Big IoT Data Stream Analytics with Issues in Privacy and Security

Internet of Things (IoT) Devices are monitoring and controlling systems that interact with the physical world by collecting, processing and transmitting data using the internet. IoT devices include home automation systems, smart grid, transportation systems, medical devices, building controls, manufacturing and industrial control systems. With the increase in deployment of IoT devices, there will be a corresponding increase in the amount of data generated by these devices, therefore, resulting in the need of large scale data processing systems to process and extract information for efficient and impactful decision making that will improve quality of living. Analytics on data continuously generated from IoT devices may require a lifelong learning system that uses a feedback mechanism for adapting to changes in data over time. Our recent efforts extensively address various challenges in dynamic change detection and adaptation in various settings. In particular, we have developed frameworks for efficient drift detection and novel class adaptation on a single stream. We have also extended the framework in multi-stream setting using transfer learning techniques. Naturally, it is desirable to utilize the large amount of data generated from IoT devices in designing intelligent systems for making informed decisions in applications such as image recognition, activity detection, etc. But, concerns regarding data security and privacy is inevitable when sensitive information is involved. Particularly, distribution of sensitive data in a multiparty computation environment may carry a high risk of secrecy leakage or data misuse when its usage is not satisfactorily vetted. Moreover, sensitivity of intelligent systems to adversarial attacks may prevent large-scale deployment of these systems, thereby losing the advantages of a benign system. In this regard, we propose to develop a secure and scalable architecture that can efficiently perform big data analytics that are robust to adversarial attacks, while providing a cryptographically secure mechanism for preserving data privacy and security. Learning from our past experiences of addressing privacy issues on Intel SGX, a hardware-based cryptographically secure mechanism that provides confidentiality and data integrity, we aim to utilize our expertise in building this framework for addressing data security concerns from IoT devices. Intel SGX (Software Guard Extensions) is a set of instructions that allow developers to securely compute within an execution environment, called an Enclave, with the support of toolchains, programming abstractions and operating system. Hardware embedded cryptographically secure keys are used to encrypt code and data when outside an enclave, and decrypt it when within an enclave. A naive implementation of data analytics within this secure environment is known to be susceptible to side-channel attacks. Therefore, it is the developer's responsibility to preserve data privacy. Using appropriate algorithmic structures and execution sequence when computing within an enclave, developers can prevent information leak. We have developed efficient mechanisms that prevent such undesirable information leak that guarantee privacy.