Secure and Privacy Preserving Data Mining and Aggregation in loT Applications
Every year, the area of IoT applications keeps on expanding. It has become an essential part of collecting and analysing data for robust healthcare systems, smart homes, and smart cities. This is being done at a rate never seen before. The unprecedented growth has also increased our capability of handling large volumes of high velocity, variety, and value data through big data ecosystems such as Hadoop. However, the essential need is to perform data mining, aggregation, and analytics on this data without having any privacy and security concerns. Currently, there are many privacy issues that come with mining and aggregation of data.
Privacy protection is intended to shield individuals’ information and delicate data from public exposure while data and information mining take place. All the stakeholders are worried about data sharing and hence guard data from one another. For example, business collaborators working together on a platform or service would not want their sensitive information to be shared or leaked with each other while working together on a task. The IoT applications are profoundly flexible and different, which makes their needs very different. The commonly faced protection and privacy issues in the IoT environment are discussed in Section 7.2.
Data mining is done one step at a time and each part of the process requires its own method of security and privacy preservation. A structure for privacy preserving data mining (PPDM) is discussed in the third section. The framew'ork divides the data mining process into three layers: the data collection layer (DCL), data pre-processing layer (DPL), and data output layer (DML). All the layers have their mechanism for privacy preservation. For example, randomization techniques are used in the DPL. Different approaches, such as personalized privacy and differential privacy schemes, are also discussed. All the methods w'ith their core concepts, advantages, and disadvantages are compared with one another and their fields of application are discussed.
In IoT structures, an aggregator handles all activities for a collection of IoT devices. The aggregated data is then used as the input on which the analytics is done. Privacy has to be maintained with respect to content as well as context. In real-life scenarios, maintaining anonymity is also essential. There are many ways in which the data aggregation process can be made secure. In Section 7.4 of this chapter, we look at cryptographic techniques, data slicing methods, and evolutionary methods to obtain privacy preserving data aggregation. Homomorphic encryption and advanced encryption standard (AES) algorithms’ working and application are discussed. Security analysis of the algorithm is done for eavesdropping, replay, manipulation, internal, collusion, and impersonation attacks. The performance is then evaluated considering the cost of encryption and decryption for all the phases such as data division, authentication, and aggregation. An evolutionary game-based model is also discussed. In this, the nodes are part of a community structure where behaviour of one user influences others in terms of cost, services, and utility. Data aggregation using data slicing methods is also mentioned in depth. Twfo methods, SMART and iPDA, are discussed in length w ith their advantages and disadvantages.
Privacy and Security Challenges in IoT Applications
Before discussing the ways to ensure security and privacy for IoT applications, some of the challenges to security and privacy are discussed.
Profiling and authentication for IoT devices mean that we are partnering an identity, for example, a location w'ith a person. In this context, there can be cases w'here a user’s privacy is breached as some sensitive information may be given outside the user’s personal sphere.
7.2.2 Localizing and Tracking
Nowadays, there are many ways, such as GPS and IP addresses, which can assist with following a person’s presence in both time and space. While it only gives a better user experience and enables more features, some users see it as an invasion of privacy, especially if the data is used inappropriately without their consent. Currently, the IoT faces challenges with how' to deal with third-party data. There lies a huge challenge and moral dilemma balancing between the business interests of companies and privacy of the users.
7.2.3 Life Cycle Transitions
It is necessary to keep track of all the updates available in an application’s life cycle and how to apply them uniformly across distributed environments, whether the device is old or new. The update can also include a security patch which, if not applied to the device, can cause security issues in the whole network. This can prove to be a challenge in an industry based on applications, as discussed by Darmstadt [ 1 ].
7.2.4 Secure Data Transmission
For data transmission through open mediums, such as public mediums, it is necessary to follow safety measures. The information must be concealed to prevent unauthorized access and collection of information. The data must be protected from any internal as well as external adversary.
From surveys  and reviews  of privacy and security issues in IoT, it has been found that conventional safety efforts cannot be applied to the IoT. In the next section. an architecture is discussed that can manage the dynamic security needs for an integrated IoT environment.