Personal Data Management with the Databox

Mortier, Richard; Zhao, Jianxin; Crowcroft, Jon; Wang, Liang; Li, Qi; Haddadi, Hamed; Amar, Yousef; Crabtree, Andy; Colley, James; Lodge, Tom; Brown, Anthony; McAuley, Derek; Greenhalgh, Chris

doi:10.1145/3010079.3010082

Cited by 55 publications

(35 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It exists [1,21], albeit in nascent form and its source code is freely available for widespread use [5]. It enables data controllers and app developers working on their behalf to demonstrate compliance with the external data subject accountability requirement.…”

Section: Resultsmentioning

confidence: 99%

Building accountability into the Internet of Things: the IoT Databox model

Crabtree

Lodge

Colley

et al. 2018

J Reliable Intell Environ

Self Cite

View full text Add to dashboard Cite

This paper outlines the IoT Databox model as a means of making the Internet of Things (IoT) accountable to individuals. Accountability is a key to building consumer trust and is mandated by the European Union's general data protection regulation (GDPR). We focus here on the 'external' data subject accountability requirement specified by GDPR and how meeting this requirement turns on surfacing the invisible actions and interactions of connected devices and the social arrangements in which they are embedded. The IoT Databox model is proposed as an in principle means of enabling accountability and providing individuals with the mechanisms needed to build trust into the IoT.

show abstract

Section: Resultsmentioning

confidence: 99%

Building accountability into the Internet of Things: the IoT Databox model

Crabtree

Lodge

Colley

et al. 2018

J Reliable Intell Environ

Self Cite

View full text Add to dashboard Cite

show abstract

“…from autonomous vehicles) from sensors to the cloud for central analytics mean conducting analytics locally and sending back results is increasingly attractive. 171 In reflecting on these issues and considering routes redressing the risks stemming from IoT, established practices in IT architecture design could be considered. Examples could include:…”

Section: Engineering the Industrial Iot: Appropriate Technical And Ormentioning

confidence: 99%

“…As mentioned above, local data storage and analytics would help organisations avoid a lot of these difficult compliance requirements and enable more controlled and sustainable security architecture too. Technologies like personal information management systems 164 are useful for protecting consumers' personal data, but they also have much to offer for industrial IoT too, in terms of providing confidentiality or limiting access to sensitive information. Hardware level trusted execution environments (i.e.…”

mentioning

confidence: 99%

Avoiding the internet of insecure industrial things

Urquhart

McAuley

2018

Computer Law & Security Review

Self Cite

View full text Add to dashboard Cite

Abstract:Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to be enforced from May 2018). We use the case study of the emergent smart energy supply chain to frame, scope out and consolidate the breadth of security concerns at play, and the regulatory responses. We argue the industrial IoT brings four security concerns to the fore, namely: appreciating the shift from offline to online infrastructure; managing temporal dimensions of security; addressing the implementation gap for best practice; and engaging with infrastructural complexity. Our goal is to surface risks and foster dialogue to avoid the emergence of an Internet of Insecure Industrial Things.

show abstract

“…Available Stores are registered in a HyperCat catalogue on installation, so they can be discovered by other Apps. 3 Each store provides a RESTful API supporting JSON, text and binary data across the Zest protocol. Underlying storage is implemented using the Irmin [5] system using a git-structured backend.…”

Section: Introductionmentioning

confidence: 99%

“…Other reasons we adopted ZeroMQ included its support for secure connections based on elliptic-curve cryptography and that it is well supported across a variety of platforms and programming languages. Zest forms the core protocol within the Databox project [3], which we envisage being instantiated in the form-factor of a set-top box or similar. All components are encapsulated as Docker containers.…”

mentioning

confidence: 99%

Zest: REST over ZeroMQ

Moore

Arcia-Moret

Yadav

et al. 2019

2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)

Self Cite

View full text Add to dashboard Cite

In this paper, we introduce Zest (REST over Ze-roMQ), a middleware technology in support of an Internet of Things (IoT). Our work is influenced by the Constrained Application Protocol (CoAP) but emphasises systems that can support fine-grained access control to both resources and audit information, and can provide features such as asynchronous communication patterns between nodes. We achieve this by using a hybrid approach that combines a RESTful architecture with a variant of a publisher/subscriber topology that has enhanced routing support. The primary motivation for Zest is to provide inter-component communications in the Databox, but it is applicable in other contexts where tight control needs to be maintained over permitted communication patterns.• Encryption as standard • Access control through Macaroons • Support for auditing communication across nodes • Support for asynchronous communication between nodes We chose to build our solution using ZeroMQ 1 because of its flexibility to support different topologies such as brokerless communication and for its simple abstraction over traditional TCP sockets. Other reasons we adopted ZeroMQ included its support for secure connections based on elliptic-curve cryptography and that it is well supported across a variety of platforms and programming languages. Zest forms the core protocol within the Databox project [3], which we envisage being instantiated in the form-factor of a set-top box or similar. All components are encapsulated as Docker containers. 2 Databox hosts third-party computations as Apps, while external devices such as sensors interface to the Databox via Drivers responsible for interacting with the external device through reads and writes to an associated store, a lightweight time-series database. Zest's requirements therefore are to support this highly controlled communication model, in a relatively resource-constrained environment, where operations must be logged for subsequent audit and where data transfers should be authenticated and protected in flight. The Databox communication model not only involves encryption across communication channels but also requires support for finegrained access to resources. We therefore developed the Zest 1 http://zeromq.org/ 2 https://docker.com/

show abstract

Personal Data Management with the Databox

Cited by 55 publications

References 19 publications

Building accountability into the Internet of Things: the IoT Databox model

Building accountability into the Internet of Things: the IoT Databox model

Avoiding the internet of insecure industrial things

Zest: REST over ZeroMQ

Contact Info

Product

Resources

About