為了保護使用者的隱私 許多國家的政府機關要求物聯網服務提供者在蒐集使 用者資料前 必須先告知並取得使用者的同意 然而 許多既有的物聯網裝置可能 因為硬體上的限制而無法達成這樣的要求 因此 既有裝置符合需求的話物聯網服 務提供者可能得花大錢替換新的裝置才能達成 有鑑於此 本研究提出了一個讓物 聯網服務提供者能夠在不替換現有的物聯網裝置的情況下 向使用者呈現裝置的隱 私政策 並取得使用者的同意方法
在本研究的概念下 使用者不再直接存取物聯網裝置 而是透過閘道器進行存 取 而當使用者透過閘道器存取物聯網裝置時 閘道器會負責提供物聯網裝置的相 關隱私政策並且讓使用者表示是否同意 閘道器除了提供隱私政策 也可對使用者 存取物聯網裝置進行控管 當使用者不接受某物聯網裝置的相關隱私政策時 閘道 器會阻止使用者存取該物聯網裝置 本研究的概念中除了閘道器還包括一個物聯網 平台 讓使用者可以透過網際網路向閘道器傳送請求 透過物聯網平台向閘道器傳 送請求 使用者即使與閘道器位於不同的網路也可以取得閘道器的服務
本研究的另一個特色 就是在設計相關協定時 特別考慮到使用者或是閘道器 連接到網際網路時有可能經過網路位址轉換 因為經過網路位址轉換的區域網路可 能會造成外部伺服器無法連接到位於區域網路內的閘道器或使用者 為了解決此問 題 本研究在協定的設計上皆由閘道器或使用者發起請求 而物聯網平台則將訊息 置於請求的回覆中 如此一來 閘道器管理者在設置閘道器時可以省下額外的網路 設定 減少部署閘道器的成本

To protect user privacy, several governmental agencies around the world have declared that service providers should obtain user consent before collecting their data. However, many existing IoT devices deployed by service providers may not be able to comply with such re- quests. To prevent IoT service providers from having to replace existing IoT devices with new ones, this study purposes an solution to enable IoT service providers to present privacy policies to users and obtain their consent.
This study leverages a gateway between the user and the IoT device. Users will connect to IoT devices through the gateway instead of connecting directly with IoT devices. The gate- way will be able to present the privacy policies of the IoT devices on the service provider’s behalf and ask the user for his consent. The gateway will also be able to perform access con- trol management, in cases where the users declines the associated privacy policies of a IoT device the gateway may deny the user access to the IoT device. There will also be an IoT platform that will allow users to send requests to the gateway from different networks. This enables users to obtain service from the gateway even if the user is in a different network and cannot connect to the gateway.
This study acknowledges that the gateway or the user will usually pass through NAT when connecting to the internet, this makes it difficult for servers in the cloud to transmit messages to the gateway or user. To overcome this problem, this study designed the pro- tocols so that the gateway or the user will always be the one to initiate the communication. Messages from the IoT platform will always be attached to the response to a request by the user or gateway. Therefore, the gateway administrator will not have to perform extra network configurations when setting up the gateway.

[1] ”German parents told to destroy Cayla dolls over hacking fears” [online]. Available: http://www.bbc.com/news/world-europe-39002142 (Accessed: July, 2017)
[2] ”A human-centric trust model for the Internet of Things” [online]. Avail- able: https:// www.oreilly.com/ learning/ a-human-centric-trust-model-for-the-internet- of-things (Accessed: July, 2017).
[3] ”Gartner Says 8.4 Billion Connected ”Things” Will Be in Use in 2017, Up 31 Percent From 2016” [online]. Available: http://www.gartner.com/newsroom/id/3598917 (Ac- cessed: July, 2017).
[4] ”Report on Workshop on Security & Privacy in IoT,” European Commission, 2017.
[5] EU Article 29 Data Protection Working Party, Opinion 8/2014 on the on recent devel-
opments on the internet of things, European Commission, 2014.
[6] US Federal Trade Commission, The Internet of Things: Privacy and Security in a Con- nected World, ser. Federal Trade Commission staff reports. DIANE Publishing Com- pany, 2015.
[7] 個 人 資 料 保 護 法 [online]. Available: http:// law.moj.gov.tw/ LawClass/ LawAll.aspx?PCode=I0050021 (Accessed: July, 2017)
[8] Arijit Ukil, Soma Bandyopadhyay, Joel Joseph, Vijayanand Banahatti, and Sachin Lodha. 2012. Negotiation-based privacy preservation scheme in internet of things plat- form. In Proceedings of the First International Conference on Security of Internet of Things (SecurIT ’12). ACM, New York, NY, USA, 75-84.
[9] Fawaz K, Kim K-H, Shin KG, Protecting Privacy of BLE Device Users in Proc. of 25th USENIX Security Symposium(USENIX Security 16), Austin, TX, August 2016, pp 1205 1221.
[10] Y. Yang; L. Wu; G. Yin; L. Li; H. Zhao, ”A Survey on Security and Privacy Issues in Internet-of-Things,” in IEEE Internet of Things Journal , vol.PP, no.99, pp.1-1 doi: 10.1109/JIOT.2017.2694844
[11] S. Kraijak and P. Tuwanut, ”A survey on IoT architectures, protocols, applications, se- curity, privacy, real-world implementation and future trends,” 11th International Con- ference on Wireless Communications, Networking and Mobile Computing (WiCOM 2015), Shanghai, 2015, pp. 1-6. doi: 10.1049/cp.2015.0714
[12] Richard Chow. 2015. IoT Privacy: Can We Regain Control?. In Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security (IH&MMSec ’15). ACM, New York, NY, USA, 3-3. DOI: http://dx.doi.org/10.1145/2756601.2756623
[13] P. Pappachan et al., ”Towards Privacy-Aware Smart Buildings: Capturing, Communi- cating, and Enforcing Privacy Policies and Preferences,” 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW), Atlanta, GA, USA, 2017, pp. 193-198. doi: 10.1109/ICDCSW.2017.52