The deployment of IoT devices with significant data collection capabilities around the world raises concerns about user privacy. People are worried about ubiquitous IoT devices collecting and sharing their data with unknown parties without their awareness or consent. Currently, several governmental agencies have stated that IoT service providers should obtain user consent before collecting and using their personal data. However, to the best of our knowledge, there is no standard means for users to reach agreements on privacy practices for IoT applications. Among different types of IoT applications, this paper focuses on the scenario in which people use their personal smartphones to access nearby IoT devices via Bluetooth Low Energy (BLE). To address the privacy issue in the scenario, this paper proposes a privacy preferences expression framework for BLE-based applications named PrivacyBat. The framework defines specifications for users to achieve agreements on privacy practices with nearby BLE devices. In addition, this framework provides guidelines for a device to process user requests according to the agreement. To demonstrate how the framework operates, this paper further provides a proof of concept implementation. As the proposed framework can improve the privacy policy agreement process in IoT applications, this paper can hopefully contribute to increasing user trust in IoT applications.

• 出版日期2018
• 单位东华大学