Abstract
Smart home devices collect, process, store, and forward user personal data,
typically stored on the service provider's cloud service. The data is not only
available to the service provider but also to third parties. Data collected by a single
device is often inconsequential; however, data collected by several devices and
device types can potentially expose certain patterns and end-user behaviour that
can be used to profile and discriminate against the user. This data can be used for
identity theft and other cyberattacks in the wrong hands. Service providers need
the data to train their artificial intelligence and machine learning models and to
improve their products. In contrast, others use the data for targeted advertising as
their main revenue model. Sharing user data also benefits service providers; some
sell this information for a profit.
The erosion of privacy has become a barrier to adopting smart home devices. This
research proposes a privacy-preserving framework called a Privacy-Orientated
Distributed Data Storage for Smart Homes (PODDS-SH) framework that is aimed
at bridging the gap between upholding user privacy and the service provider's
need to access personal data by storing personal data under the user's control.
The PODDS-SH framework is derived and concluded from the literature review
conducted in this research, which suggests that different user types have varying
concerns when it comes to purchasing and using smart home technology. To
address the varying levels of concern, this research separated users into three
categories:
• Overly concerned: They do not want to share data with service
providers.
• Moderately concerned: They are comfortable sharing some data with
service providers.
• Not concerned: They are comfortable sharing all their data with
service providers.
iii
Prototypes of parts of the PODDS-SH framework's components were developed
as a proof-of-concept to verify the framework’s effectiveness and feasibility
practically.
The framework through a qualitative study and literature review identifies several
trends such as theoretical acceptance models and what would work for smart
home technology, and a look at what service providers are allowed to do in and
around user data collection, storage, processing and deletion from a legal and
ethical point of view, following legislation such as the General Data Protection
Regulation (GDPR) and its derivatives. The trends identified could be relevant in
establishing future privacy-preserving systems.