The Internet of Things brings new ways to collect privacy-sensitive data from billions of devices. Well-tailored distributed ledger technologies (DLTs) can provide high transaction processing capacities to IoT devices in a decentralized fashion. However, privacy aspects are often neglected or unsatisfying, with a focus mainly on performance and security. In this paper, we introduce decentralized usage control mechanisms to empower IoT devices to control the data they generate. Usage control defines obligations, i.e., actions to be fulfilled to be granted access, and conditions on the system in addition to data dissemination control. The originality of this paper is to consider the usage control system as a component of distributed ledger networks, instead of an external tool. With this integration, both technologies work in synergy, benefiting their privacy, security and performance. We evaluated the performance improvements of integration using the IOTA technology, particularly suitable due to the participation of small devices in the consensus. The results of the tests on a private network show an approximate 90% decrease of the time needed for the UCS to push a transaction and make its access decision in the integrated setting, regardless of the number of nodes in the network.

翻译：物联网带来了从数十亿设备收集隐私敏感数据的新方式。精心设计的分布式账本技术（DLTs）能够以去中心化的方式为物联网设备提供高交易处理能力。然而，隐私方面往往被忽视或未能令人满意，主要关注点集中在性能和安全性上。本文提出了去中心化的使用控制机制，使物联网设备能够控制其生成的数据。使用控制定义了义务（即授予访问权限必须执行的操作）以及系统条件，此外还包括数据传播控制。本文的创新之处在于将使用控制系统视为分布式账本网络的一个组成部分，而非外部工具。通过这种集成，两种技术协同工作，提升了隐私、安全性和性能。我们利用IOTA技术评估了集成带来的性能提升，该技术特别适合小型设备参与共识。在私有网络上的测试结果表明，在集成设置中，无论网络中的节点数量如何，使用控制系统推送交易并做出访问决策所需的时间减少了约90%。