A privacy preservation framework for smart connected toys

Journal Title
Journal ISSN
Volume Title
Advances within the toy industry and interconnectedness have resulted in the rapid and pervasive development of Smart Connected Toys (SCTs), built to aid children in learning, socialization, and development. A SCT is a physical embodiment artifact that acts like a child user interface for toy computing services on Cloud. SCTs extend the capability of the traditional toy into a new area of computer research by incorporating the physical component of a traditional toy combined with networking and sensory capabilities of mobile devices using ubiquitous technologies. These SCTs are built as part of the Internet of Things (IoT) with the potential to collect terabytes of personal and play information; introducing ever-increasing privacy, and serious safety concerns for children. SCTs can gather data on the context of the child user’s physical activity state (e.g., walking, standing, running) and store personalized information (e.g., location and activity pattern) through a camera, microphone, Global Positioning System (GPS), and various sensors such as facial recognition or sound detection. Privacy concerns itself with the protection against the intrusion of someone’s defined space without explicit consent, in such a manner that the defined space is protected from intrusion, interference, and information access by a non-authorized entity. In addition to privacy and safety concerns, criminals using a child’s Personal Identifiable Information (PII) can create false identities to engage in a variety of financial frauds and other crimes. The challenge is, with so many SCTs in the market, how to develop a framework and techniques to protect the privacy of children’s data; and in the case where a privacy breach occurs (cybercrime), how to develop a digital forensic framework to analyze data on SCTs. This thesis surveys the cybersecurity and the privacy landscape of state-of-art emerging technology and development in SCTs; investigates technical and legislative related privacy issues in SCTs with functionalities that collect, process, and transmit PII; and presents a privacy preservation framework that will address privacy challenges within SCTs. In addition, this thesis develops a SCT digital forensic processing framework for privacy breach or crime-related investigation. The privacy preservation framework includes a context data model and a privacy-preserving data-modelling framework. The data context model is an abstract model that organizes elements of data and standardizes how they relate to one another and to properties of the related entities in SCTs based on eXtensible Markup Language (XML). The privacy preservation framework is depicted by Petri-Nets and will identify offensive (non-privacy compliant) content intended for storage or transmission, tag, classify, alerts, and secure delete content. The framework consists of four major components, including (1) Systematic Privacy Impact Assessment Table (SPIAT); (2) Privacy-Preserving Context Ontology (PPCO) Model; (3) SCT privacy preservation data model using Petri-Nets; (4) Empirical Study to support Petri-Nets model as one of the most promising tools to support data flow privacy; and (5) Case studies of SCT digital forensic investigation.
Privacy preservation framework, Toy computing, Security, Context data model, Smart connected toys (SCTs)