Data Privacy in Wearable IoT Devices: Anonymization and Deanonymization

Abstract

With the development of IoT devices, wearable devices are being used to record various types of information. Wearable IoT devices are attached to the user and can collect and transmit user data at all times along with a smartphone. In particular, sensitive information such as location information has an essential value in terms of privacy, and therefore some IoT devices implement data protection by introducing methods such as masking. However, masking can only protect privacy to a certain extent in logs having large numbers of recorded data. However, the effectiveness may decrease if we are linked with other information collected from within the device. Herein, a scenario-based case study on deanonymizing anonymized location information based on logs stored in wearable devices is described. As a result, we combined contextual and direct evidence from the collected information. It was possible to obtain the result in which the user could effectively identify the actual location. Through this study, not only can a deanonymized user location be identified but we can also confirm that cross-validation is possible even when dealing with modified GPS coordinates.