Date of Award
Doctor of Philosophy (PhD)
Computer Engineering and Sciences
William H. Allen
Deborah S. Carstens
The proliferation of Internet of Things (IoT) devices has increased data sharing, profiling, and manipulation on various networks. The rapid growth of information disclosure has caused system users to lose motivation to enhance their data privacy. The repeated breaches on different networks worldwide have made people feel discouraged, as they perceive privacy schemes as futile. IoT systems introduce another dimension of privacy leakage due to their expendability nature and information collection features. The situation worsens when users have to manage multiple IoT devices, each following different security protocols, leading to poor decision-making and privacy leakage. This tremendous flow of unsecured data gathered about users without their knowledge or consent, combined with complicated privacy policies, leads to information overload and privacy fatigue. Users’ continuously changing privacy behavior further complicates the problem as they opt to disregard privacy for better service quality or monetary gain. Many users have become tired of implementing security controls due to privacy intrusiveness and a lack of knowledge. Additionally, the concept of privacy differs between individuals, leading to a variety of expectations that are not yet implemented in IoT environments. To protect users from privacy invasions in a climate where sensors are omnipresent, a shift toward context-centric privacy and adaptive preference approach is required. In this dissertation, we stress for a tailored privacy preference experience unique to each individual that aims at offering an automated contextual privacy preferences recommendation based on user experience. We first conduct a replication study to understand the sensitive information gathered through IoT sensors. This study allowed us to discover what factor combinations impact users’ privacy decisions in different IoT environments. The replication study also helped us classify sensors and locations depending on how sensitive the data collected is. Next, we used the collected data and feedback to experiment with how Machine Learning (ML) algorithms behave using different techniques and features from the original study. This step allowed us to study how well different features can predict an individual’s decision to allow or deny entry to a specific IoT location. The experiment allowed us to measure how feasible it is to build a Machine Learning approach capable of predicting users’ preferences while mimicking real-world scenarios and eliminating factors that users do not have control over. We then introduced PPM (Privacy Preference Manager), a recommender system that uses a simple yet powerful approach to predict user privacy preferences. PPM is a ML approach built on all the feedback collected from our previous experiments, uses a minimalistic feature collection, and shifts from a binary classification to a privacy risk recommendation approach. We finally designed IoTPP (Internet of Things Privacy Preference), a web application that enforces user privacy preferences and gives them control over their environment. IoTPP was explicitly created to help users manage their privacy and guide them when interacting with IoT spaces. IoTPP aims to provide users with a tailored privacy experience based on their privacy expectations. We also examined IoTPP’s ability to mitigate the privacy fatigue phenomenon and analyzed its usability as a tool in enforcing privacy management.
Kilani, Ghassen, "Predicting the Impact of IoT Data Gathering on User’s Privacy Preferences" (2022). Theses and Dissertations. 1334.