Assessment of Measurable Privacy for IoT Consumer Products


Jump to: navigation, search

Assessment of Measurable Privacy for IoT Consumer Products

by Christoffer Ramsvig Thambirajah
Supervisor(s) Josef.Noll, Elahe Fazeldehkordi
Due date 2019/05/05
Status Finished
Problem description: The Consumer Services of Norway (ForbrukerrÄdet) have established a report on privacy in Apps "App-Fail". In there they have found breach of privacy by apps. They identified a lack of "understandable privacy" as the main challenge. This thesis will
  • analysis of privacy of home IoT devices
  • starting from "privacy by design", and identifying input parameters for "privacy"
  • Adopt the multi-metrics methodology for converting input parameters of privacy into measurable privacy
  • suggestion for privacy classes, following the European energy labelling
  • provide at least two usage scenarios of devices/applications, e.g. sporting device ("speedometer") or child doll
  • criteria and evaluation of privacy labels
Methods and Tools: The tools and methods in this thesis are based on
  • A set of scenario, describing the challenges
  • A list of requirements being extracted from the scenarios
  • A description and evaluation of technologies and tools being candidates for solutions
  • A functional architecture/description of the envisaged system
  • An implementation of the core concepts
  • A demonstration of the solution
  • An evaluation of the solution, including a critical review of the descisions taken earlier
  • Conclusions
  • References
Time schedule The envisaged time schedule (for a long thesis/60 ECTS) is:
T0 0 starting month, T0+m denotes the month where the contribution to a certain chapter shalle be finalized
T0+2 months: create an initial page describing the scenario
T0+3: Provide a list of technologies which you think are necessary for the thesis
T0+4: Establish the table of content (TOC) of the envisaged thesis. Each section shall contain 3-10 keywords describing the content of that section
T0+7: Provide a draft of section 2 (scenario) and 3 (technologies)
T0+10: Establish a draft on what to implement/architecture
T0+11: Set-up an implementation, testing and evaluation plan
T0+15: Evaluate your solution based on a set of parameters, keep in mind there is no such thing as a free lunch
T0+17: Deliver the thesis
Pre-Knowledge This thesis has focus on methodology development. The envisaged thesis is based on security issues, thus expects the user to have followed at least two security-related courses
Approved Pending by
Keywords IoTSec, IoT, SCOTT, Privacy Label, GDPR

this page was created by Special:FormEdit/Thesis, and can be edited by Special:FormEdit/Thesis/Assessment of Measurable Privacy for IoT Consumer Products

The thesis has been delivered, and can be downloaded following the link:
Download the thesis paper.

Privacy Methodology.jpg

Meeting notes

Forsvarelse: uke 21: Ma 20Mai AM, ons 22PM, Tor/Fre






  • check also SCOTT Methodology for Privacy Label SCOTT:BB26.G



for the Essay, concentrate on 1.1,2.1,2.2, and 3.1

Title page, abstract, ...

1. Introduction, containing: short intro into the area, what is happening
1.1 Motivation, containing: what triggered me to write about what I'm writing about, what is the goal of the thesis (high-level/helicopter view)
1.2 Methods, containing: which methods are you using, how do you apply them
2. Scenario, optional chapter for explaining some use cases
2.1 user scenario, (bad name, needs something bedre): doll, puls watch (different transparency, configurability, thus privacy capabilities)
2.2 Requirements/Technological challenges: a) Privacy, b) measurability of privacy, c) translation/mapping from technical parameters, e.g. which data, which encryption to "privacy number" d) method for combining "privacy numbers", e) what does "privacy number" mean?
3. State-of-the art/Analysis of technology, structure your content after hardware/SW (or other domains). Describe which technologies might be used to answer the challenges, and how they can answer the challenges
3.1 Privacy by design
3.2 Multi-Metrics_analysis (MM)
3.3 ...
3.4 high level architecture (idea to protect privacy)
4. Implementation
4.1 what does privacy level A-F mean?
4.2 establish a typical functionality description of the data/information flow (from puls recording to cloud distribution)
4.3 Architecture, functionality: apply the Multi-Metric Approach (or other);MM approach is part of UNIK4750
5. Evaluation
Apply the method for two devices, e.g. doll, puls watch
6. Conclusions
Open issues and Questions: list all things you want to answer, questions....


Red line

Your thesis should have a "red line", which is visible throughout the whole thesis. This means you should mention in the beginning of each chapter how the chapter contributes to the "goals of the thesis". Thus, when writing the thesis

  • establish the TOC with keywords for each section.
  • describe in one sentence the expected outcome of each section
  • have one "chapter" named: not now/questions, where you put all stuff which is not relevant for the current writing process

Before you start writing, start with google or bing to get an overview over keywords in the area. When you have a foundation of words, use Microsoft Academics or Google Scholar for more detailed scientific articles.

Use of scientific methods

A thesis follows a standard method:

  • describe the problem (problemstilling)
  • extract the challenges. These challenges should be measurable, e.g. method is too slow to be useful to voice handover.
  • Analyse technology with respect to challenges. Don't write & repeat "everything" from a certain technology, concentrate on those parts (e.g. protocols) which are of importance for your problem


  • Wikipedia is good to use to get an overview on what is happening. But there is not scientific verification of Wikipedia, thus you should use wikipedia only in the introduction of a chapter (if you use text from wikipedia). Use scientific literature for your thesis.
  • Scientific library is "at your hand", you can get there directly from UiO: [[How to get access to IEEE, Springer and other scientific literature -> Unik/UiOLibrary]]
  • I suggest that references to web pages, e.g. OASIS, W3C standards, are given in a footnote. Only if you find white papers or other .pdf documents on a web page then you refer to them in the reference section.

Evaluation of own work

Perform an evaluation of your own work. Revisit the challenges and discuss in how you fulfilled them. Provide alternative solution and discuss what should be done (or what could have been done).