computing for data processing in IoTs;
• Federated learning for data processing in IoTs;
• Design and implementation of blockchain techniques for IoTs;
• Design and implementation of Zero Trust approaches for IoTs;
• Design of authentication mechanisms for dynamic devices in IoTs;
• Design of lightweight encryption and decryption methods for IoTs;
• Reinforcement learning methods for data processing in IoTs;
• Network protocols supporting privacy-aware computing in IoTs;
• Demos, systems and applications for security- and privacy-aware computing in IoTs.

Dr. Xu Zheng
Dr. Zhuojun Duan
Prof. Dr. Yingjie Wang
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at mdpi.longhoe.net by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Title: Communication and Sensing: PHY Layer Threats to Security and Privacy for IoT systems, and possible Countermeasures
Authors: Renato Lo Cigno, Francesco Gringoli, Stefania Bartoletti, Marco Cominelli, Lorenzo Ghiro and Samuele Zanini
Affiliation: University of Brescia and Consorzio Nazionale Interuniversitario per le Telecomunicazioni (CNIT), Italy; University of Roma Tor Vergata and Consorzio Nazionale Interuniversitario per le Telecomunicazioni (CNIT), Italy; Politecnico di Milano, Italy; Consorzio Nazionale Interuniversitario per le Telecomunicazioni (CNIT), Italy
Abstract: Recent advances in signal processing and AI-based inference enable the exploitation of communication signals to collect information on devices, people, actions and the environment in general, i.e., to perform Integrated Sensing And Communication (ISAC). This possibility opens new and exciting opportunities for IoT systems, but at the same time poses unprecedented threats to security and privacy of data, devices, and systems. In fact, ISAC operates at the PHY and MAC layers, where it is impossible to protect the information with standard encryption techniques, or with any other purely digital methodologies. The work we present analyzes, within the framework of IoT and distributed, pervasive communication systems, the threats to security and privacy posed by ISAC and how they do intertwine at the PHY layer. Next, possible countermeasures are presented and discussed, with proper architectural choices and tradeoffs to implement them, as well as solutions and protocols to preserve the potential benefits of ISAC while ensuring data protection and users' privacy.

Title: --
Authors: Alper Kanak 1/2, İbrahim Arif 1/2, Ali Serdar Atalay 3, Oguzhan Herkiloğlu 3, and Salih Ergün* 1/2
Affiliation: 1 ERGTECH Research GmbH, Switzerland; 2 Ergünler R&D Ltd. Co. (ERARGE), Turkiye; 3 AI3SEC OÖ
Abstract: In the automotive industry, many manufacturing processes begin with selecting various materials for vehicle requirements, involving a large supply chain network, including electronics, plastic, glass, raw materials, cotton, etc. This network is both cross-departmental at the factory level and multi-institutional at the cross-organizational level. There is a significant challenge in trustworthy governance of data, information, and knowledge from different sources to gain transparency about the location, availability, demand, and supply of raw materials, semi-finished, and finished prod-ucts in industrial environments. Increasing resilience even in local supply chains within a manu-facturing environment and improving the security of supply for respective departments in urban factories require a holistic shielding mechanism against security, privacy, and safety threats. This study, based on a combined privacy-security-safety threat model, presents a triangular accounta-bility model for decentralized cooperation networks where manufacturers, suppliers, and com-pliance or certification authorities naturally participate in the production lifecycle through secure, private, and immutable transactions. The study explores the use of knowledge graphs and large language models (LLMs) in managing the automotive supply chain with a specific focus on in-factory logistics realized through electric forklifts. The targeted use case addresses the energy efficiency of the electric vehicles used in internal logistics by considering their state-of-charge and state-of-health. Knowledge graphs present a structural view of entities and their interactions, aiding in the detection of operational, privacy, security, and safety issues. LLMs enhance data processing, natural language queries, decision-making, and predictive analytics, making the EV-enabled logis-tics system accessible, explainable, efficient, and trusted. The triangular model, strengthened with LLMs, provides a dynamic map of the supply chain, offering insights into product origins, labor and environmental impacts, and risks while maintaining data privacy.