Small scale IoT device privacy evaluation using Petri net modeling

Most Small Scale IoT (SSIoT) devices on the market gather a significant amount of sensitive in-formation, yet many lack privacy controls, introducing significant privacy and safety risk to users. Such risks stem from the lack of privacy integration into the system development process. No formalized SSIoT data flow model currently integrates privacy elements for evaluation during the system development lifecycle (SDLC). This work aims to review current data flow modeling techniques, used in most SSIoT System Development Lifecycle (SDLC), to identify privacy gaps and assess requisite privacy controls necessary to improve user privacy. To verify this, we designed a simulation experiment using Petri net to evaluate the current privacy controls and hotspots during SSIoT data transitions. We assess our Petri net model using a Barbie Smart connected toy user interaction. The results show that Petri net has unique privacy elements and verification schemes over all other data flow modeling techniques. Further, it provides privacy assurance, evaluates privacy by identifying privacy hotspots needing controls, and minimizes privacy-related risks such as breach of personally identifiable information and interaction data during SSIoT device use.

Automated summary

Most SSIoT devices lack privacy controls, posing significant risks to user privacy and safety, as they gather sensitive information without integrating privacy into the development process. This study aims to review data flow modeling techniques in SSIoT SDLC, identify privacy gaps, and assess necessary privacy controls to enhance user privacy. Through a simulation experiment using Petri net, the privacy controls and hotspots during SSIoT data transitions were evaluated, with the results showing that Petri net offers unique privacy elements and verification schemes.