A Comprehensive Analysis of Privacy-Preserving Solutions Developed for IoT-Based Systems and Applications

Majeed, Abdul; Patni, Sakshi; Hwang, Seong Oun

doi:10.3390/electronics14112106

Open AccessReview

A Comprehensive Analysis of Privacy-Preserving Solutions Developed for IoT-Based Systems and Applications

by

Abdul Majeed

^1,*

,

Sakshi Patni

^2,3

and

Seong Oun Hwang

^1,*

¹

Department of Computer Engineering, Gachon University, Seongnam 13120, Republic of Korea

²

Department of Computing, Gachon University, Seongnam 13120, Republic of Korea

³

Department of Computer Applications, Panipat Institute of Engineering & Technology, Panipat 132102, India

^*

Authors to whom correspondence should be addressed.

Electronics 2025, 14(11), 2106; https://doi.org/10.3390/electronics14112106

Submission received: 10 April 2025 / Revised: 17 May 2025 / Accepted: 19 May 2025 / Published: 22 May 2025

(This article belongs to the Special Issue Navigating the Digital Age: Security, Ethics and Trust in Emerging Technologies)

Download

Browse Figures

Versions Notes

Abstract

:

In recent years, a large number of Internet of Things (IoT)-based products, solutions, and services have emerged from the industry to enter the marketplace, improving the quality of service. With the wide adoption of IoT-based systems/applications in real scenarios, the privacy preservation (PP) topic has garnered significant attention from both academia and industry; as a result, many PP solutions have been developed, tailored to IoT-based systems/applications. This paper provides an in-depth analysis of state-of-the-art (SOTA) PP solutions recently developed for IoT-based systems and applications. We delve into SOTA PP methods that preserve IoT data privacy and categorize them into two scenarios: on-device and cloud computing. We categorize the existing PP solutions into privacy-by-design (PbD), such as federated learning (FL) and split learning (SL), and privacy engineering solutions (PESs), such as differential privacy (DP) and anonymization, and we map them to IoT-driven applications/systems. We further summarize the latest SOTA methods that employ multiple PP techniques like

ϵ

-DP + anonymization or

ϵ

-DP + blockchain + FL (rather than employing just one) to preserve IoT data privacy in both PES and PbD categories. Lastly, we highlight quantum-based methods devised to enhance the security and/or privacy of IoT data in real-world scenarios. We discuss the status of current research in PP techniques for IoT data within the scope established for this paper, along with opportunities for further research and development. To the best of our knowledge, this is the first work that provides comprehensive knowledge about PP topics centered on the IoT, and which can provide a solid foundation for future research.

Keywords:

anonymization; blockchain; Internet of Things; privacy-preserving methods; IoT data; federated learning; differential privacy; split learning; on-device IoT analytic

1. Introduction

The Internet of Things (IoT) is a cutting-edge paradigm that links many electronic devices and gadgets to a smart network via the Internet, using advanced communications systems to ensure reliable and seamless connectivity. This massive integration of devices and network systems enables the generation and/or gathering of data from wearables and other sensors, actuating tools, and computing devices, unlocking a world of enormous possibilities [1,2]. The IoT is one of the main pillars of Industry 5.0, which enables the seamless merging of digital and physical domains [3]. Due to widespread adoption and extensive deployment, the global IoT market, which was less than a thousand dollars (i.e., USD 970) in 2022, is expected to reach USD 2.227 trillion by 2028 [4]. There are numerous applications of the IoT in many sectors, and the umbrella for IoT-based systems and applications is expanding at astonishing speed [5].The number of IoT devices with diverse capabilities is rapidly increasing, and the current 25 billion devices interconnected by IoT systems have been predicted to grow by about 60 billion by the year 2025 [6]. Furthermore, applications of the IoT in some areas (such as healthcare) are growing in large numbers with each passing day. In the health area, the IoT can be used to monitor vital signs [7] and for virtual health monitoring [8], infectious disease prediction [9], medical resource optimization [10], medical data analytics [11], secure and efficient diagnosis [12], etc.

Due to the huge popularity of IoT systems/applications, a wide variety of topics have been researched, such as trust management [13], service scenario enhancement [14], data analytics [15], collaborative learning [16], data collection from diverse sources [17,18], data integrity protection [19], edge AI or edge intelligence [20], secure communications and authentication protocol development [21,22,23], IoT device security [24], threat and vulnerability detection in IoT environments [25], computing and communications overhead reduction [26], web service data analytics [27], service quality enhancement [28], and dataset creation [29], to name just a few. Despite these topics/areas, privacy protection in the IoT environment has been extensively investigated in recent years due to the extensive deployment of IoT devices and our dependence on digital tools. According to an IBM report, losses due to corporate data leakages in 2021 reached USD 4.35 million, which was the highest figure in the past 17 years [30]. Privacy protection in IoT systems and applications is very challenging due to greater data mobility and the collection of a broad array of information. To preserve privacy, a wide range of methods has been developed to protect the data generated from IoT devices as well as the data stored on cloud platforms.

A lot of survey papers have been published centering on IoT data privacy. Chanal and Kakkasageri [31] discussed confidentiality, integrity, availability, and authentication in IoT environments. Rasool et al. [32] discussed privacy and security issues in the Internet of Medical Things (IoMT) environment along with potential threats. Barua et al. [33] explored various vulnerabilities in the Bluetooth low-energy protocol, which is widely used in IoT environments, and presented various vulnerabilities, impacts, and mitigation techniques. Siraparapu and Azad [34] highlighted the importance of secure devices and networks needed to navigate the higher complexities of IoT environments. Adam et al. [35] highlighted recent advancements in protecting the privacy of sensitive data in IoT environments. Their study provides insight into three interrelated aspects (security, privacy, and trust) in IoT systems. Recently, privacy and security challenges have been discussed when IoT-based systems are used in start-ups [36]. A state-of-the-art (SOTA) review to navigate the complex privacy-aware landscape of the IoT personal data store was offered by Pinto et al. [37]. We affirm the contributions of the above-cited surveys; however, comprehensive knowledge concerning privacy from diverse viewpoints was not covered in previous surveys. Furthermore, hybrid methods to navigate the complex landscape of privacy challenges in IoT environments were not adequately discussed. To bridge this gap, we present a comprehensive analysis of diverse privacy-preserving (PP) solutions developed for IoT-based applications/systems. Our major contributions are as follows.

We explore recent SOTA methods that have been developed to safeguard the privacy of sensitive IoT data in two different settings. Specifically, we identify and categorize those PP methods into two settings: on-device (OD) and cloud computing (CC).
We categorize existing PP solutions into two broad categories: privacy-by-design (PbD) and privacy engineering solutions (PESs), and we map them to IoT-driven applications/systems. To the best of the authors’ knowledge, this is the first work that introduces this categorization of PES and PbD methods in the IoT domain.
We summarize the findings of the latest SOTA methods that employ multiple PP techniques ( $ϵ$ -DP + anonymization, DP + blockchain + FL, etc.) rather than employing just one to preserve IoT data privacy. These methods are in huge demand when it comes to navigating the complex landscape of IoT data privacy while fulfilling the demand for analytics in the modern era.
We highlight quantum-based methods devised to enhance the security and privacy of IoT data in real-world scenarios, along with details of their methodologies.
We discuss the current status of PP in IoT data within the scope established for this paper, along with potential opportunities for future research and developments.
To the best of our knowledge, this is the first work to provide comprehensive knowledge about PP topics centered on the IoT, and the insights garnered from this survey provide a valuable resource for researchers and practitioners in developing next-generation robust PP methods for IoT data.

The rest of this paper is structured as follows. Section 2 discusses the preliminaries and background of the topics presented in this paper. Section 3 explains the methodology adopted in performing our systematic analysis of the literature. The SOTA approaches that are used to preserve the privacy of IoT data in OD and CC settings are given in Section 4. The privacy-by-design and privacy engineering solutions centered on the IoT data privacy are discussed in Section 5. Synergized methods to offer stringent privacy guarantees are summarized in Section 6, and quantum-based PP methods for IoT data privacy protection are discussed in Section 7. The lessons learned from this work, challenges, and promising directions for future research, are given in Section 8, and we conclude the paper in Section 9.

2. Preliminaries and Background

Owing to the advancements in Internet and communications technologies, an IoT system can collect diverse types of data and transfer it to the cloud for analytics and/or mining tasks. In the typical IoT system, there can be N devices of similar or dissimilar types that aggregate data from the underlying environments. IoT systems can be designed for real-time services or offline analytics, depending upon the scenario. In the former, the analytics time is relatively short and results can be derived in a few seconds [38]. In the latter, data are first aggregated in the cloud, and obtaining results can take a few hours [39]. However, many optimized techniques can significantly reduce the computing overhead and analytics time [40]. With the advent of IoT systems, machine-to-machine and human-to-machine interactions have become possible, and many IoT-based systems/applications are serving humans in various ways.

2.1. Technologies Originating from the IoT Paradigm/Concept

Recently, the IoT has been integrated with numerous other technologies to extend service scenarios as well as to secure IoT data from adversaries or malicious uses [41,42,43,44]. Figure 1 depicts eight famous technologies that originate from the IoT concept/paradigm.

Apart from these technologies, numerous other concepts and technologies have resulted from the IoT, such as mobile IoT applications, the clinical IoT, drones, multimedia, and the industrial IoT.

2.2. Four Main Components of IoT Systems

Figure 2 presents a generic IoT system having four crucial components (https://data-flair.training/blogs/how-iot-works/, accessed on: 22 March 2025): sensors and/or devices, network connectivity, computing and processing, and the user interface (downstream services).

The first component includes various sensors and/or devices that assist in aggregating minute data from the deployed environment. For example, a temperature sensor might acquire readings from the underlying environment. The data collected from these devices (ranging from a tiny temperature-monitoring sensor or a CCTV producing a complex, full video feed) can have distinct degrees of complexity. In some cases, a single device may capture data of different types or modalities. For instance, mobile phones have diverse types of sensors (cameras, a GPS, an accelerometer, etc.) that can collect data of different types. Hence, the role of this particular component is to aggregate data from the underlying environment/setting. This particular task is accomplished either using multiple devices or a stand-alone sensor. The second component encompasses the communications and transport devices (e.g., satellite networks, cellular networks, Wi-Fi, wide area networks, or Bluetooth) that assist in sending/transporting the collected data from sensors and/or devices to the cloud/edge infrastructure for analytics. However, it is vital to choose the best communication and transport devices for reliable data transmission without impacting the quality of service (QoS) [45].

The third component performs analytics on the collected data at either the edge/fog layer or in the cloud. In some applications, the response is required in a short time, which cannot be provided through cloud architectures due to the massive number of devices and/or other constraints, like power levels. In addition, the data generated and processed might need to be sent to the cloud for computing/processing, and it might take a long time to respond, which might affect end-user experience or QoS [46]. Edge/fog computing is suitable for time-sensitive applications because a response can be generated in a short time. In contrast, cloud-based systems are suitable when a response in a relatively longer time is acceptable. The fourth component delivers the information to the end user via dashboard and/or mobile phone [47]. This can be accomplished by triggering alerts or notifications through text messages or email. In some cases, users can tune the settings of the access control or other machines from the web interfaces according to their needs.

2.3. Three Types of IoT Architecture

Due to higher ubiquity and real-time experiences, most organizations are making the transition from a conventional enterprise information system (EIS) to IoT-powered systems/applications. In these systems, a huge amount of data is collected and stored in the organization’s databases for downstream analytical tasks. In some cases, the capabilities of cloud computing are utilized to store collected data, and services are delivered to end users seamlessly. In some cases, cloud computing and the EIS jointly perform analytics on the data collected from different devices and/or things. Figure 3 presents three widely used types of IoT architecture.

The first type of architecture offers legacy system integration, real-time services, data mobility, and visibility. The second type of architecture ensures scalability, real-time services, data mobility, and visibility. The third type of architecture ensures legacy system integration, scalability, real-time services, data mobility, and visibility. Further insight into the developments for each architecture, along with their challenges, was given in [48]. Of late, many enterprises are integrating an edge or fog computing architecture to expand services (or the application stack).

2.4. Key Pillars of the IoT

IoT systems encompass a large number of devices to collect heterogeneous data to provide diverse services to end users. They have seven major functional pillars to serve users, as shown in Figure 4. Each pillar has a unique role in IoT systems. For example, the first pillar collects data of diverse types from the underlying environments/settings with the help of sensors, wearable devices, and actuators. IoT sensors and actuators can be chemical, acoustic, pressure, thermal, biological, RFID tags, etc. [49]. The computation pillar facilitates data management, mobility, and knowledge discovery, and the security pillar protects the devices, communications protocols, and services from unauthorized access and/or modification. Further insight into each pillar can be gained from [50]. Due to the versatility of IoT systems, various tools and applications are integrated into each pillar. For example, to accelerate analytics results, fog/cloud computing is integrated with the computation tools pillar. Similarly, to offer better security and privacy, different techniques, including encryption, blockchain, differential privacy, and zero-knowledge proofs (ZKPs) are used in IoT systems.

2.5. High-Impact Applications of the IoT in Diverse Sectors

In recent years, the IoT application’s umbrella has expanded to encompass diverse sectors such as medicine, smart cities, surveillance, and agriculture. Figure 5 presents high-impact applications of the IoT in six sectors. In the medical sector, IoT systems can help monitor patients and achieve early diagnosis of diseases. In the agriculture sector, they can be used to monitor the health of plants as well as analyze crop yield. In industry, they can be used for industrial output monitoring and predictive maintenance. Apart from these sectors, IoT systems have potential applications in other sectors, such as smart cities, retail, and transportation. In smart cities, they can monitor water sanitization and identify illegal construction. In the retail sector, they can be used for recommendations by capturing data with CCTV cameras and analyzing it with AI techniques. In smart homes, they can monitor elderly patients’ health. In transportation, they can monitor traffic flow, spot illegal parking, and be used for freight management. In summary, IoT-based systems have diverse applications in each sector, and the array of IoT-based applications is rapidly expanding. Owing to the rapid advancements in AI models and computing resources, the application of IoT-based systems is expanding and creating a big impact on human lives [51,52]. Rapid advancements in real-time data processing and analysis are key enablers behind the success of IoT applications in diverse sectors.

3. Review Methodology

In this paper, we conducted an in-depth review to solicit and retrieve SOTA articles for accurate, reliable, and complete conclusions. We applied a systematic approach to find relevant papers from credible databases. We conducted this comprehensive survey by adopting the PRISMA method, which assists in identifying, evaluating, and synthesizing closely relevant studies about specific research questions and/or topics. This review focuses on the research questions below.

What are the two practical settings followed in the IoT domain in real-world applications, and what privacy-preserving methods exist for each setting?
What is the difference between the two types of privacy methods (PES and PbD) adopted in digital environments for privacy preservation, and what is the status of current developments in those two methods in the context of the IoT domain?
What are the different privacy-preserving methods that have been synergized within the PES and PbD categories in order to provide privacy guarantees, and what are the key purposes of these ever-increasing synergies?
What are the different privacy-preserving methods that have been integrated in PES and PbD in order to provide privacy guarantees, and what are the scenarios in which these integrations have been made?
How are the recent developments in quantum-based PP methods affecting the IoT domain, and what kinds of problems can likely be resolved with such methods?
What are the key opportunities associated with advancing the privacy status of the IoT environment in the future in relation to what has been researched already?

In this work, we provide systematic and extensive coverage of the privacy-preserving methods used in the IoT domain in order to help researchers and developers understand recent advancements in IoT privacy preservation and its related topics. To achieve this key goal, we performed an extensive analysis of relevant SOTA studies that provide robust privacy guarantees and that were published in reliable venues.

Scientific databases consulted and the selection criteria: The research articles included in this review were gathered from various scientific databases, including IEEE Explore, the ACM Digital Library, Springer, MDPI, Science Direct, Scopus, and the Web of Science. The main reasons for considering these databases were higher credibility w.r.t. academic integrity, and the availability of various articles related to the scope of this review. To transparently and accurately report the contents and findings of prior studies, we selected peer-reviewed journals, top-tier conferences, technical magazines, and a few highly cited arXiv papers. It is worth noting that arXiv is not a widely used database for reviews, so we chose very few papers from it based on relevance and from exploring citations in the articles we considered from our primary databases in order to cover certain contexts. While selecting papers, we ensured that most of them were in English and that the full text (or metadata) of each paper was easily accessible. Through this systematic method, we ensured that relevant, high-quality, SOTA, and recently published articles were selected.

Query approach: We queried relevant studies for this paper from Google Scholar and the search functions available in the above-mentioned databases. We also applied publication year, language, and full-text search criteria to retrieve recent and relevant studies. We performed backward and forward searches of citations in highly cited papers to identify relevant studies for analysis and inclusion in our review. We used different keywords to find relevant studies for our research questions. For example, the main search keywords for identifying studies related to developments in Section 4 were “privacy preservation in IoT”, combined with (AND) “on-device setting/cloud setting” and OR “(the application name) (e.g., activity recognition, analytics, healthcare)”. We also used privacy attacks as well as privacy technique names combined with IoT to search relevant studies: ((IoT) AND (privacy disclosure OR inference attacks OR sensitive data leakage OR inference of sensor readings OR identity disclosure) AND (differential privacy OR anonymization OR secure multi-party computation OR blockchain OR federated learning OR split learning OR synthetic data)). We also used the related article function from Google Scholar to find papers that belong to the same category. To find relevant literature for PES and PbD methods, we used “IoT” combined with the name of the PP method. To find related literature for a hybrid method, we used “IoT” combined with the name of two or more privacy technologies that were combined to achieve privacy in an IoT setting. Similarly, we found relevant studies for quantum-based privacy aspects by using the quantum technique’s name, such as quantum key distribution (QKD) or quantum-based privacy, combined with “IoT” as the query. We also searched some papers by combining the words survey, review, or perspective with IoT to cover deep knowledge about established concepts in the field. Lastly, we used performance objective names such as privacy protection with reduced overhead, privacy and utility optimization, privacy and latency reduction, etc., to find related papers. The systematic process utilized to select relevant studies is illustrated in Figure 6.

Exclusion and inclusion criteria: As shown in Figure 6, we systematically chose different studies to be included in our review, and excluded those that were either redundant or lacked detailed experimental and/or methodological descriptions. In the initial assessment, we excluded studies that do not closely align with the scope of this paper by carefully checking the titles and abstracts. We also removed papers that were not written in English. In the final assessment, we excluded studies that focus on narrow areas like IoT use in agriculture (or in vehicular networks) or that discuss outdated topics (e.g., device specification privacy or device structure) with minor modifications in the methodologies. We excluded papers for which either the full text or the metadata were unavailable. We also excluded some papers that only discuss general IoT services without privacy aspects. Our selection process initially identified 1205 publications. The above-stated exclusion criteria ensured the relevance and quality of the selected studies, with types such as book chapters, books, low-tier conference papers, letters, and retracted studies being removed from inclusion. Lastly, only journal or top-tier conference articles and reviews/surveys published in English were retained. Only recent studies that have empirical results and are accessible in full text were included in the paper. Specifically, studies that devised PP methods in order to resolve the problem of data privacy in IoT systems/applications were included in our study. This systematic process resulted in a final dataset for analysis encompassing 256 publications. As shown in Figure 6, about 497; 208, and 303 studies were excluded at the identification, screening, and eligibility stage, respectively.

Threats to validity and their mitigation: Two key threats related to the validity of our review are (i) search bias and (ii) quality assessment bias, which can undermine the reliability and completeness of the findings. The former can occur due to two issues: incomplete searches, or searching only some reputable sources. This can result in the exclusion of papers that were published in lower-tier venues. The latter threat is related to criteria employed in assessing the suitability of studies for inclusion or exclusion (bias, lack of clarity, etc.). To address both threats, we included studies from diverse databases and used techniques like snowballing from [53] to prevent search bias. To mitigate the second threat, we evaluated each study’s full text, and examined the methodological and experimental details. We adopted other techniques (e.g., establishing a checklist in terms of questions and scoring each study) from [53] to prevent bias related to quality assessment and to exclude low-quality/irrelevant papers. We analyzed the relevance of each study by carefully contrasting each paper with the objectives and/or scope of our review. Based on the above analysis, it is fair to say that threats to validity were effectively mitigated, and the findings and conclusions are reliable and complete.

4. Privacy-Preserving Methods for Two IoT Settings

In this section, we describe privacy-preserving methods developed for on-device and cloud-based IoT systems. Both settings provide numerous services to end users, such as medical care, recommendations, environment condition monitoring, localization and tracking, and activity analysis. We illustrate both these settings in Figure 7. In the on-device setting, the data rarely move from device to cloud, and most of the computations are executed locally, as shown in Figure 7b. However, minimal support to execute compute-intensive operations or model updates is provided by back-end servers/coordinators in some scenarios. In addition, minimal generic or formatted data are shared with back-end servers/coordinators in order to serve more users or to resolve latency issues [54]. Due to the widespread use of mobile phones and other wearable devices, on-device services (including AI-based) are on the rise [55]. A practical example of such a system processing data locally is skin cancer recognition [56]. In the cloud setting, data are collected from sensors and/or devices and transferred to cloud servers for further analysis, as shown in Figure 7a. An example is skin health monitoring by using a cloud-enabled IoT [57]. The on-device setting shown in Figure 7b provides better privacy because data are mostly processed on a device, and network connectivity is not required in some cases. However, an attacker can sometimes exploit loopholes in AI models or other configuration files to compromise user privacy [58]. In contrast, the cloud-based IoT has been widely criticized for poor privacy guarantees because data are always aggregated at a central server [59]. To address privacy issues in both settings, wide arrays of solutions have been developed, ranging from conventional anonymization to sophisticated obfuscation.

Next, we analyze the SOTA privacy-preserving methods that have been developed for the above two IoT settings. The analysis in this section can assist in understanding recent developments for privacy preservation in IoT settings. Table 1 contrasts the recently developed SOTA privacy-preserving solutions for on-device and cloud-based IoT settings. We analyze and compare the solutions based on four parameters (techniques used, strengths, weaknesses, and applications). In the on-device setting, most of the methods execute privacy-preserving methods on devices, but with minimal support from the edge/cloud. In contrast, the privacy-preserving methods used in the other setting are mostly executed in the cloud. In some cases, stringent privacy requirements are satisfied through the execution of privacy-preserving methods on edge devices as well as in the cloud [60,61]. In some scenarios, privacy is preserved merely by keeping data on the devices and executing some operations locally [62,63]. In some cases, more than one server is employed to better protect the privacy of the data originating from IoT devices [64,65]. In some studies, two- or three-layer privacy solutions are suggested to protect data from adversaries [66]. However, as more devices are connected, and because IoT-based systems are deployed in real-world settings, privacy protection is still challenging [67]. In the future, more robust and practical privacy-preserving methods will be required for all sorts of privacy issues.

From an in-depth analysis of the published literature, we found that privacy-preserving methods for on-device settings are relatively few compared to the cloud-based setting. However, the trend towards serverless computing is increasing, and more and more AI models are deployed on cellphones [90,91]; therefore, more developments are expected in the on-device IoT setting. For privacy protection, different techniques such as DP, anonymization, encryption, secure computing, obfuscation, and randomizing have been used. In the on-device setting, lightweight operations such as randomization, reformatting, and data reduction have been applied. In contrast, more complex techniques such as encryption, anonymization, DP, and hybrid solutions have been applied in the cloud-based setting. Most techniques provide the desired privacy guarantees in related scenarios and/or domains. However, there are certain performance objectives and/or overhead issues in each method, as noted in Table 1. From an application’s point of view, each solution provides robust privacy guarantees in either application-specific or generic scenarios. The analysis in Table 1 can pave the way to understanding two practical IoT settings and the privacy-preserving solutions developed for each setting.

From the analysis in Table 1, it can be observed that some methods yield better results than others. The main reason for the performance disparity is the difference in objective, proposed methodology, and evaluation datasets. Furthermore, some methods are attack-specific and therefore yield better performance against respective attacks only. In addition, some methods make use of optimization strategies such as noise optimization in DP or lightweight operations to yield better performance in both IoT settings. In terms of utility and privacy trade-off, only a few methods resolve this critical issue, while most methods optimize one metric at the expense of another. In some methods, the use of small

ϵ

yielded better privacy but very poor utility. Furthermore, some methods sustained utility alongside privacy by carefully determining the noise or classifying data into sensitive and non-sensitive parts. In all methods, the computing overheads rise with the increase in data size or complex mathematical operations, yielding poor scalability. There are only a few methods that maintain the balance between performance objectives (e.g., privacy/utility) and computational overheads. Additionally, some methods make use of the encryption technique, which can lead to poor scalability with the increase in data size. Lastly, most methods lack real-world applicability, as the implementation was carried out in the form of test beds or static datasets. Most methods can encounter many configurations and implementation issues in real IoT environments. In the future, it is vital to develop practical and lightweight methods that can maintain the balance between different kinds of trade-offs while offering seamless privacy guarantees against modern-day attacks.

5. Privacy-by-Design and Privacy Engineering Solutions for IoT Data

In this section, we identify and summarize the findings from the two different types of privacy-preserving solutions for IoT data, namely privacy-by-design and privacy engineering solutions. In the former, the data are not accessed, and instead, the model is trained collaboratively. An example of such a solution is federated learning, where data are not accessed, but knowledge is acquired from all clients (that is, devices from the IoT) [92,93]. In contrast, the data are accessed in raw form and shared for analytics after applying the necessary protection in privacy engineering solutions. An example of such a solution is anonymization and DP, which are applied to data collected from IoT devices and shared for downstream tasks [94]. Further information regarding these solutions (along with examples) can be found in our previous work [95]. In some scenarios, both solutions have been used jointly to meet strict privacy requirements [96]. In this work, we focus on the efficacy of both solutions in terms of privacy preservation in IoT settings/environments. We demonstrate both settings in Figure 8, in which (a) and (b) show PES and PbD, respectively.

In recent years, both solutions have been extensively used in IoT environments to protect the privacy of both the data and the models while allowing knowledge extraction [97,98]. In this work, we identify and summarize the findings of both solutions to highlight recent developments in the IoT domain. To the best of our knowledge, developments for both of these methods in a categorized form are not found in the current literature. Table 2 and Table 3 summarize the recent SOTA PES for IoT settings. Specifically, we put the solutions into five broad categories and summarize the findings of different studies in each category. In Table 2 and Table 3, observe that many privacy-preserving solutions have been proposed for IoT environments. In this analysis, we provide information about data modality along with the strengths and weaknesses of each approach. The analysis in Table 2 and Table 3 contribute to understanding the latest developments for privacy protection in diverse IoT systems and applications. Note that there are hybrid methods in each category, which we thoroughly cover in the next section.

From the analysis in Table 2 and Table 3, it can be observed that some methods yield better results than others due to differences in anonymity/privacy operations, # of steps in the methodology, and evaluation datasets/metrics. For example, most methods in the anonymization category employ clustering operations to cluster similar users/records, thereby reducing the information loss. In these methods, privacy can be compromised particularly when the sensitive information has the least diversity. These methods cannot effectively resolve the trade-off between privacy and utility owing to more changes in the data via pre-built generalization taxonomies. Conversely, the computing complexity is not very high in these methods due to simple operations (e.g., data transformations). However, some steps, such as clustering of the data, can lead to higher overheads when the data size is large. These methods lack real-time applicability, as they provide resilience against a limited array of privacy attacks. In contrast, DP-based methods can offer robust privacy guarantees. However, the small value of

ϵ

can degrade utility, and therefore, many optimization strategies have been developed to optimize the

ϵ

to resolve the privacy–utility trade-off. Moreover, it is still very challenging to yield better utility while adopting DP-based methods in realistic scenarios. The computing complexity of the DP-based method also rises with the dimensions of the data. DP has been widely used in real-time settings as well as in offline scenarios.

The encryption-based methods are usually slow but offer better privacy guarantees at the expense of utility. These methods have been widely used in data transfer from IoT devices to cloud servers without compromising privacy. Recently, some encryption-based methods allow knowledge discovery even from ciphertexts, leading to the optimization of the privacy–utility trade-off. The encryption-based methods have poor scalability owing to complex mathematical operations. However, the recent lightweight encryption methods have resolved these issues to some extent. The computing complexity of these methods can rapidly rise with the data size or key size, offering poor scalability. These methods have higher real-time applicability, particularly in data transfer. Blockchain-based methods offer better data privacy but are very computationally expensive. The utility of these methods depends on the downstream tasks. The computing complexity of this method can also rise with the participant as well as the number of transactions/interactions. It has higher real-time applicability owing to the CIA (confidentiality, integrity, and availability) triad. SMC has emerged as one of the PP methods involving multiple parties. However, the use of complex operations (e.g., encryption, masking, etc.) makes this technique computationally expensive. Furthermore, data underwent various splits and shares, and therefore, the utility can be low. However, optimized techniques like protocol choice, precision tuning, and carefully crafted noise can contribute to lowering the utility loss. The computing complexity in SMC can also rise with the data size and partitions. Finally, most techniques have not been tested with real IoT data, and therefore, some deployment/configuration issues can likely emerge in most of these methods in real settings.

The PES facilitates diverse types of objectives such as IoT data sharing/analytics, answering queries, pattern extraction, secondary use of IoT data for diverse purposes, training ML models, etc., in a privacy-preserving way. As stated earlier, in these solutions, raw data are usually aggregated at some central place and PP mechanisms are accordingly applied. In recent years, many customized PESs have been developed to extract meaningful knowledge from IoT data without losing guarantees of privacy. Zhang et al. [99] recently developed an adaptive method based on DP to facilitate data sharing in IoMT environments. The proposed method enables query execution on the data that are aggregated from IoT devices while optimizing the trade-off between utility and computational efficiency. Islam et al. [100] developed a practical framework to prevent privacy leakage in queries by adding a carefully determined noise via the DP model for data sharing in IoT systems. The proposed framework secures IoT data by jointly using the DP and blockchain while restraining higher perturbations in the data. To further clarify the use of PES in IoT, we demonstrate the workflow of DP in IoT data sharing/analytics in Figure 9. As shown in Figure 9, IoT device data are collected at some central place first, followed by the DP application (in some cases, users can give some privacy preferences regarding their data processing, which is also taken into account while perturbing data) to make it accessible for the data analyst. It is worth noting that data analysts will obtain noisy answers in the case of query and perturbed data instead of real data in data access cases, thereby preserving the privacy of IoT data.

Table 2. Analysis of the SOTA privacy engineering solutions for IoT settings/environments.

Technique	Method	Strength(s)	Weakness(es)	Data Modality	Study
Anonymization	K-VARP	Reduced information loss	Cannot apply to fewer tuples	Table	Otgon et al. [101]
	k-A clustering	Processing of hybrid data	Leaks privacy in skewed data	Table	Nasab et al. [102]
	Clustering-based k-A + $α$ D-A	End-to-end privacy guarantees	Higher utility loss	Table	Onesimu et al. [103]
	$(a, k)$ -anonymity model	Privacy protection in CS setting	Cannot be used on skewed data	Table	Li et al. [104]
	$θ$ -sensitive k-anonymity	Protection against SVA and CSA	Higher noise for gain in diversity	Table	Khan et al. [105]
	Pk-A and temporal DP	Hybrid solution for IoT data	Limited applicability	Time series	Guo et al. [106]
	k-A + clustering	Protects against identity disclosure	Neglects many critical factors	Sensor data	Liu et al. [107]
	Dynamic anonymization by separatrices	Prevents attribute disclosure attacks	Prone to other privacy attacks	Table	Coelho et al. [108]
	IGH + k-A	Protection for same data types	Cannot apply to dynamic scenarios	Hybrid	Mahanan et al. [109]
	Probabilistic RS + IA	Solves privacy–time trade-off	Limited protection for LA, PA, BKA	Sensor data	Moqurrab et al. [110]
Differential Privacy	Local DP	Privacy protection of key-value IoT data	Analysis from a small $ϵ$ is not done well	Table	Wang et al. [111]
	Laplace + SAA	Privacy–accuracy trade-off	Amount of noise is high	Set value	Huang et al. [112]
	Double randomizer + BT	Privacy protection in range queries	Higher computing complexity	Table	Ni et al. [113]
	DPSmartCity	Data classification and robust PP	Considers limited no. of adversaries	IoT data	Gheisari et al. [114]
	MPDP k-medoids	PUT optimization in IoMT data	Limited applicability to SD	Table	Zhang et al. [115]
	LDP + Count Sketch	Preserves correlations and availability	More noise addition in intermediate steps	Key-valued	Wang and Lee [116]
	EdgeSecureDP	78% accuracy in DL environment	Higher $ϵ$ may leak privacy	Graph	Amjath et al. [117]
	Adaptive $ϵ$ selection + SW	Protection of WD data	Lack of extensive validation	Streams	Zhao et al. [118]
	Conventional DP	Privacy protection in queries	Prone to inference attacks	Table	Mudassar et al. [119]
	LDP + iterative aggregation	Hides records from TPS	Lack of tests for multiattribute data	Table	Zhou et al. [120]
Encryption	Homomorphic encryption	Privacy of DO, CS, and DU in complex IoT environments	Suitable only for small-scale data and high cost	Sensor instances	Ren et al. [121]
	Fully HE	PP computations on encrypted data	Cannot resist inference attacks	ECG records	Ramesh et al. [122]
	Thumbnail PE	Protection for DL-based SRA	Poor results from large-image data	Image data	Yuan et al. [123]
	Searchable SE	Efficient and secure scheme	High overhead with MD queries	File data	Gao et al. [124]

Abbreviations: K-VARP = K-anonymity for VARied data stream via Partitioning, k-A = k anonymous/anonymity, D-A = disassociation, SAA = sample and aggregation, BT = binary tree, CS = client server, SVA = sensitive variance attack, CSA = categorical similarity attack, DPSmartCity = Differential Privacy-Preserving Smart City, IGH = identical generalization hierarchy, RS = random sampling, IA = Instant_Anonymity, LA = linkage attack, PA = probabilistic attack, BKA = background knowledge attack, MPDP = multiple partition differential privacy, PUT = privacy–utility trade-off, SD = small dataset, DL = distributed learning, SW=square wave, WD=wearable device, TPS = third-party servers, DO=data owner, CS=cloud server, DU = data user, HE=homomorphic encryption, PE = preserving encryption, SRA = super-resolution attack, SE = symmetric encryption, MD = multidimensional, CP-ABE = ciphertext-policy attribute-based encryption, CPT = chosen plain-text.

Table 3. Remaining part of Table 2.

Technique	Method	Strength(s)	Weakness(es)	Data Modality	Study
Encryption	CP-ABE	Privacy guarantees in cloud setting	Protects against CPT attack	Attribute data	Li et al. [125]
	Identity-based encryption	Ensures privilege access for PP	Prone to inference and MS attacks	General data	Yan et al. [126]
	Identity-based encryption	PP with revocation functionality	Low PP when many nodes are C	Actuator data	Sun et al. [127]
	Catalan object	PP via complex ciphertext	Lacks real-life validation	General data	Saravcevic et al. [128]
	Functional encryption + ABC	End-to-end solution for PP	Requires data at centralized place	Sensor data	Sharma et al. [129]
	Chaos-based encryption	Strong PP in data transmission	PP for one data modality only	Biosignal data	Clemente et al. [130]
	Chaos-based encryption	PP via higher indistinguishability	High complexity and sensitive to IC	Image data	Jain et al. [131]
Blockchain	MC architecture	In-built privacy for many use cases	Poor utility and data access	Smart device data	Ali et al. [132]
	Smart contract	PP and better control on devices	Higher storage and update costs	Smart device data	Loukil et al. [133]
	Data certification	Protection of car mileage data	Heavy reliance on central databases	Sensor data	Chanson et al. [134]
	ACOMKSVM + ECC	PP in learning process	Prone to inference and re-construction	Image data	Le et al. [135]
	Chameleon hash functions	Protection against diverse attacks	Poor against Sybil attack	General data	Xu et al. [136]
	EOS blockchain	Pipeline for securing SH data	No support for analytics or DM	Smart home data	Tchagna et al. [137]
	BPRPDS	Protection against UP of DUs	Limited support for DM and PS	General IoT data	Li et al. [138]
	Secret sharing	PP in IoT data sharing scenarios	Prone to data leakage and UP	Node data	Li et al. [139]
	SecPrivPreserve	Privacy, security, and integrity	High overheads and operations	General IoT data	Padma et al. [140]
	Smart contract + HE + ZKP	Tamper-proof data sharing	High computing complexity	IoT nodes’ data	Ma et al. [141]
SMC	FairplayMP framework	Solves PUT in personal data	Data are divided into various pieces	Sensor data	Tso et al. [142]
	Paillier and ElGamal CS	Prevent insider privacy attacks	Very high data processing costs	Sensor data	Yi et al. [143]
	PrivacyProtector + SW-SSS	Strong protection against C-L-A	Relies on multiple servers	Log data	Lou et al. [144]
	Bloom filter + SMC + BC	Secure data sharing in IoT devices	Poor scalability and efficiency	IoT node data	Ma et al. [145]
	Shamir’s secret sharing	PP in aggregated IoT data	Prone to SA prediction attacks	Sensor data	Goyal et al. [146]
	SMC + SS	Support for different aggregations	Difficult to choose security parameters	IIoT node data	Liu et al. [147]
	Federated MPC	PP in diagnostic applications + SMI	Poor results from imbalanced data	X-ray data	Siddique et al. [148]
	MPMQSMT component	PP of identity, location, and health data	Malicious parties can corrupt the data	General IoT data	Bao et al. [149]

Abbreviations: PP = privacy protection, MS = model serialization, C = corrupted, ABC = attribute-based cryptography, IC = initial condition, MC = modular consortium, ACOMKSVM = Ant Colony optimization with Multi Kernel Support Vector Machine, ECC = Elliptical Curve cryptosystem, SH = smart home, DM = data mining, BPRPDS = blockchain-based privacy-preserving and rewarding private data-sharing scheme, UP = unauthorized profiling, DUs = data users, PS = personalized service, ZKP = zero-knowledge proof, CS = crypto systems, SW-SSS = Slepian–Wolf-coding-based secret sharing scheme, BC = block chain, SMC = secure multi-party computation, SA = sensitive attribute, SMI = sensitive medical information, MPMQSMT =multi-party multi-query set membership testing.

Apart from the PES analyzed in the above tables, PbD solutions have been recently adopted in IoT and/or IIoT domains to provide robust privacy guarantees and data usability [150]. To this end, federated learning is one of the PbD solutions having numerous applications in IoT environments [151]. Apart from FL, federated analytics (FA) and split learning (among others) are also regarded as PbD solutions because they do not move the data but instead transfer knowledge and/or the model [152,153,154]. To the best of our knowledge, our work here is the first to comprehensively explore the role of PbD solutions in the IoT domain. Specifically, we analyzed different studies that employed these solutions for privacy protection in IoT settings/environments. Table 4 summarizes various SOTA studies that employed PbD solutions for privacy preservation in IoT applications/systems. In Table 4, we compare SOTA PbD-related studies based on four criteria: strength, weakness, modality, and method used. In some studies, explicit details about the datasets were not given, or the solution was analyzed in a testbed, so we list general IoT data in the modality column. A high-level taxonomy of PbD and PES, along with their techniques considered in this work, is shown in Figure 10.

The above classification of PP methods is based on basic differences in both these methods, such as data mobility, accessibility, and processing. PbD methods such as federated learning and split learning are designed with privacy as a fundamental architectural concept. In these methods, data stay local, and only partial computations or model changes are distributed with the server. PES methods, on the other hand, including anonymization and DP, and change/alter data while still letting it be shared with third parties. This difference is significant, as it allows particular methods to be chosen depending on the use case or application scenario in the real-world IoT setting. Table 4 shows that a lot of studies have explored PbD solutions to guarantee the privacy of sensitive data curated and/or exchanged in IoT environments/settings. In these studies, diverse data modalities were considered, and accordingly, relevant privacy mechanisms were explored. In the analysis presented in Table 4, we considered the latest PbD methods that provide privacy guarantees in IoT systems and/or services. Since most of the PbD-related studies adopted some methods from PES, we report few studies in this analysis. However, the next section covers this aspect and thoroughly reports the synergies within the PES and PbD categories as well as between them. The analysis presented here can contribute to understanding the mainstream PbD methods and their methodological details in the context of IoT data privacy.

6. Synergy of Multiple Privacy-Preserving Solutions for Privacy Protection of IoT Data

In the past, stand-alone techniques like anonymization, DP, federated learning, etc., were used to protect the privacy of data in IoT systems/services. Of late, many hybrid methods (e.g., synergy between different PP methods) have been developed to meet the stringent privacy requirements in IoT environments/settings. In these hybrid methods, some mechanisms from each technique are combined into a unified framework to meet different privacy-versus-utility requirements. For instance, in some settings, anonymization and pseudonymization are jointly used to protect the privacy of data in the IoT [175]. Similarly, DP has been rigorously combined with blockchain to protect the privacy of sensitive data in IoT environments [176]. In a nutshell, there are synergies between different PES and PbD solutions to ensure the privacy of IoT data. In this work, we highlight this aspect for the first time and discuss SOTA literature to provide a systematic analysis of such methods. Figure 11 summarizes the synergies between the PES and PbD methods discussed in the previous section, as well as the synergies. In the literature, studies mostly combined two methods to yield robust privacy guarantees. However, some recent methods have employed multiple PP methods in diverse IoT scenarios.

Figure 11 shows three types of synergies: among PES methods, among PbD methods, and between PES and PbD methods. In Figure 11, the first levels in parts (a) and (b), separated with OR, indicate stand-alone solutions. In contrast, AND between methods indicates simultaneous use. These synergies were created to meet diverse privacy requirements or to resolve the privacy/utility trade-off. For instance, not all data are sensitive, and therefore, different mechanisms can be combined when considering the sensitivity of the data. In some cases, different users can have different privacy preferences, and therefore, different mechanisms under the same use case (or service scenario) might be required. Next, we summarize recent developments in hybrid methods in the context of the IoT for each type listed in Table 5. We contrast previous developments on four key criteria: the number of methods combined, the methods’ names, the purpose for the synergy, and application scenarios. In some studies, the application scenario was not explicitly reported, and for those studies “General scenarios” appears in the Scenario(s) column. The analysis presented in Table 5 paves the way to understanding the latest developments made to combine different methods from the same category to ensure the privacy of confidential data in IoT settings. It is worth noting that when different methods are integrated, they often lead to diverse technical, implementation, and performance challenges. For example, increased computing cost, implementation complexity, possible compatibility problems between many approaches, and the difficulty in balancing privacy–utility trade-offs when several methods are merged constitute the main obstacles to such synergy. Furthermore, these hybrid solutions could bring fresh risks at integration points and usually require additional knowledge to be implemented properly in real-world scenarios.

In Table 5, note that two or more methods have been extensively used in both PES and PbD methods for privacy protection in different scenarios. Note that the analysis in Table 5 presents synergies only within PES and PbD methods because PbD methods are relatively new. In the PES category, synergy from up to four different methods accomplishes different performance objectives along with privacy. Recent research has shed light on creating synergies between the different methods to ensure robust privacy guarantees in the IoT [200,201]. Hence, the number of synergies within PbD methods is likely to grow in the coming years. However, a lot of synergies are possible by combining PES and PbD methods to enhance privacy status against diverse attacks in IoT settings/environments [202]. Table 6 summarizes the SOTA privacy-preserving methods that have employed both PES and PbD to provide robust privacy guarantees in IoT settings. The comparison criteria are the same as in Table 5, but the methods are from the two different categories.

In Table 6, observe that a lot of studies have explored ways to combine different methods to accomplish privacy guarantees along with other objectives (e.g., scalability, utility, overhead, and convergence). For example, FL has been widely integrated with many diverse privacy protection methods in the PES category. Similarly, DP in the PES category has been widely integrated with various PbD methods. In addition, all these studies were proposed for generic scenarios as well as specific ones (e.g., healthcare, parking, telemedicine, industrial automation, crowd sensing). The main purpose of each synergy was to ensure stringent privacy for diverse data resulting from IoT settings/environments. In this analysis, we limited ourselves to established research. Therefore, we found maximum synergies from using up to four methods. Although all these studies contributed to achieving the desired goals, the complexity in most of the methods was high, due to the many complex operations. Also, some studies were not validated in different contexts and/or scenarios, offering limited adoption choices in real-world cases. In some cases, the emphasis was on privacy protection only, which can lead to higher utility loss in realistic scenarios. The analysis presented in this section contributes to understanding the synergies within the PES and PbD categories as well as between them. In the future, more such synergies are expected to ensure robust privacy guarantees for diverse types of data from IoT devices and environments.

The thematic synthesis of the SOTA hybrid solutions given in Table 5 and Table 6 in terms of overarching trends, common challenges, and innovation gaps is given below.

Overarching trends: (i) The synergy of up to two methods has been well investigated in the current literature, while the synergy of more than two methods has received relatively less attention in IoT data privacy. (ii) DP and FL have been widely integrated with many other methods in the PES and PbD categories. (iii) Most hybrid solutions have been designed for generic IoT applications/systems, whereas hybrid PP solutions for some specific domains/applications remained relatively less explored. (iv) Most hybrid solutions are designed to accomplish higher privacy guarantees at the expense of data utility or other performance metrics.
Common challenges: (i) Most hybrid methods have a very high computing cost owing to a large number of complex operations, particularly when end-to-end privacy guarantees are desirable. (ii) The sequential application of different PP methods in a pipeline induces heavier distortion/modifications in the data. (iii) Most hybrid methods cannot provide end-to-end privacy guarantees due to configuration/parameter differences. (iv) Hybrid solutions involving complex techniques like encryption/SMC lead to the energy/compute drain on tiny/resource-constrained IoT nodes/devices. (v) Formal verification of hybrid PP solutions is difficult due to different data representations/transformations.
Innovation gaps: (i) Most hybrid methods are tested with static datasets that have already been aggregated, lacking real-time applicability. (ii) The decision about parameter value in the hybrid solutions is often made manually, leading to the less favorable resolution of the privacy–utility trade-off. (iii) Though hybrid methods offer more robust protection than one method, resistance against diverse attacks cannot be accomplished due to unrealistic assumptions or narrow threat models in most cases. (iv) Most hybrid methods are integrated in their naive form without proper customization, offering limited protection against active adversaries.

7. Quantum-Based Privacy Preserving Solutions for IoT Data Privacy

With the advent of quantum computers, the conventional PP techniques or protocols used in various IoT environments/settings may not remain secure. Hence, the latest research has explored ways to upgrade classical PP methods with quantum-based solutions because they provide more robust solutions to privacy attacks. In the IoT domain, a lot of methods have been developed that are quantum-safe and that offer more rigorous privacy guarantees than classical methods, along with the lowest overhead [228,229]. Recent research has addressed quantum threats to IoT privacy and security. Alam et al. [230] examined quantum computing’s impact on traditional encryption like RSA, introducing post-quantum cryptographic alternatives, including lattice-based and code-based approaches. Sheetal and Deepa [231] explored general IoT security measures focusing on authentication and access control, while Irshad et al. [232] proposed a scalable and secure cloud architecture integrating post-quantum cryptography with blockchain for IoT environments. Dileep et al. [233] demonstrated privacy protection in the edge-based IoT by using quantum-enhanced encryption that combines an alternating quantum walk with the Advanced Encryption Standard (AES) for healthcare applications. Hasan et al. [234] used QKD with the Paillier cryptosystem for a smart metering system, showing improved performance against quantum threats. Malina et al. [235] surveyed privacy-enhancing technologies for the IoT with an emphasis on post-quantum cryptography implementation and included case studies of connected vehicles. Li et al. [236] constructed a privacy-preserving query architecture that remains secure even with untrusted devices, and Fernández-Caramés [237] reviewed post-quantum cryptosystems for resource-constrained IoT devices in critical applications. These studies collectively show the progression from theoretical quantum-resistant approaches to practical implementations across various IoT domains, addressing the unique security challenges of IoT systems in preparation for the quantum computing era. Table 7 presents a comparative analysis of recent quantum-based privacy-preserving solutions for IoT data security, highlighting their key features and performance characteristics.

In Table 7, quantum-based PP methods have been integrated with IoT systems to provide robust privacy guarantees and other performance objectives. However, most of the studies in this line of work are theoretical or provide only the architecture without implementation. In addition, validation in real-world cases is lacking in most of the studies due to the absence of advanced computing infrastructures (i.e., quantum computers). In the future, it will be vital to explore this line of work to secure IoT systems against diverse privacy attacks while accomplishing the desired constraints or service requirements.

8. Lessons Learned, Current Challenges, and Future Research Directions

Through our extensive analysis of the literature, we found that privacy protection for IoT settings/environments is undeniably a hot research topic. A lot of reviews, articles, and case studies have been published on IoT data privacy involving different modalities (images, time series, tables, text, etc.), settings (centralized, decentralized, and hybrid), and applications (facial recognition, recommendation, parking, data sharing, knowledge sharing, etc.). Some studies are devised to protect against one type of privacy attack (e.g., data reconstruction), while other studies offer support for multiple types of privacy attack (e.g., data reconstruction, inference, model stealing). Some studies optimize the trade-off between privacy and utility in IoT settings. In contrast, others only prioritize privacy over utility, and vice versa. Some studies are stand-alone, while some combine two or more privacy methods to accomplish privacy preservation in the IoT. In addition, some studies try to accomplish multiple objectives (lower latency, less overhead, reduced energy, etc.) along with strong privacy guarantees. Lastly, some studies are validated on real-life datasets while others are validated through testbeds. Among the survey papers, the role of one or two privacy-preserving techniques is extensively discussed, along with recent developments in that line of work [246]. Some case studies highlighted the importance of privacy preservation in IoT environments by using one or more privacy protection techniques [247]. Other studies highlighted the significance of privacy protection in a narrow domain like SmartTVs [248]. Recently, some studies have investigated communication security aspects such as TLS interception, replay attacks, and device authentication in the IoT domain [249]. The authors devised various practical tests to verify the resilience of IoT devices to these attacks, underscoring the key privacy/security issues in IoT deployments. In a nutshell, there are diverse studies on IoT privacy covering many important aspects of different use cases or scenarios.

This paper provides extensive information about privacy preservation topics in the IoT by summarizing the latest SOTA studies. In Section 4, we summarized recent SOTA methods along with methodological details on two settings for the IoT: on-device and cloud computing. We found a lot of studies on cloud-based IoT settings, but relatively fewer studies for on-device settings of the IoT. In Section 5, we analyzed the PES and PbD methods along with their strengths and weaknesses in terms of privacy protection. We found that PES has been investigated well, but PbD is relatively new, and there is room for improvement. We identified four or five broad categories for each method. For PES, we focused on anonymization, differential privacy, encryption, SMC, and blockchain. In contrast, we found federated learning, split learning, zero-knowledge proofs, and synthetic data among the PbD methods. In Section 6, we analyzed the synergies between PP methods to provide a deep analysis of the latest methods. Through analysis of the literature, we found that a lot of methods have been combined within PES (e.g., differential privacy and anonymization) and within PbD (federated learning, split learning, etc.). Furthermore, many studies combined methods from both PES and PbD (e.g., federated learning plus differential privacy, or differential privacy plus split learning) to provide strong privacy guarantees. The analysis presented in that section contributes to understanding the hybrid solutions that have been devised to meet stringent privacy requirements and to complement the weaknesses of the stand-alone methods. In Section 7, we summarized the quantum-based privacy-preserving methods that have recently been proposed to achieve greater defense against sophisticated privacy attacks. In each section, we offered details for different components (e.g., modality, application scenario, techniques, and/or method names) to provide a comprehensive understanding of privacy topics in the IoT. Unlike earlier studies that usually concentrated on particular privacy techniques in isolation [250,251,252], our work offers a unique dual-categorization framework that methodically analyzes privacy solutions across both on-device and cloud computing scenarios, also separating PbD from PES. In the following respects, our study is original compared to the former analyses/studies.

We show, across these dual categories, the first thorough mapping of privacy-preserving techniques, especially for IoT contexts.
We specifically examine the synergies between many privacy approaches, stressing how combinations of techniques (e.g., DP + blockchain + FL) handle difficult privacy issues in IoT environments.
We include newly developed quantum-based privacy techniques, which have not received much attention in previous works.
For IoT environments in particular, we provide thorough comparison tables analyzing strengths, shortcomings, data modalities, and application areas of different privacy techniques.

The knowledge enclosed in this manuscript paves the way to a clear understanding of the research dynamics and valuable literature on privacy for diverse IoT systems and applications.

Current challenges in the field: PP in IoT systems and applications has become a hot research area. However, despite many developments, it is still challenging to resolve all kinds of privacy issues in a fine-grained manner. Below, we pinpoint crucial challenges in PP methods for IoT settings.

Most of the existing PP methods are ad-hoc in nature, meaning they do not classify IoT data based on sensitivity, leading to identical protection for entire segments of the data. However, not all data are sensitive in practice, and hence, data classification to reduce the number of anonymity operations or to lessen computing overhead is challenging in IoT services and/or applications.
Most of the existing PP methods offer resistance against a limited array of privacy attacks, and they cannot offer the required safeguards in some IoT scenarios, such as on-device IoT settings.
Most PP methods employ different anonymity operations at different stages of the IoT application, leading to poor data utility and delays in knowledge derivation.
In IoT systems/applications, devices can generate data in different formats and in a continuous format; however, the current methods cannot adjust the parameters and/or configurations based on these changes, which can lead to inconsistent privacy protection.
The current PP methods used in IoT settings are very restrictive, meaning they alter the data properties too much by adding excessive noise or implementing other kinds of operations. Highly modified data cannot provide the required knowledge in terms of analytics, and can negatively impact insights and data-driven outcomes.
The existing PP methods often combine multiple methods in order to cater to one or two types of privacy attacks. While this synergy is handy, it can lead to high computing costs due to extensive operations.
Most PP methods cannot scale well to the increasing number of devices, and they lack validation in realistic IoT cases, leading to higher overhead and/or poor privacy guarantees in real-world cases.
PP in PbD methods comes with different trade-offs, and privacy protection often leads to other kinds of technical problems (e.g., poisoning attacks, prolonged convergence, model stealing, or backdoor attacks).
Most PP methods work in a black-box manner and lack transparency in terms of data processing, leading to poor control and transparency over users’ data in IoT environments. In the current era, there is a lack of intuitive privacy interfaces, personalized PP data-processing methods, privacy-preference-aware learning models, etc.
Most PP methods do not provide robust privacy guarantees for the entire data lifecycle (collection → processing → storage → sharing). Hence, there is a risk of private information leakage at different stages/phases of the data lifecycle.
Most of the PP methods used in IoT settings are general, which means they cannot offer a concrete solution for privacy preservation in diverse domains (e.g., healthcare, finance, etc.). Due to heterogeneous data and domain requirements, it is challenging to adapt current PP solutions to diverse domains.

Apart from the above-cited challenges, consent management for data collection and ensuring the fulfillment of regulatory requirements are very challenging. Privacy preservation for different data items (generated content, processed content, and output) is required, which is not the case in conventional data-handling scenarios. Furthermore, an AI model trained on sensitive IoT data can capture unnecessary information that can lead to data reconstruction or privacy-endangering inferences. Lastly, IoT devices can generate a massive amount of data, but not all the data are sensitive in terms of privacy. An in-depth understanding and classification of data can help remove unnecessary data, or it can augment utility by making fewer changes to the less sensitive data. However, it is challenging to classify data based on sensitivity and to learn from the required information by using only a small segment of the data rather than the entire range of big data.

Future research directions: We outline twelve promising directions for future research on privacy preservation in the IoT.

PP methods for on-device setting: In recent years, a lot of lightweight AI models have been developed for resource-constrained IoT devices. Although these models have various guardrails, there is still a chance of privacy disclosure via side-channel attacks or device behavior analysis. Furthermore, using privacy methods like encryption can increase computing overhead on tiny devices. In the future, developing lightweight privacy protection methods in order to prevent personal information leaks in IoT devices is a promising research area.
Development of quantum-based privacy methods: Recently, quantum computing methods have revolutionized the privacy domain, and can provide promising solutions for privacy protection, particularly in intelligent infrastructures [235]. These methods have the potential to address the technical deficiencies in conventional/classical privacy protection methods while protecting user-sensitive information [253]. To this end, devising quantum-based privacy methods for diverse IoT settings, or combining quantum-based methods with conventional ones to protect sensitive data, are very promising areas of research.
Privacy–utility trade-off optimization in PbD methods: PbD methods such as federated learning, split learning, and federated analytics present promising solutions to address privacy issues in the IoT as well as in general settings. However, accomplishing the privacy/utility trade-off via these methods is difficult due to their distributed nature and the risk of poisoning attacks [254,255]. To this end, devising practical methods that can optimize the privacy/utility trade-off despite poisoning attacks or data variability/heterogeneity is a fascinating topic to work on in the future.
Development of less restrictive privacy methods: Most of the privacy methods used in IoT settings are restrictive, meaning they enforce hard parameters on the data to accomplish privacy [256]. However, restrictive parameters can alter the structure of the data too much, and utility can be seriously compromised. Furthermore, heavily distorted data can induce other problems, like bias in downstream tasks. To address this, developing adaptive privacy methods that can reduce the number and extent of modifications in the data without compromising privacy is an active area of research.
Computing overhead reduction in synergized privacy methods: As discussed in earlier parts of this paper, there are many synergies between PES and PbD methods. This trend is expected to grow because privacy requirements are increasing day by day. However, in synergized methods, many operations are performed to transform data from one form to another, leading to extensive computing overhead [257]. It is vital to devise lightweight hybrid methods that combine some operations from each category to reduce overhead while offering privacy guarantees. Furthermore, classifying data w.r.t. privacy risks and reducing redundant operations is a promising research area.
Development of personalized privacy methods for diverse IoT settings/scenarios: Most of the previous methods treat all data resulting from IoT devices as risky. However, in practice, not all data are risky and may require non-identical processing. The development of personalized privacy methods can strike a balance between privacy and utility, which is not the case with methods that treat all data as risky. To that end, devising practical methods that can classify data based on sensitivity and that ensure the required protection for each type (highly sensitive, less sensitive, and not sensitive) is a promising area of research.
Development of privacy methods with end-to-end privacy guarantees: In IoT-based systems, privacy needs to be ensured at different stages, such as input, processing, and output. Also, privacy methods may differ depending upon the setting and data modality [59]. It is vital to determine the most suitable methods that contribute to privacy guarantees at each stage but with the least computing overhead. In line with such work, developing new methods that can guarantee data privacy when data are stored, moved, and/or transferred from one environment to another is a promising research area.
Integration of zero trust architectures with privacy-enhancing technologies: In recent years, the zero trust architecture (ZTA) has been extensively used to address security concerns in IoT devices, and has been promoted by John Cates and companies like Google. Recently, some privacy-preserving techniques, such as blockchain, have been integrated with the ZTA to provide robust privacy guarantees when large-scale data interactions are desirable [258]. Exploring the role of diverse privacy methods (differential privacy, anonymization, SMC, etc.) in the ZTA is a promising direction for future research.
Explainable AI and transfer learning for PP IoT analytics: The IoT brings in a lot of sensitive data that we need to utilize, and explainable AI (XAI) can help humanize or make privacy mechanisms transparent to the end user and to regulatory bodies [259]. However, future work should look for a way to provide well-founded explanations despite these strong guarantees of protection from information disclosure in IoT systems. Moreover, transfer learning mechanisms may allow reusing privacy models built in one IoT domain [260] (e.g., smart homes) for the new or altered IoT environments (e.g., the industrial IoT) to obtain a good trade-off between privacy protection and analytical usefulness.
Collaborative privacy frameworks for cross-domain IoT ecosystems: IoT ecosystems are often multi-domain with different vendors and regulatory jurisdictional environments, leading to high infrastructure complexity [261]. To cater to this huge complexity, collaborative privacy frameworks should be developed. These approaches include standards for data sharing along with privacy guarantees, anonymization methods for IoT observation imagery, as well as models to help users abide by shifting privacy laws across jurisdictions [262]. In the near future, developing collaborative privacy frameworks that can protect against internal and external adversaries in complex IoT systems is an emerging avenue for research.
Resilient PP techniques for resource-constrained IoT devices: Most IoT devices have substantial limitations on computing power, memory, and energy. Research must consider the creation of lightweight privacy-preserving methods that can be effectively executed on resource-constrained devices without degrading security or operational efficiency [263]. This means considering energy-efficient encryption, privacy-preserving computation offloading, and context-aware privacy mechanisms that can adjust to dynamic device conditions and user needs.
Privacy protection learning in IoT-based systems: Due to the deployment of massive IoT devices, a lot of high-dimensional and heterogeneous types of data are aggregated, which can lead to privacy violations of different types. Specifically, when such large-scale data are used in AI models, there is a possibility of privacy leakage at inference time [264]. Recently, privacy-preserving ML approaches have been developed to secure IoT devices’ data in statistical learning/training [265]. However, it is still challenging to ensure privacy guarantees while training AI models over IoT device data. To this end, robust methods are required that can ensure privacy protection learning in different IoT-based systems/applications.

Apart from the above-cited future research directions, integrating machine learning with conventional privacy-preserving methods for the protection of IoT data is another important avenue for research [266,267]. In addition, utilizing recent generative models to improve privacy status in diverse IoT environments is an exciting area. Recently, reinforcement learning (RL) has also demonstrated its effectiveness in solving privacy problems in IoT settings [268]. Hence, exploring the role of RL in PP in IoT settings is an emerging research area. Furthermore, providing higher utility while protecting against a diverse array of privacy attacks via single methods is another promising direction. Recently, machine unlearning and federated unlearning to guarantee the privacy of training data have become hot research topics [269,270]. Therefore, exploring the role of machine and federated unlearning to preserve the privacy of sensitive IoT data during collaborative learning is an emerging avenue for research.

9. Conclusions and Future Work

Privacy preservation has become an integral component of most digital systems that aggregate and process personal data, and the IoT is no exception. With the extensive proliferation and deployment of IoT systems, data of diverse types are collected for analytics. The privacy protection of data collected with IoT systems is very challenging because it can reveal information about different spatial–temporal activities, itineraries, demographics, health histories, and sensitive information (disease, habits, etc.). Due to extensive and continuous data collection, privacy protection in IoT-based systems/applications is more challenging compared to traditional ones. To address all types of privacy issues, and to make IoT data usable for the greater good, multidisciplinary approaches are needed. This article presented a comprehensive analysis of privacy-preserving methods that are used in IoT systems/applications. Specifically, we discussed various SOTA PP methods to preserve IoT data privacy in both on-device as well as cloud computing scenarios. We categorized the existing PP solutions into PbD (e.g., FL and SL) and PES (e.g., DP and anonymization) and mapped them to IoT-driven systems/applications. Furthermore, we summarized the latest SOTA methods that employ multiple PP techniques (e.g.,

ϵ

-DP + anonymization,

ϵ

-DP + blockchain + FL) rather than employing just one technique to preserve IoT data privacy. The use of hybrid PP approaches is the latest trend owing to stringent privacy requirements and to make data highly effective for downstream tasks. Lastly, we identified and discussed quantum-based methods devised to enhance the security and/or privacy of IoT data. We provided synthesized knowledge concerning different privacy preservation aspects along with opportunities for further research and innovation. To the best of our knowledge, this is pioneering work that provides comprehensive knowledge about the PP-centered IoT (specifically, PP methods for on-device settings, classification of PP methods into PES and PbD and the corresponding developments, synergies between PbD and PES methods, quantum-based PP methods, and methodological and/or experimental details of various PP methods). The insights derived from this survey provide a valuable resource for researchers and developers and can contribute to devising next-generation robust PP methods. In the future, we intend to analyze the lightweight encryption-based methods that are extensively used in IoT systems/applications. We also plan to discuss the confluence of FL and the IoT (other than for privacy) to highlight recent developments in this line of work. Finally, we intend to explore other kinds of threats related to wearable devices in order to highlight developments in IoT technology.

Author Contributions

All authors contributed equally to this research. All authors have read and agreed to the published version of the manuscript.

Funding

This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (Ministry of Science and ICT) (RS-2024-00340882).

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data and studies used in this research are available within this article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

Alghamedy, F.H.; El-Haggar, N.; Alsumayt, A.; Alfawaer, Z.; Alshammari, M.; Amouri, L.; Aljameel, S.S.; Albassam, S. Unlocking a Promising Future: Integrating Blockchain Technology and FL-IoT in the Journey to 6G. IEEE Access 2024, 12, 115411–115447. [Google Scholar] [CrossRef]
Rafiq, I.; Mahmood, A.; Razzaq, S.; Jafri, S.H.M.; Aziz, I. IoT applications and challenges in smart cities and services. J. Eng. 2023, 2023, e12262. [Google Scholar] [CrossRef]
Sharma, M.; Tomar, A.; Hazra, A. From Connectivity to Intelligence: The Game-Changing Role of AI and IoT in Industry 5.0. IEEE Consum. Electron. Mag. 2024, 1–7. [Google Scholar] [CrossRef]
Wu, C.; Li, X.; Luo, L.; Zeng, Q. T2Pair++: Secure and Usable IoT Pairing with Zero Information Loss. arXiv 2024, arXiv:2409.16530. [Google Scholar]
Aouedi, O.; Vu, T.H.; Sacco, A.; Nguyen, D.C.; Piamrat, K.; Marchetto, G.; Pham, Q.V. A survey on intelligent Internet of Things: Applications, security, privacy, and future directions. IEEE Commun. Surv. Tutor. 2024, 27, 1238–1292. [Google Scholar] [CrossRef]
Balaji, S.; Nathani, K.; Santhakumar, R. IoT technology, applications and challenges: A contemporary survey. Wirel. Pers. Commun. 2019, 108, 363–388. [Google Scholar] [CrossRef]
Andrade, A.; Cabral, A.T.; Bellini, B.; Rodrigues, V.F.; da Rosa Righi, R.; da Costa, C.A.; Barbosa, J.L.V. IoT-based vital sign monitoring: A literature review. Smart Health 2024, 32, 100462. [Google Scholar] [CrossRef]
Gundala, J.R.; Potluri, S.S.V.; Damle, S.V.; Hashmi, M.F. IoT & ML-Based Healthcare Monitoring System-Review. In Proceedings of the 2022 IEEE International Symposium on Smart Electronic Systems (iSES), Warangal, India, 18–22 December 2022; pp. 623–626. [Google Scholar]
Elaraby, M.E.; Ewees, A.A.; Anter, A.M. A robust IoT-based cloud model for COVID-19 prediction using advanced machine learning technique. Biomed. Signal Process. Control 2024, 87, 105542. [Google Scholar] [CrossRef]
Jan, I.; Sofi, S. Data management for resource optimization in medical IoT. Health Technol. 2024, 14, 51–68. [Google Scholar] [CrossRef]
Wang, T.; Tang, T.; Cai, Z.; Fang, K.; Tian, J.; Li, J.; Wang, W.; Xia, F. Federated Learning-based Information Leakage Risk Detection for Secure Medical Internet of Things. Acm Trans. Internet Technol. 2024. [Google Scholar] [CrossRef]
Rezk, N.G.; Alshathri, S.; Sayed, A.; Hemdan, E.E.D.; El-Behery, H. Secure Hybrid Deep Learning for MRI-Based Brain Tumor Detection in Smart Medical IoT Systems. Diagnostics 2025, 15, 639. [Google Scholar] [CrossRef] [PubMed]
Azad, M.A.; Abdullah, S.; Arshad, J.; Lallie, H.; Ahmed, Y.H. Verify and trust: A multidimensional survey of zero-trust security in the age of IoT. Internet Things 2024, 27, 101227. [Google Scholar] [CrossRef]
Del-Valle-Soto, C.; Briseño, R.A.; Velázquez, R.; Guerra-Rosales, G.; Perez-Ochoa, S.; Preciado-Bazavilvazo, I.H.; Visconti, P.; Varela-Aldás, J. Enhancing Elderly Care through Low-Cost Wireless Sensor Networks and Artificial Intelligence: A Study on Vital Sign Monitoring and Sleep Improvement. Future Internet 2024, 16, 323. [Google Scholar] [CrossRef]
Tekchandani, P.; Das, A.K.; Kumar, N. Large-scale secure model learning and inference using synthetic data for IoT-based big data analytics. Comput. Electr. Eng. 2024, 119, 109565. [Google Scholar] [CrossRef]
Zhao, L.; Cai, L.; Lu, W.S. Collaborative Learning of Different Types of Healthcare Data from Heterogeneous IoT Devices. IEEE Internet Things J. 2023, 11, 5757–5769. [Google Scholar] [CrossRef]
Lu, H.; Lyu, F.; Ren, J.; Wu, H.; Zhou, C.; Liu, Z.; Zhang, Y.; Shen, X. CODE+: Fast and Accurate Inference for Compact Distributed IoT Data Collection. IEEE Trans. Parallel Distrib. Syst. 2024, 35, 2006–2022. [Google Scholar] [CrossRef]
Piccialli, F.; Cuomo, S.; Cola, V.S.d.; Casolla, G. A machine learning approach for IoT cultural data. J. Ambient. Intell. Humaniz. Comput. 2024, 15, 1715–1726. [Google Scholar] [CrossRef]
Xu, G.; Kong, D.l.; Zhang, K.; Xu, S.; Cao, Y.; Mao, Y.; Duan, J.; Kang, J.; Chen, X.B. A Model Value Transfer Incentive Mechanism for Federated Learning with Smart Contracts in AIoT. IEEE Internet Things J. 2024, 12, 2530–2544. [Google Scholar] [CrossRef]
Shafee, A.; Hasan, S.; Awaad, T.A. Privacy and security vulnerabilities in edge intelligence: An analysis and countermeasures. Comput. Electr. Eng. 2025, 123, 110146. [Google Scholar] [CrossRef]
Gao, Y.; Zhou, T.; Zheng, W.; Yang, H.; Zhang, T. High-Availability Authentication and Key Agreement for Internet of Things-Based Devices in Industry 5.0. IEEE Trans. Ind. Inform. 2024, 20, 13571–13579. [Google Scholar] [CrossRef]
Prajapat, S.; Kumar, P.; Kumar, D.; Das, A.K.; Hossain, M.S.; Rodrigues, J.J.P.C. Quantum Secure Authentication Scheme for Internet of Medical Things Using Blockchain. IEEE Internet Things J. 2024, 11, 1. [Google Scholar] [CrossRef]
Chhikara, D.; Chauhan, S.S.; Rana, S. An Efficient Blockchain-Powered Authentication Scheme for Secure Communication in IoMT. IEEE Internet Things J. 2025. [Google Scholar] [CrossRef]
Dhar, S.; Khare, A.; Dwivedi, A.D.; Singh, R. Securing IoT devices: A novel approach using blockchain and quantum cryptography. Internet Things 2024, 25, 101019. [Google Scholar] [CrossRef]
Hossain, M.; Kayas, G.; Hasan, R.; Skjellum, A.; Noor, S.; Islam, S.R. A Holistic Analysis of Internet of Things (IoT) Security: Principles, Practices, and New Perspectives. Future Internet 2024, 16, 40. [Google Scholar] [CrossRef]
Zhang, S.; Cao, D. A blockchain-based provably secure anonymous authentication for edge computing-enabled IoT. J. Supercomput. 2024, 80, 6778–6808. [Google Scholar] [CrossRef]
Pereira, R.H. Lightweight data bridge for connecting self-service end-user analytic tools to NGSI-based IoT systems. Internet Things 2024, 25, 101125. [Google Scholar] [CrossRef]
Puli, S.; Srinivasu, N. Lightweight Cryptography Based Secured Data Transmission Model for Quality of Service in Internet of Things-A Comparative Analysis. Int. J. Saf. Secur. Eng. 2024, 14, 1279. [Google Scholar] [CrossRef]
Almasre, M.; Subahi, A. Create a Realistic IoT Dataset Using Conditional Generative Adversarial Network. J. Sens. Actuator Netw. 2024, 13, 62. [Google Scholar] [CrossRef]
Kil, Y.S.; Lee, Y.J.; Jeon, S.E.; Oh, Y.S.; Lee, I.G. Optimization of Privacy-Utility Trade-off for Efficient Feature Selection of Secure Internet of Things. IEEE Access 2024, 12, 142582–142591. [Google Scholar] [CrossRef]
Chanal, P.M.; Kakkasageri, M.S. Security and privacy in IoT: A survey. Wirel. Pers. Commun. 2020, 115, 1667–1693. [Google Scholar] [CrossRef]
Rasool, R.U.; Ahmad, H.F.; Rafique, W.; Qayyum, A.; Qadir, J. Security and privacy of internet of medical things: A contemporary review in the age of surveillance, botnets, and adversarial ML. J. Netw. Comput. Appl. 2022, 201, 103332. [Google Scholar] [CrossRef]
Barua, A.; Al Alamin, M.A.; Hossain, M.S.; Hossain, E. Security and privacy threats for bluetooth low energy in iot and wearable devices: A comprehensive survey. IEEE Open J. Commun. Soc. 2022, 3, 251–281. [Google Scholar] [CrossRef]
Siraparapu, S.R.; Azad, S. Securing the IoT Landscape: A Comprehensive Review of Secure Systems in the Digital Era. e-Prime-Adv. Electr. Eng. Electron. Energy 2024, 10, 100798. [Google Scholar] [CrossRef]
Adam, M.; Hammoudeh, M.; Alrawashdeh, R.; Alsulaimy, B. A Survey on Security, Privacy, Trust, and Architectural Challenges in IoT Systems. IEEE Access 2024, 12, 57128–57149. [Google Scholar] [CrossRef]
Suguna, M.; Sreenivasan, A.; Suresh, M.; OmKumar, C. Internet of Things Start-Ups: An Overview of the Privacy and Security in IoT Start-Ups. Mach. Learn. Hybrid. Optim. Intell. Appl. 2025, 310–326. [Google Scholar] [CrossRef]
Pinto, G.P.; Donta, P.K.; Dustdar, S.; Prazeres, C. A systematic review on privacy-aware iot personal data stores. Sensors 2024, 24, 2197. [Google Scholar] [CrossRef]
Malek, Y.N.; Kharbouch, A.; El Khoukhi, H.; Bakhouya, M.; De Florio, V.; El Ouadghiri, D.; Latré, S.; Blondia, C. On the use of IoT and big data technologies for real-time monitoring and data processing. Procedia Comput. Sci. 2017, 113, 429–434. [Google Scholar] [CrossRef]
Hou, L.; Zhao, S.; Xiong, X.; Zheng, K.; Chatzimisios, P.; Hossain, M.S.; Xiang, W. Internet of things cloud: Architecture and implementation. IEEE Commun. Mag. 2016, 54, 32–39. [Google Scholar] [CrossRef]
Babar, M.; Jan, M.A.; He, X.; Tariq, M.U.; Mastorakis, S.; Alturki, R. An optimized IoT-enabled big data analytics architecture for edge–cloud computing. IEEE Internet Things J. 2022, 10, 3995–4005. [Google Scholar] [CrossRef]
Al-Nbhany, W.A.; Zahary, A.T.; Al-Shargabi, A.A. Blockchain-IoT healthcare applications and trends: A review. IEEE Access 2024, 12, 4178–4212. [Google Scholar] [CrossRef]
Liu, P.; Li, X.; Zang, B.; Diao, G. Privacy-preserving sports data fusion and prediction with smart devices in distributed environment. J. Cloud Comput. 2024, 13, 106. [Google Scholar] [CrossRef]
Bhatti, D.M.S.; Choi, B.J. Enhancing IoT Healthcare with Federated Learning and Variational Autoencoder. Sensors 2024, 24, 3632. [Google Scholar] [CrossRef] [PubMed]
Awan, K.A.; Din, I.U.; Almogren, A.; Kim, B.S.; Guizani, M. Enhancing IoT Security with Trust Management Using Ensemble XGBoost and AdaBoost Techniques. IEEE Access 2024, 12, 116609–116621. [Google Scholar] [CrossRef]
Ding, J.; Nemati, M.; Ranaweera, C.; Choi, J. IoT connectivity technologies and applications: A survey. IEEE Access 2020, 8, 67646–67673. [Google Scholar] [CrossRef]
Laroui, M.; Nour, B.; Moungla, H.; Cherif, M.A.; Afifi, H.; Guizani, M. Edge and fog computing for IoT: A survey on current research activities & future directions. Comput. Commun. 2021, 180, 210–231. [Google Scholar]
Ahdan, S.; Susanto, E.R.; Syambas, N.R. Proposed design and modeling of smart energy dashboard system by implementing IoT (Internet of Things) based on mobile devices. In Proceedings of the 2019 IEEE 13th International Conference on Telecommunication Systems, Services, and Applications (TSSA), Bali, Indonesia, 3–4 October 2019; pp. 194–199. [Google Scholar]
Li, X.; Da Xu, L.; Sigov, A.; Ratkin, L.; Ivanov, L.A. Enterprise Architecture of IoT-Based Applications: A Review. Future Gener. Comput. Syst. 2024, 166, 107584. [Google Scholar] [CrossRef]
Li, B.; Dong, Q.; Downen, R.S.; Tran, N.; Jackson, J.H.; Pillai, D.; Zaghloul, M.; Li, Z. A wearable IoT aldehyde sensor for pediatric asthma research and management. Sens. Actuators B Chem. 2019, 287, 584–594. [Google Scholar] [CrossRef]
Swamy, S.N.; Kota, S.R. An empirical study on system level aspects of Internet of Things (IoT). IEEE Access 2020, 8, 188082–188134. [Google Scholar] [CrossRef]
Rehman, Z.; Tariq, N.; Moqurrab, S.A.; Yoo, J.; Srivastava, G. Machine learning and internet of things applications in enterprise architectures: Solutions, challenges, and open issues. Expert Syst. 2024, 41, e13467. [Google Scholar] [CrossRef]
Thakur, D.; Saini, J.K.; Srinivasan, S. DeepThink IoT: The strength of deep learning in internet of things. Artif. Intell. Rev. 2023, 56, 14663–14730. [Google Scholar] [CrossRef]
Giordano, G.; Palomba, F.; Ferrucci, F. On the use of artificial intelligence to deal with privacy in IoT systems: A systematic literature review. J. Syst. Softw. 2022, 193, 111475. [Google Scholar] [CrossRef]
Hernandez, A.; Xiao, B.; Tudor, V. Eraia-enabling intelligence data pipelines for iot-based application systems. In Proceedings of the 2020 IEEE International Conference on Pervasive Computing and Communications (PerCom), Austin, TX, USA, 23–27 March 2020; pp. 1–9. [Google Scholar]
Xu, M.; Liu, J.; Liu, Y.; Lin, F.X.; Liu, Y.; Liu, X. A first look at deep learning apps on smartphones. In Proceedings of the World Wide Web Conference, San Francisco, CA, USA, 13–17 May 2019; pp. 2125–2136. [Google Scholar]
Nasr-Esfahani, E.; Samavi, S.; Karimi, N.; Soroushmehr, S.M.R.; Jafari, M.H.; Ward, K.; Najarian, K. Melanoma detection by analysis of clinical images using convolutional neural network. In Proceedings of the 2016 38th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC), Orlando, FL, USA, 16–20 August 2016; pp. 1373–1376. [Google Scholar]
Juyal, S.; Sharma, S.; Shukla, A.S. Smart skin health monitoring using AI-enabled cloud-based IoT. Mater. Today Proc. 2021, 46, 10539–10545. [Google Scholar] [CrossRef]
Bai, J.; Wu, B.; Zhang, Y.; Li, Y.; Li, Z.; Xia, S.T. Targeted attack against deep neural networks via flipping limited weight bits. arXiv 2021, arXiv:2102.10496. [Google Scholar]
Sun, P.; Wan, Y.; Wu, Z.; Fang, Z.; Li, Q. A survey on privacy and security issues in IoT-based environments: Technologies, protection measures and future directions. Comput. Secur. 2025, 148, 104097. [Google Scholar] [CrossRef]
Liu, Z.; Wu, Z.; Gan, C.; Zhu, L.; Han, S. Datamix: Efficient privacy-preserving edge-cloud inference. In Proceedings of the Computer Vision–ECCV 2020: 16th European Conference, Glasgow, UK, 23–28 August 2020; Proceedings, Part XI 16. pp. 578–595. [Google Scholar]
Sundarakantham, K.; Sivasankar, E.; Mercy Shalinie, S. A hybrid deep learning framework for privacy preservation in edge computing. Comput. Secur. 2023, 129, 103209. [Google Scholar]
Sahu, P.P.; Raut, A.; Samant, J.S.; Gorijala, M.; Lakshminarayanan, V.; Bhaskar, P. POP-VQA-Privacy Preserving, On-Device, Personalized Visual Question Answering. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision, Waikoloa, HI, USA, 4–8 January 2024; pp. 8470–8479. [Google Scholar]
Zhou, X.; Lu, H. Improved On-Device Hyperdimensional-Computing-based Image Segmentation. In Proceedings of the 2023 IEEE 3rd International Conference on Intelligent Technology and Embedded Systems (ICITES), Huzhou, China, 27–30 October 2023; pp. 165–170. [Google Scholar]
Gao, W.; Yu, J.; Wang, H. Enabling Privacy-Preserving Parallel Computation of Linear Regression in Edge Computing Networks. IEEE Trans. Cloud Comput. 2024, 12, 1103–1115. [Google Scholar] [CrossRef]
Gao, W.; Yu, J.; Yang, M.; Wang, H. Enabling privacy-preserving parallel outsourcing matrix inversion in IoT. IEEE Internet Things J. 2022, 9, 15915–15927. [Google Scholar] [CrossRef]
Li, C.; Palanisamy, B. Privacy in internet of things: From principles to technologies. IEEE Internet Things J. 2018, 6, 488–505. [Google Scholar] [CrossRef]
Cirillo, F.; Wu, F.J.; Solmaz, G.; Kovacs, E. Embracing the future internet of things. Sensors 2019, 19, 351. [Google Scholar] [CrossRef]
Zhang, S.; Ma, J.; Bai, H.; Ren, Y.; Jia, N.; Hu, X. Toward Private, Trusted, and Fine-Grained Inference Cloud Outsourcing with on-Device Obfuscation and Verification. In Proceedings of the 2024 IEEE 32nd International Conference on Network Protocols (ICNP), Charleroi, Belgium, 28–31 October 2024; pp. 1–6. [Google Scholar]
Osia, S.A.; Shamsabadi, A.S.; Sajadmanesh, S.; Taheri, A.; Katevas, K.; Rabiee, H.R.; Lane, N.D.; Haddadi, H. A hybrid deep learning architecture for privacy-preserving mobile analytics. IEEE Internet Things J. 2020, 7, 4505–4518. [Google Scholar] [CrossRef]
Wang, J.; Bao, W.; Sun, L.; Zhu, X.; Cao, B.; Philip, S.Y. Private model compression via knowledge distillation. In Proceedings of the AAAI Conference on Artificial Intelligence, Honolulu, HI, USA, 27 January–1 February 2019; Volume 33, pp. 1190–1197. [Google Scholar]
Zhang, Y.; Wang, Z.; Guan, X.; He, L.; Li, F. Private compression for intermediate feature in IoT-supported mobile cloud inference. Displays 2024, 85, 102857. [Google Scholar] [CrossRef]
Jiang, L.; Tan, R.; Lou, X.; Lin, G. On lightweight privacy-preserving collaborative learning for internet-of-things objects. In Proceedings of the International Conference on Internet of Things Design and Implementation, Montreal, QC, Canada, 15–18 April 2019; pp. 70–81. [Google Scholar]
Zhang, Z.; Zhao, D.; Liu, R.; Tian, K.; Yao, Y.; Li, Y.; Ma, H. CamoNet: On-Device Neural Network Adaptation with Zero Interaction and Unlabeled Data for Diverse Edge Environments. IEEE Trans. Mob. Comput. 2024, 23, 11483–11497. [Google Scholar] [CrossRef]
Li, T.; Yin, S.; Yu, R.; Feng, Y.; Jiao, L.; Shen, Y.; Ma, J. CoAvoid: Secure, Privacy-Preserved Tracing of Contacts for Infectious Diseases. IEEE J. Sel. Areas Commun. 2022, 40, 3191–3206. [Google Scholar] [CrossRef]
Hajihassani, O.; Ardakanian, O.; Khazaei, H. Anonymizing sensor data on the edge: A representation learning and transformation approach. ACM Trans. Internet Things 2021, 3, 1–26. [Google Scholar] [CrossRef]
Snader, R.; Kravets, R.; Harris III, A.F. Cryptocop: Lightweight, energy-efficient encryption and privacy for wearable devices. In Proceedings of the 2016 Workshop on Wearable Systems and Applications, Singapore, 30 June 2016; pp. 7–12. [Google Scholar]
Jourdan, T.; Boutet, A.; Frindel, C. Toward privacy in IoT mobile devices for activity recognition. In Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, New York, NY, USA, 5–7 November 2018; pp. 155–165. [Google Scholar]
Bigelli, L.; Contoli, C.; Freschi, V.; Lattanzi, E. Privacy preservation in sensor-based Human Activity Recognition through autoencoders for low-power IoT devices. Internet Things 2024, 26, 101189. [Google Scholar] [CrossRef]
Liu, X.; Zheng, Y.; Li, Z.; Hu, Y. Multi-sensor Data Privacy Protection with Adaptive Privacy Budget for IoT Systems. In Proceedings of the 2024 IEEE Conference on Communications and Network Security (CNS), Taipei, Taiwan, 30 September–3 October 2024; pp. 1–9. [Google Scholar]
Wang, D.; Ren, J.; Xu, C.; Liu, J.; Wang, Z.; Zhang, Y.; Shen, X. Privstream: Enabling privacy-preserving inferences on IoT data stream at the edge. In Proceedings of the HPCC, IEEE, Zhangjiajie, China, 10–12 August 2019; pp. 1290–1297. [Google Scholar]
Wang, J.; Zhang, J.; Bao, W.; Zhu, X.; Cao, B.; Yu, P.S. Not just privacy: Improving performance of private deep learning in mobile cloud. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, London, UK, 19–23 August 2018; pp. 2407–2416. [Google Scholar]
Tchaye-Kondi, J.; Zhai, Y.; Shen, J.; Zhu, L. Privacy-preserving offloading in edge intelligence systems with inductive learning and local differential privacy. IEEE Trans. Netw. Serv. Manag. 2023, 20, 5026–5037. [Google Scholar] [CrossRef]
Shen, S.; Hao, X.; Gao, Z.; Wu, G.; Shen, Y.; Zhang, H.; Cao, Q.; Yu, S. SAC-PP: Jointly optimizing privacy protection and computation offloading for mobile edge computing. IEEE Trans. Netw. Serv. Manag. 2024, 21, 6190–6203. [Google Scholar] [CrossRef]
Qu, X.; Hu, Q.; Wang, S. Privacy-preserving model training architecture for intelligent edge computing. Comput. Commun. 2020, 162, 94–101. [Google Scholar] [CrossRef]
Fernandez, M.; Jaimunk, J.; Thuraisingham, B. Privacy-preserving architecture for cloud-IoT platforms. In Proceedings of the 2019 IEEE International Conference on Web Services (ICWS), Milan, Italy, 8–13 July 2019; pp. 11–19. [Google Scholar]
Fernández, M.; Jaimunk, J.; Thuraisingham, B. A privacy-preserving architecture and data-sharing model for cloud-IoT applications. IEEE Trans. Dependable Secur. Comput. 2022, 20, 3495–3507. [Google Scholar] [CrossRef]
Malekzadeh, M.; Clegg, R.G.; Cavallaro, A.; Haddadi, H. Mobile sensor data anonymization. In Proceedings of the International Conference on Internet of Things Design and Implementation, Montreal, QC, Canada, 15–18 April 2019; pp. 49–58. [Google Scholar]
Khalili, H.; Chien, H.J.; Hass, A.; Sehatbakhsh, N. Context-aware hybrid encoding for privacy-preserving computation in IoT devices. IEEE Internet Things J. 2023, 11, 1054–1064. [Google Scholar] [CrossRef]
Gupta, R.; Gupta, I.; Singh, A.K.; Saxena, D.; Lee, C.N. An iot-centric data protection method for preserving security and privacy in cloud. IEEE Syst. J. 2022, 17, 2445–2454. [Google Scholar] [CrossRef]
Donta, P.K.; Murturi, I.; Casamayor Pujol, V.; Sedlak, B.; Dustdar, S. Exploring the potential of distributed computing continuum systems. Computers 2023, 12, 198. [Google Scholar] [CrossRef]
Poojara, S.R.; Dehury, C.K.; Jakovits, P.; Srirama, S.N. Serverless data pipeline approaches for IoT data in fog and cloud computing. Future Gener. Comput. Syst. 2022, 130, 91–105. [Google Scholar] [CrossRef]
Zhang, T.; He, C.; Ma, T.; Gao, L.; Ma, M.; Avestimehr, S. Federated learning for internet of things. In Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems, Coimbra, Portugal, 15–17 November 2021; pp. 413–419. [Google Scholar]
Laidi, R.; Merabtine, N.; Djenouri, D.; Latif, S.; Qadir, H.A.; Djenouri, Y.; Balasingham, I. Federated Learning in IoT Environments: Examining the Three-way See-saw for Privacy, Model-Performance, and Network-Efficiency. IEEE Commun. Surv. Tutor. 2025. [Google Scholar] [CrossRef]
Ni, C.; Cang, L.S.; Gope, P.; Min, G. Data anonymization evaluation for big data and IoT environment. Inf. Sci. 2022, 605, 381–392. [Google Scholar] [CrossRef]
Majeed, A.; Hwang, S.O. The Data Island Problem and Its Mitigation: Are We There Yet? Computer 2024, 57, 95–103. [Google Scholar] [CrossRef]
Zhao, Y.; Zhao, J.; Yang, M.; Wang, T.; Wang, N.; Lyu, L.; Niyato, D.; Lam, K.Y. Local differential privacy-based federated learning for internet of things. IEEE Internet Things J. 2020, 8, 8836–8853. [Google Scholar] [CrossRef]
Khan, L.U.; Saad, W.; Han, Z.; Hossain, E.; Hong, C.S. Federated learning for internet of things: Recent advances, taxonomy, and open challenges. IEEE Commun. Surv. Tutor. 2021, 23, 1759–1799. [Google Scholar] [CrossRef]
Jiang, B.; Li, J.; Yue, G.; Song, H. Differential privacy for industrial internet of things: Opportunities, applications, and challenges. IEEE Internet Things J. 2021, 8, 10430–10451. [Google Scholar] [CrossRef]
Zhang, S.; Zhang, L.; Peng, T.; Liu, Q.; Li, X. VADP: Visitor-attribute-based adaptive differential privacy for IoMT data sharing. Comput. Secur. 2025, 156, 104513. [Google Scholar] [CrossRef]
Islam, M.; Rehmani, M.H.; Gao, L.; Chen, J. An optimized privacy-utility trade-off framework for differentially private data sharing in blockchain-based internet of things. IEEE Internet Things J. 2025, 12, 7778–7792. [Google Scholar] [CrossRef]
Otgonbayar, A.; Pervez, Z.; Dahal, K.; Eager, S. K-VARP: K-anonymity for varied data streams via partitioning. Inf. Sci. 2018, 467, 238–255. [Google Scholar] [CrossRef]
Nasab, A.R.S.; Ghaffarian, H. A new fast framework for anonymizing IoT stream data. In Proceedings of the 2021 5th International Conference on Internet of Things and Applications (IoT), Isfahan, Iran, 19–20 May 2021; pp. 1–5. [Google Scholar]
Onesimu, J.A.; Karthikeyan, J.; Sei, Y. An efficient clustering-based anonymization scheme for privacy-preserving data collection in IoT based healthcare services. Peer-to-Peer Netw. Appl. 2021, 14, 1629–1649. [Google Scholar] [CrossRef]
Li, H.; Guo, F.; Zhang, W.; Wang, J.; Xing, J. (a, k)-Anonymous scheme for privacy-preserving data collection in IoT-based healthcare services systems. J. Med Syst. 2018, 42, 1–9. [Google Scholar] [CrossRef]
Khan, R.; Tao, X.; Anjum, A.; Kanwal, T.; Malik, S.U.R.; Khan, A.; Rehman, W.U.; Maple, C. θ-sensitive k-anonymity: An anonymization model for iot based electronic health records. Electronics 2020, 9, 716. [Google Scholar] [CrossRef]
Guo, J.; Yang, M.; Wan, B. A practical privacy-preserving publishing mechanism based on personalized k-anonymity and temporal differential privacy for wearable iot applications. Symmetry 2021, 13, 1043. [Google Scholar] [CrossRef]
Liu, F.; Li, T. A Clustering K-Anonymity Privacy-Preserving Method for Wearable IoT Devices. Secur. Commun. Netw. 2018, 2018, 4945152. [Google Scholar] [CrossRef]
Coelho, K.K.; Okuyama, M.M.; Nogueira, M.; Vieira, A.B.; Silva, E.F.; Nacif, J.A.M. A Dynamic Approach to Health Data Anonymization by Separatrices. In Proceedings of the 2024 IEEE Symposium on Computers and Communications (ISCC), Paris, France, 26–29 June 2024; pp. 1–6. [Google Scholar]
Mahanan, W.; Chaovalitwongse, W.A.; Natwichai, J. Data anonymization: A novel optimal k-anonymity algorithm for identical generalization hierarchy data in IoT. Serv. Oriented Comput. Appl. 2020, 14, 89–100. [Google Scholar] [CrossRef]
Moqurrab, S.A.; Anjum, A.; Tariq, N.; Srivastava, G. Instant_Anonymity: A lightweight semantic privacy guarantee for 5G-enabled IIoT. IEEE Trans. Ind. Inform. 2022, 19, 951–959. [Google Scholar] [CrossRef]
Wang, B.; Yang, C.; Ma, J. UKVLDP: Utility-Optimized Local Differential Privacy Mechanism for Key-Value IoT Data Collection. IEEE Internet Things J. 2025, 12, 17964–17976. [Google Scholar] [CrossRef]
Huang, W.; Zhou, S.; Zhu, T.; Liao, Y. Privately publishing internet of things data: Bring personalized sampling into differentially private mechanisms. IEEE Internet Things J. 2021, 9, 80–91. [Google Scholar] [CrossRef]
Ni, Y.; Li, J.; Chang, W.; Xiao, J. A LDP-based privacy-preserving longitudinal and multidimensional range query scheme in IOT. IEEE Internet Things J. 2023, 11, 5210–5221. [Google Scholar] [CrossRef]
Gheisari, M.; Shojaeian, E.; Javadpour, A.; Jalili, A.; Esmaeili-Najafabadi, H.; Bigham, B.S.; Vorobeva, A.A.; Liu, Y.; Rezaei, M. An agile privacy-preservation solution for IoT-based smart city using different distributions. IEEE Open J. Veh. Technol. 2023, 4, 356–362. [Google Scholar] [CrossRef]
Zhang, Z.; Wu, T.; Sun, X.; Yu, J. MPDP k-medoids: Multiple partition differential privacy preserving k-medoids clustering for data publishing in the Internet of Medical Things. Int. J. Distrib. Sens. Netw. 2021, 17, 15501477211042543. [Google Scholar] [CrossRef]
Wang, J.; Li, X. Secure medical data collection in the internet of medical things based on local differential privacy. Electronics 2023, 12, 307. [Google Scholar] [CrossRef]
Amjath, M.; Henna, S. EdgeSecureDP: Strengthening IoHTs Differential Privacy Through Graphvariate Skellam. IEEE Access 2024, 13, 1179–1192. [Google Scholar] [CrossRef]
Zhao, F.; Fan, S. Protecting Infinite Data Streams from Wearable Devices with Local Differential Privacy Techniques. Information 2024, 15, 630. [Google Scholar] [CrossRef]
Mudassar, B.; Tahir, S.; Khan, F.; Shah, S.A.; Shah, S.I.; Abbasi, Q.H. Privacy-Preserving data analytics in internet of medical things. Future Internet 2024, 16, 407. [Google Scholar] [CrossRef]
Zhou, Y.; Wang, Z.; Liu, Y. A Local Differential Privacy Hybrid Data Clustering Iterative Algorithm for Edge Computing. Chin. J. Electron. 2024, 33, 1421–1434. [Google Scholar] [CrossRef]
Ren, W.; Tong, X.; Du, J.; Wang, N.; Li, S.C.; Min, G.; Zhao, Z.; Bashir, A.K. Privacy-preserving using homomorphic encryption in Mobile IoT systems. Comput. Commun. 2021, 165, 105–111. [Google Scholar] [CrossRef]
Ramesh, S.; Govindarasu, M. An efficient framework for privacy-preserving computations on encrypted IoT data. IEEE Internet Things J. 2020, 7, 8700–8708. [Google Scholar] [CrossRef]
Yuan, Y.; He, H.; Amirpour, H.; Qu, L.; Timmerer, C.; Chen, F. IoT privacy protection: JPEG-TPE with lower file size expansion and lossless decryption. IEEE Internet Things J. 2024, 11, 23485–23496. [Google Scholar] [CrossRef]
Gao, Y.; Ge, Y.; Ning, J.; Ma, J.; Chen, X. Verifiable Multi-Level Dynamic Searchable Encryption with Forward and Backward Privacy in Cloud-Assisted IoT. IEEE Internet Things J. 2024, 11, 40861–40874. [Google Scholar]
Li, J.; Zhang, Y.; Ning, J.; Huang, X.; Poh, G.S.; Wang, D. Attribute based encryption with privacy protection and accountability for CloudIoT. IEEE Trans. Cloud Comput. 2020, 10, 762–773. [Google Scholar] [CrossRef]
Yan, H.; Wang, Y.; Jia, C.; Li, J.; Xiang, Y.; Pedrycz, W. IoT-FBAC: Function-based access control scheme using identity-based encryption in IoT. Future Gener. Comput. Syst. 2019, 95, 344–353. [Google Scholar] [CrossRef]
Sun, Y.; Chatterjee, P.; Chen, Y.; Zhang, Y. Efficient identity-based encryption with revocation for data privacy in internet of things. IEEE Internet Things J. 2021, 9, 2734–2743. [Google Scholar] [CrossRef]
Saračević, M.H.; Adamović, S.Z.; Miškovic, V.A.; Elhoseny, M.; Maček, N.D.; Selim, M.M.; Shankar, K. Data encryption for internet of things applications based on catalan objects and two combinatorial structures. IEEE Trans. Reliab. 2020, 70, 819–830. [Google Scholar] [CrossRef]
Sharma, D.; Jinwala, D. Functional encryption in IoT E-health care system. In Proceedings of the Information Systems Security: 11th International Conference, ICISS 2015, Kolkata, India, 16–20 December 2015; pp. 345–363. [Google Scholar]
Clemente-Lopez, D.; de Jesus Rangel-Magdaleno, J.; Muñoz-Pacheco, J.M. A lightweight chaos-based encryption scheme for IoT healthcare systems. Internet Things 2024, 25, 101032. [Google Scholar] [CrossRef]
Jain, K.; Titus, B.; Krishnan, P.; Sudevan, S.; Prabu, P.; Alluhaidan, A.S. A lightweight multi-chaos-based image encryption Scheme for IoT Networks. IEEE Access 2024, 12, 62118–62148. [Google Scholar] [CrossRef]
Ali, M.S.; Dolui, K.; Antonelli, F. IoT data privacy via blockchains and IPFS. In Proceedings of the Seventh International Conference on the Internet of Things, Linz, Austria, 22–25 October 2017; pp. 1–7. [Google Scholar]
Loukil, F.; Ghedira-Guegan, C.; Boukadi, K.; Benharkat, A.N.; Benkhelifa, E. Data privacy based on IoT device behavior control using blockchain. ACM Trans. Internet Technol. (TOIT) 2021, 21, 1–20. [Google Scholar] [CrossRef]
Chanson, M.; Bogner, A.; Bilgeri, D.; Fleisch, E.; Wortmann, F. Blockchain for the IoT: Privacy-preserving protection of sensor data. J. Assoc. Inf. Syst. 2019, 20, 1274–1309. [Google Scholar] [CrossRef]
Le Nguyen, B.; Lydia, E.L.; Elhoseny, M.; Pustokhina, I.; Pustokhin, D.A.; Selim, M.M.; Nguyen, G.N.; Shankar, K. Privacy preserving blockchain technique to achieve secure and reliable sharing of IoT data. Comput. Mater. Contin. 2020, 65, 87–107. [Google Scholar] [CrossRef]
Xu, C.; Qu, Y.; Luan, T.H.; Eklund, P.W.; Xiang, Y.; Gao, L. A lightweight and attack-proof bidirectional blockchain paradigm for internet of things. IEEE Internet Things J. 2021, 9, 4371–4384. [Google Scholar] [CrossRef]
Tchagna Kouanou, A.; Tchito Tchapga, C.; Sone Ekonde, M.; Monthe, V.; Mezatio, B.A.; Manga, J.; Simo, G.R.; Muhozam, Y. Securing data in an internet of things network using blockchain technology: Smart home case. SN Comput. Sci. 2022, 3, 167. [Google Scholar] [CrossRef]
Li, T.; Wang, H.; He, D.; Yu, J. Blockchain-based privacy-preserving and rewarding private data sharing for IoT. IEEE Internet Things J. 2022, 9, 15138–15149. [Google Scholar] [CrossRef]
Li, C.; Dong, M.; Xin, X.; Li, J.; Chen, X.B.; Ota, K. Efficient privacy preserving in IoMT with blockchain and lightweight secret sharing. IEEE Internet Things J. 2023, 10, 22051–22064. [Google Scholar] [CrossRef]
Padma, A.; Ramaiah, M. Blockchain based an efficient and secure privacy preserved framework for smart cities. IEEE Access 2024, 12, 21985–22002. [Google Scholar] [CrossRef]
Ma, Z.; Wang, L.; Zhao, W. Blockchain-driven trusted data sharing with privacy protection in IoT sensor network. IEEE Sens. J. 2020, 21, 25472–25479. [Google Scholar] [CrossRef]
Tso, R.; Alelaiwi, A.; Mizanur Rahman, S.M.; Wu, M.E.; Hossain, M.S. Privacy-preserving data communication through secure multi-party computation in healthcare sensor cloud. J. Signal Process. Syst. 2017, 89, 51–59. [Google Scholar] [CrossRef]
Yi, X.; Bouguettaya, A.; Georgakopoulos, D.; Song, A.; Willemson, J. Privacy protection for wireless medical sensor data. IEEE Trans. Dependable Secur. Comput. 2015, 13, 369–380. [Google Scholar] [CrossRef]
Luo, E.; Bhuiyan, M.Z.A.; Wang, G.; Rahman, M.A.; Wu, J.; Atiquzzaman, M. Privacyprotector: Privacy-protected patient data collection in IoT-based healthcare systems. IEEE Commun. Mag. 2018, 56, 163–168. [Google Scholar] [CrossRef]
Ma, L.; Duan, B.; Zhang, B.; Li, Y.; Fu, Y.; Ma, D. A trusted IoT data sharing method based on secure multi-party computation. J. Cloud Comput. 2024, 13, 138. [Google Scholar] [CrossRef]
Goyal, H.; Saha, S. Multi-party computation in iot for privacy-preservation. In Proceedings of the 2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS), Bologna, Italy, 10–13 July 2022; pp. 1280–1281. [Google Scholar]
Liu, D.; Yu, G.; Zhong, Z.; Song, Y. Secure multi-party computation with secret sharing for real-time data aggregation in IIoT. Comput. Commun. 2024, 224, 159–168. [Google Scholar] [CrossRef]
Siddique, A.A.; Boulila, W.; Alshehri, M.S.; Ahmed, F.; Gadekallu, T.R.; Victor, N.; Qadri, M.T.; Ahmad, J. Privacy-enhanced pneumonia diagnosis: IoT-enabled federated multi-party computation in industry 5.0. IEEE Trans. Consum. Electron. 2023, 70, 1923–1939. [Google Scholar] [CrossRef]
Bao, Y.; Wei, L.; Han, D. Efficient and Secure Multi-Party Private Set Operation Protocol Suitable for IoT Devices. In Proceedings of the 2023 International Conference on Artificial Intelligence, Systems and Network Security, Mianyang, China, 22–24 December 2023; pp. 283–290. [Google Scholar]
Ramakrishnan, J. Achieving High Efficiency and Privacy in IoT with Federated Learning: A Verifiable Horizontal Approach. IEEE Access 2025, 13, 48587–48604. [Google Scholar] [CrossRef]
Nguyen, D.C.; Ding, M.; Pathirana, P.N.; Seneviratne, A.; Li, J.; Poor, H.V. Federated learning for internet of things: A comprehensive survey. IEEE Commun. Surv. Tutor. 2021, 23, 1622–1658. [Google Scholar] [CrossRef]
Wang, D.; Shi, S.; Zhu, Y.; Han, Z. Federated analytics: Opportunities and challenges. IEEE Netw. 2021, 36, 151–158. [Google Scholar] [CrossRef]
Sun, W.; Tang, M.; Zhang, L.; Huo, Z.; Shu, L. A survey of using swarm intelligence algorithms in IoT. Sensors 2020, 20, 1420. [Google Scholar] [CrossRef]
Molina, R.S.; Ninkovic, V.; Vukobratovic, D.; Crespo, M.L.; Zennaro, M. Efficient Split Learning LSTM Models for FPGA-based Edge IoT Devices. arXiv 2025, arXiv:2502.08692. [Google Scholar]
Yin, L.; Feng, J.; Xun, H.; Sun, Z.; Cheng, X. A privacy-preserving federated learning for multiparty data sharing in social IoTs. IEEE Trans. Netw. Sci. Eng. 2021, 8, 2706–2718. [Google Scholar] [CrossRef]
Gu, C.; Cui, X.; Zhu, X.; Hu, D. FL2DP: Privacy-preserving federated learning via differential privacy for artificial IoT. IEEE Trans. Ind. Inform. 2023, 20, 5100–5111. [Google Scholar] [CrossRef]
Li, J.; Meng, Y.; Ma, L.; Du, S.; Zhu, H.; Pei, Q.; Shen, X. A federated learning based privacy-preserving smart healthcare system. IEEE Trans. Ind. Inform. 2021, 18, 2021–2031. [Google Scholar] [CrossRef]
Nair, A.K.; Sahoo, J.; Raj, E.D. Privacy preserving Federated Learning framework for IoMT based big data analysis using edge computing. Comput. Stand. Interfaces 2023, 86, 103720. [Google Scholar] [CrossRef]
Akter, M.; Moustafa, N.; Lynar, T.; Razzak, I. Edge intelligence: Federated learning-based privacy protection framework for smart healthcare systems. IEEE J. Biomed. Health Inform. 2022, 26, 5805–5816. [Google Scholar] [CrossRef] [PubMed]
Higgins, G.; Razavi-Far, R.; Zhang, X.; David, A.; Ghorbani, A.; Ge, T. Towards privacy-preserving split learning: Destabilizing adversarial inference and reconstruction attacks in the cloud. Internet Things 2025, 31, 101558. [Google Scholar] [CrossRef]
Wu, M.; Cheng, G.; Li, P.; Yu, R.; Wu, Y.; Pan, M.; Lu, R. Split learning with differential privacy for integrated terrestrial and non-terrestrial networks. IEEE Wirel. Commun. 2023, 31, 177–184. [Google Scholar] [CrossRef]
Alhindi, A.; Al-Ahmadi, S.; Ismail, M.M.B. Balancing Privacy and Utility in Split Learning: An Adversarial Channel Pruning-Based Approach. IEEE Access 2025, 13, 10094–10110. [Google Scholar] [CrossRef]
Pham, N.D.; Abuadbba, A.; Gao, Y.; Phan, K.T.; Chilamkurti, N. Binarizing split learning for data privacy enhancement and computation reduction. IEEE Trans. Inf. Forensics Secur. 2023, 18, 3088–3100. [Google Scholar] [CrossRef]
Feng, X.; Jia, R.; Luo, C.; Leung, V.C.; Xu, W. SLwF: A Split Learning Without Forgetting Framework for Internet of Things. IEEE Internet Things J. 2024, 12, 12008–12020. [Google Scholar] [CrossRef]
Soewito, B.; Marcellinus, Y. IoT security system with modified Zero Knowledge Proof algorithm for authentication. Egypt. Inform. J. 2021, 22, 269–276. [Google Scholar] [CrossRef]
Ramezan, G.; Meamari, E. zk-IoT: Securing the internet of things with zero-knowledge proofs on blockchain platforms. In Proceedings of the 2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Dublin, Ireland, 27–31 May 2024; pp. 1–7. [Google Scholar]
Commey, D.; Hounsinou, S.; Crosby, G.V. Securing Blockchain-based IoT Systems with Physical Unclonable Functions and Zero-Knowledge Proofs. In Proceedings of the 2024 IEEE 49th Conference on Local Computer Networks (LCN), Caen, France, 7–10 October 2024; pp. 1–7. [Google Scholar]
Jiang, W.; Lv, X. A distributed internet of vehicles data privacy protection method based on zero-knowledge proof and blockchain. IEEE Trans. Veh. Technol. 2023, 73, 6332–6345. [Google Scholar] [CrossRef]
Feng, T.; Yang, P.; Liu, C.; Fang, J.; Ma, R. Blockchain Data Privacy Protection and Sharing Scheme Based on Zero-Knowledge Proof. Wirel. Commun. Mob. Comput. 2022, 2022, 1040662. [Google Scholar] [CrossRef]
Bharathi, S.P.; Subin, P.G.; Hariharan, R.; Balaji, T.; Balaji, S. Generative AI for Synthetic Data Generation in IoT-Based Healthcare Systems. In Proceedings of the 2024 Second International Conference Computational and Characterization Techniques in Engineering & Sciences (IC3TES), Lucknow, India, 15–16 November 2024; pp. 1–5. [Google Scholar]
Singh, A.; Sikdar, B. A Game Theoretic Adversarial Synthetic Data Generation Method to Address Privacy Concerns in the Use of Deep Learning Models for IoT Applications. In Proceedings of the 2023 IEEE 9th World Forum on Internet of Things (WF-IoT), Aveiro, Portugal, 12–27 October 2023; pp. 1–6. [Google Scholar]
Gkoulis, D. Creating interpretable synthetic time series for enhancing the design and implementation of Internet of Things (IoT) solutions. Internet Things 2025, 30, 101500. [Google Scholar] [CrossRef]
Alawad, F.; Herrmann, P.; Thambawita, V. Integrating Synthetic Data Modelling into an Adaptive Sampling Framework for IoT Devices. In Proceedings of the 2024 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics, Copenhagen, Denmark, 19–22 August 2024; pp. 300–307. [Google Scholar]
Hindistan, Y.S.; Yetkin, E.F. A hybrid approach with GAN and DP for privacy preservation of IIoT data. IEEE Access 2023, 11, 5837–5849. [Google Scholar] [CrossRef]
Ribeiro, S.L.; Nakamura, E.T. Privacy protection with pseudonymization and anonymization in a health IoT system: Results from ocariot. In Proceedings of the 2019 IEEE 19th International Conference on Bioinformatics and Bioengineering (BIBE), Athens, Greece, 28–30 October 2019; pp. 904–908. [Google Scholar]
Zhang, K.; Tsai, P.W.; Tian, J.; Zhao, W.; Cai, X.; Gao, L.; Chen, J. Towards Privacy in Decentralized IoT: A Blockchain-Based Dual Response DP Mechanism. Big Data Min. Anal. 2024, 7, 699–717. [Google Scholar] [CrossRef]
Saleem, Y.; Rehmani, M.H.; Crespi, N.; Minerva, R. Parking recommender system privacy preservation through anonymization and differential privacy. Eng. Rep. 2021, 3, e12297. [Google Scholar] [CrossRef]
Khaliq, A.A.; Anjum, A.; Ajmal, A.B.; Webber, J.L.; Mehbodniya, A.; Khan, S. A secure and privacy preserved parking recommender system using elliptic curve cryptography and local differential privacy. IEEE Access 2022, 10, 56410–56426. [Google Scholar] [CrossRef]
Ali, W.; Nauman, M.; Azam, N. A privacy enhancing model for Internet of Things using three-way decisions and differential privacy. Comput. Electr. Eng. 2022, 100, 107894. [Google Scholar] [CrossRef]
Sareddy, M.R.; Khan, S. Role-Based Access Control, Secure Multi-Party Computation, and Hierarchical Identity-Based Encryption: Combining AI to Improve Mobile Healthcare Security. In Proceedings of the 2024 International Conference on Emerging Research in Computational Science (ICERCS), Coimbatore, India, 12–14 December 2024; pp. 1–5. [Google Scholar]
Owusu-Agyemeng, K.; Qin, Z.; Xiong, H.; Liu, Y.; Zhuang, T.; Qin, Z. MSDP: Multi-scheme privacy-preserving deep learning via differential privacy. Pers. Ubiquitous Comput. 2023, 27, 221–233. [Google Scholar] [CrossRef]
Gai, K.; Wu, Y.; Zhu, L.; Zhang, Z.; Qiu, M. Differential privacy-based blockchain for industrial internet-of-things. IEEE Trans. Ind. Inform. 2019, 16, 4156–4165. [Google Scholar] [CrossRef]
Yin, X.C.; Liu, Z.G.; Ndibanje, B.; Nkenyereye, L.; Riazul Islam, S. An IoT-based anonymous function for security and privacy in healthcare sensor networks. Sensors 2019, 19, 3146. [Google Scholar] [CrossRef] [PubMed]
Kashif, M.; Kalkan, K. Differential privacy preserving based framework using blockchain for internet-of-things. Peer-to-Peer Netw. Appl. 2025, 18, 1–23. [Google Scholar] [CrossRef]
Yang, Y.; Wu, J.; Long, C.; Liang, W.; Lin, Y.B. Blockchain-enabled multiparty computation for privacy preserving and public audit in industrial IoT. IEEE Trans. Ind. Inform. 2022, 18, 9259–9267. [Google Scholar] [CrossRef]
Xu, L.; Bao, T.; Zhu, L. Blockchain empowered differentially private and auditable data publishing in industrial IoT. IEEE Trans. Ind. Inform. 2020, 17, 7659–7668. [Google Scholar] [CrossRef]
Tekchandani, P.; Bisht, A.; Das, A.K.; Kumar, N.; Karuppiah, M.; Vijayakumar, P.; Park, Y. Blockchain-Enabled Secure Collaborative Model Learning using Differential Privacy for IoT-Based Big Data Analytics. IEEE Trans. Big Data 2024, 11, 141–156. [Google Scholar] [CrossRef]
Yang, Y.; Wei, L.; Wu, J.; Long, C. Block-smpc: A blockchain-based secure multi-party computation for privacy-protected data sharing. In Proceedings of the 2020 2nd International Conference on Blockchain Technology, Rhodes, Greece, 2–6 November 2020; pp. 46–51. [Google Scholar]
Jiang, R.; Long, C.; Yang, M.; Liang, Z. Application of Multi-Party Computation in Data Security and Privacy Protection under the Context of Blockchain. In Proceedings of the 2024 Second International Conference on Inventive Computing and Informatics (ICICI), Bangalore, India, 11–12 June 2024; pp. 683–688. [Google Scholar]
Jiang, X.; Zhou, X.; Grossklags, J. Distributed Synthetic Time-Series Data Generation with Local Differentially Private Federated Learning. IEEE Access 2024, 12, 157067–157082. [Google Scholar] [CrossRef]
Khan, L.U.; Guizani, M.; Al-Fuqaha, A.; Hong, C.S.; Niyato, D.; Han, Z. A joint communication and learning framework for hierarchical split federated learning. IEEE Internet Things J. 2023, 11, 268–282. [Google Scholar] [CrossRef]
Jamil, H.; Jian, Y.; Jamil, F.; Ahmad, S. Swarm Learning Empowered Federated Deep Learning for Seamless Smartphone-Based Activity Recognition. IEEE Trans. Consum. Electron. 2024, 70, 6919–6935. [Google Scholar] [CrossRef]
Petrosino, L.; Masi, L.; D’Antoni, F.; Merone, M.; Vollero, L. A zero-knowledge proof federated learning on DLT for healthcare data. J. Parallel Distrib. Comput. 2025, 196, 104992. [Google Scholar] [CrossRef]
Yu, H.; Xu, R.; Zhang, H.; Yang, Z.; Liu, H. EV-FL: Efficient verifiable federated learning with weighted aggregation for industrial IoT networks. IEEE/ACM Trans. Netw. 2023, 32, 1723–1737. [Google Scholar] [CrossRef]
Elayan, H.; Aloqaily, M.; Guizani, M. Sustainability of healthcare data analysis IoT-based systems using deep federated learning. IEEE Internet Things J. 2021, 9, 7338–7346. [Google Scholar] [CrossRef]
Zhang, X.; Parra-Ullauri, J.M.; Moazzeni, S.; Vasilakos, X.; Nejabati, R.; Simeonidou, D. Federated analytics with data augmentation in domain generalization towards future networks. IEEE Trans. Mach. Learn. Commun. Netw. 2024, 2, 560–579. [Google Scholar] [CrossRef]
Farahani, B.; Monsefi, A.K. Smart and collaborative industrial IoT: A federated learning and data space approach. Digit. Commun. Netw. 2023, 9, 436–447. [Google Scholar] [CrossRef]
Xu, H.; Seng, K.P.; Smith, J.; Ang, L.M. Multi-level split federated learning for large-scale AIoT system based on smart cities. Future Internet 2024, 16, 82. [Google Scholar] [CrossRef]
Chen, Z.; Tian, P.; Liao, W.; Yu, W. Zero knowledge clustering based adversarial mitigation in heterogeneous federated learning. IEEE Trans. Netw. Sci. Eng. 2020, 8, 1070–1083. [Google Scholar] [CrossRef]
Duan, Q.; Hu, S.; Deng, R.; Lu, Z. Combined federated and split learning in edge computing for ubiquitous intelligence in internet of things: State-of-the-art and future directions. Sensors 2022, 22, 5983. [Google Scholar] [CrossRef]
Hukkeri, G.S.; Goudar, R.; Dhananjaya, G.; Rathod, V.N.; Ankalaki, S. Split-Fed Learning: A Deep Dive into Methods, Innovations and Future Prospects for Data Privacy and Efficiency in Decentralized Machine Learning. IEEE Access 2025, 13, 46312–46333. [Google Scholar] [CrossRef]
Pham, N.D.; Phan, K.T.; Chilamkurti, N. Enhancing Accuracy-Privacy Trade-off in Differentially Private Split Learning. IEEE Trans. Emerg. Top. Comput. Intell. 2024, 9, 988–1000. [Google Scholar] [CrossRef]
Xiong, Z.; Cai, Z.; Takabi, D.; Li, W. Privacy threat and defense for federated learning with non-iid data in AIoT. IEEE Trans. Ind. Inform. 2021, 18, 1310–1321. [Google Scholar] [CrossRef]
Singh, S.; Rathore, S.; Alfarraj, O.; Tolba, A.; Yoon, B. A framework for privacy-preservation of IoT healthcare data using Federated Learning and blockchain technology. Future Gener. Comput. Syst. 2022, 129, 380–388. [Google Scholar] [CrossRef]
Zhang, L.; Xu, J.; Vijayakumar, P.; Sharma, P.K.; Ghosh, U. Homomorphic encryption-based privacy-preserving federated learning in IoT-enabled healthcare system. IEEE Trans. Netw. Sci. Eng. 2022, 10, 2864–2880. [Google Scholar] [CrossRef]
Liu, S.; Xin, L.; Lyu, X.; Ren, C. Masking-enabled Data Protection Approach for Accurate Split Learning. In Proceedings of the 2023 IEEE Wireless Communications and Networking Conference (WCNC), Glasgow, UK, 26–29 March 2023; pp. 1–6. [Google Scholar]
Ibrahim Khalaf, O.; Algburi, S.; S, A.; Selvaraj, D.; Sharif, M.S.; Elmedany, W. Federated learning with hybrid differential privacy for secure and reliable cross-IoT platform knowledge sharing. Secur. Priv. 2024, 7, e374. [Google Scholar] [CrossRef]
Zhu, B.; Niu, L. A privacy-preserving federated learning scheme with homomorphic encryption and edge computing. Alex. Eng. J. 2025, 118, 11–20. [Google Scholar] [CrossRef]
Chen, Y.T.; Hsu, C.Y.; Yu, C.M.; Barhamgi, M.; Perera, C. On the private data synthesis through deep generative models for data scarcity of industrial internet of things. IEEE Trans. Ind. Inform. 2021, 19, 551–560. [Google Scholar] [CrossRef]
Kumar, R.; Tripathi, R. DBTP2SF: A deep blockchain-based trustworthy privacy-preserving secured framework in industrial internet of things systems. Trans. Emerg. Telecommun. Technol. 2021, 32, e4222. [Google Scholar] [CrossRef]
Babu, S.B.; Jothi, K. A Secure Framework for Privacy-Preserving Analytics in Healthcare Records Using Zero-Knowledge Proofs and Blockchain in Multi-Tenant Cloud Environments. IEEE Access 2024, 13, 8439–8455. [Google Scholar] [CrossRef]
Ahmadi, M.; Nourmohammadi, R. zkFDL: An efficient and privacy-preserving decentralized federated learning with zero knowledge proof. In Proceedings of the 2024 IEEE 3rd International Conference on AI in Cybersecurity (ICAIC), Houston, TX, USA, 7–9 February 2024; pp. 1–10. [Google Scholar]
Zhao, Y.; Zhao, J.; Jiang, L.; Tan, R.; Niyato, D.; Li, Z.; Lyu, L.; Liu, Y. Privacy-preserving blockchain-based federated learning for IoT devices. IEEE Internet Things J. 2020, 8, 1817–1829. [Google Scholar] [CrossRef]
Yan, X.; Miao, Y.; Li, X.; Choo, K.K.R.; Meng, X.; Deng, R.H. Privacy-preserving asynchronous federated learning framework in distributed IoT. IEEE Internet Things J. 2023, 10, 13281–13291. [Google Scholar] [CrossRef]
Ndeko, J.; Shaon, S.; Beal, A.; Sahoo, A.; Nguyen, D.C. Federated Split Learning for Human Activity Recognition with Differential Privacy. arXiv 2024, arXiv:2411.06263. [Google Scholar]
Ebrahimi, E.; Sober, M.; Hoang, A.T.; Ileri, C.U.; Sanders, W.; Schulte, S. Blockchain-based federated learning utilizing zero-knowledge proofs for verifiable training and aggregation. In Proceedings of the 2024 IEEE International Conference on Blockchain (Blockchain), Copenhagen, Denmark, 19–22 August 2024; pp. 54–63. [Google Scholar]
Andriambelo, N.H.; Moradpoor, N. Enhancing Security and Privacy in Federated Learning for Connected Autonomous Vehicles with Lightweight Blockchain and Binius ZeroKnowledge Proofs. In Proceedings of the 2024 17th International Conference on Security of Information and Networks (SIN), Sydney, Australia, 2–4 December 2024; pp. 1–8. [Google Scholar]
Anitha, R.; Murugan, M. Privacy-preserving collaboration in blockchain-enabled IoT: The synergy of modified homomorphic encryption and federated learning. Int. J. Commun. Syst. 2024, 37, e5955. [Google Scholar] [CrossRef]
Mou, W.; Fu, C.; Lei, Y.; Hu, C. A verifiable federated learning scheme based on secure multi-party computation. In Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications, Nanjing, China, 25–27 June 2021; pp. 198–209. [Google Scholar]
Maurya, J.; Prakash, S. Privacy preservation in federated learning, its attacks and defenses using SMC-GAN. In Proceedings of the 2023 Third International Conference on Secure Cyber Computing and Communication (ICSCCC), Jalandhar, India, 26–28 May 2023; pp. 55–60. [Google Scholar]
Aziz, R.; Banerjee, S.; Bouzefrane, S.; Le Vinh, T. Exploring homomorphic encryption and differential privacy techniques towards secure federated learning paradigm. Future Internet 2023, 15, 310. [Google Scholar] [CrossRef]
Liu, Y.; Liu, P.; Jing, W.; Song, H.H. Pd2s: A privacy-preserving differentiated data sharing scheme based on blockchain and federated learning. IEEE Internet Things J. 2023, 10, 21489–21501. [Google Scholar] [CrossRef]
Arumugam, S.; Shandilya, S.K.; Bacanin, N. Federated learning-based privacy preservation with blockchain assistance in IoT 5G heterogeneous networks. J. Web Eng. 2022, 21, 1323–1346. [Google Scholar] [CrossRef]
Abaoud, M.; Almuqrin, M.A.; Khan, M.F. Advancing federated learning through novel mechanism for privacy preservation in healthcare applications. IEEE Access 2023, 11, 83562–83579. [Google Scholar] [CrossRef]
Du, M.; Yang, P.; Liu, Y.; Tian, W.; Xiong, Z.; Han, Z. RDP-FedGAN: A Rényi-Differential Privacy Empowered Federated Learning GAN in Smart Parking. IEEE Trans. Veh. Technol. 2024, 74, 100–109. [Google Scholar] [CrossRef]
Jia, B.; Zhang, X.; Liu, J.; Zhang, Y.; Huang, K.; Liang, Y. Blockchain-enabled federated learning data protection aggregation scheme with differential privacy and homomorphic encryption in IIoT. IEEE Trans. Ind. Inform. 2021, 18, 4049–4058. [Google Scholar] [CrossRef]
Hussain, A.; Akbar, W.; Hussain, T.; Bashir, A.K.; Al Dabel, M.M.; Ali, F.; Yang, B. Ensuring zero trust IoT data privacy: Differential privacy in blockchain using federated learning. IEEE Trans. Consum. Electron. 2024. [Google Scholar] [CrossRef]
Sarkar, S.; Mohanty, T.; Srivastava, V.; Debnath, S.K.; Das, A.K.; Park, Y. Quantum Secure Disease Surveillance Through Private Set Intersection. IEEE Trans. Consum. Electron. 2024, 70, 5585–5596. [Google Scholar] [CrossRef]
Mansoor, K.; Afzal, M.; Iqbal, W.; Abbas, Y. Securing the future: Exploring post-quantum cryptography for authentication and user privacy in IoT devices. Clust. Comput. 2025, 28, 93. [Google Scholar] [CrossRef]
Alam, M.M.; Arora, A.; Bhatt, A.; Devliyal, S.; Aluvala, S. Cryptographic Algorithms for IoT Devices: A Quantum Analysis. In Proceedings of the 2024 3rd International Conference for Innovation in Technology (INOCON), Bangalore, India, 1–3 March 2024; pp. 1–7. [Google Scholar]
Sheetal; Deepa, A.A. Securing Trust in the Connected World: Exploring IoT Security for Privacy in Connected Environments. In Proceedings of the 2024 International Conference on Trends in Quantum Computing and Emerging Business Technologies, Pune, India, 22–23 March 2024; pp. 1–6. [Google Scholar]
Irshad, R.R.; Hussain, S.; Hussain, I.; Nasir, J.A.; Zeb, A.; Alalayah, K.M.; Alattab, A.A.; Yousif, A.; Alwayle, I.M. IoT-enabled secure and scalable cloud architecture for multi-user systems: A hybrid post-quantum cryptographic and blockchain-based approach toward a trustworthy cloud computing. IEEE Access 2023, 11, 105479–105498. [Google Scholar] [CrossRef]
Dileep, M.; Vineeth, L.; Avula, S.R.; Navaneeth, A. Preserving the Privacy in IoT Medical data in Edge Computing using Modified AES Model with Discrete-Time Alternating Quantum Walk. In Proceedings of the 2023 International Conference on Evolutionary Algorithms and Soft Computing Techniques (EASCT), Bengaluru, India, 20–21 October 2023; pp. 1–6. [Google Scholar]
Hasan, M.M.; Hasan, M.K.; Muniyandi, R.C.; Islam, S.; Goh, S.L. Privacy-Preserving Quantum Key Distribution Ensemble Paillier Cryptosystem for Securing IoT Based Smart Metering System. In Proceedings of the 2024 IEEE International Conference on Artificial Intelligence in Engineering and Technology (IICAIET), Kota Kinabalu, Sabah, 26–28 August 2024; pp. 603–608. [Google Scholar]
Malina, L.; Dzurenda, P.; Ricci, S.; Hajny, J.; Srivastava, G.; Matulevičius, R.; Affia, A.A.O.; Laurent, M.; Sultan, N.H.; Tang, Q. Post-quantum era privacy protection for intelligent infrastructures. IEEE Access 2021, 9, 36038–36077. [Google Scholar] [CrossRef]
Li, D.; Huang, X.; Huang, W.; Gao, F.; Yan, S. Espquery: An enhanced secure scheme for privacy-preserving query based on untrusted devices in the internet of things. IEEE Internet Things J. 2020, 8, 7229–7240. [Google Scholar] [CrossRef]
Fernández-Caramés, T.M. From pre-quantum to post-quantum IoT security: A survey on quantum-resistant cryptosystems for the Internet of Things. IEEE Internet Things J. 2019, 7, 6457–6480. [Google Scholar] [CrossRef]
Mohanty, T.; Srivastava, V.; Debnath, S.K.; Das, A.K.; Sikdar, B. Quantum secure threshold private set intersection protocol for IoT-enabled privacy-preserving ride-sharing application. IEEE Internet Things J. 2023, 11, 1761–1772. [Google Scholar] [CrossRef]
Namakshenas, D.; Yazdinejad, A.; Dehghantanha, A.; Srivastava, G. Federated quantum-based privacy-preserving threat detection model for consumer internet of things. IEEE Trans. Consum. Electron. 2024, 70, 5829–5838. [Google Scholar] [CrossRef]
Aleisa, M.A. Blockchain-Enabled Zero Trust Architecture for Privacy-Preserving Cybersecurity in IoT Environments. IEEE Access 2025, 13, 18660–18676. [Google Scholar] [CrossRef]
Liu, Z.; Choo, K.K.R.; Grossschadl, J. Securing edge devices in the post-quantum internet of things using lattice-based cryptography. IEEE Commun. Mag. 2018, 56, 158–162. [Google Scholar] [CrossRef]
Shi, R.H.; Yu, H. Privacy-preserving range query quantum scheme with single photons in edge-based Internet of Things. IEEE Trans. Netw. Serv. Manag. 2023, 20, 4923–4936. [Google Scholar] [CrossRef]
Shi, R.H.; Fang, X.Q. Quantum scheme for privacy-preserving range max/min query in edge-based internet of things. IEEE Trans. Netw. Serv. Manag. 2024, 21, 6827–6838. [Google Scholar] [CrossRef]
Yi, H. Secure social internet of things based on post-quantum blockchain. IEEE Trans. Netw. Sci. Eng. 2021, 9, 950–957. [Google Scholar] [CrossRef]
Cao, J.; Yu, P.; Xiang, X.; Ma, M.; Li, H. Anti-quantum fast authentication and data transmission scheme for massive devices in 5G NB-IoT system. IEEE Internet Things J. 2019, 6, 9794–9805. [Google Scholar] [CrossRef]
Imteaj, A.; Thakker, U.; Wang, S.; Li, J.; Amini, M.H. A survey on federated learning for resource-constrained IoT devices. IEEE Internet Things J. 2021, 9, 1–24. [Google Scholar] [CrossRef]
Dorri, A.; Kanhere, S.S.; Jurdak, R.; Gauravaram, P. Blockchain for IoT security and privacy: The case study of a smart home. In Proceedings of the 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Kona, HI, USA, 13–17 March 2017; pp. 618–623. [Google Scholar]
Rutledge, R.L.; Massey, A.K.; Antón, A.I. Privacy impacts of IoT devices: A SmartTV case study. In Proceedings of the 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), Beijing, China, 12–16 September 2016; pp. 261–270. [Google Scholar]
Lazzaro, S.; De Angelis, V.; Mandalari, A.M.; Buccafurri, F. A black-box assessment of authentication and reliability in consumer IoT Devices. Pervasive Mob. Comput. 2025, 110, 102045. [Google Scholar] [CrossRef]
Yang, Y.; Wu, L.; Yin, G.; Li, L.; Zhao, H. A survey on security and privacy issues in Internet-of-Things. IEEE Internet Things J. 2017, 4, 1250–1258. [Google Scholar] [CrossRef]
Torre, D.; Chennamaneni, A.; Rodriguez, A. Privacy-preservation techniques for IoT devices: A systematic mapping study. IEEE Access 2023, 11, 16323–16345. [Google Scholar] [CrossRef]
Porambage, P.; Ylianttila, M.; Schmitt, C.; Kumar, P.; Gurtov, A.; Vasilakos, A.V. The quest for privacy in the internet of things. IEEE Cloud Comput. 2016, 3, 36–45. [Google Scholar] [CrossRef]
Qiao, C.; Li, M.; Liu, Y.; Tian, Z. Transitioning from federated learning to quantum federated learning in internet of things: A comprehensive survey. IEEE Commun. Surv. Tutor. 2024, 27, 509–545. [Google Scholar] [CrossRef]
Sun, G.; Cong, Y.; Dong, J.; Wang, Q.; Lyu, L.; Liu, J. Data poisoning attacks on federated machine learning. IEEE Internet Things J. 2021, 9, 11365–11375. [Google Scholar] [CrossRef]
Albshaier, L.; Almarri, S.; Albuali, A. Federated Learning for Cloud and Edge Security: A Systematic Review of Challenges and AI Opportunities. Electronics 2025, 14, 1019. [Google Scholar] [CrossRef]
Ou, L.; Qin, Z.; Liao, S.; Weng, J.; Jia, X. An optimal noise mechanism for cross-correlated IoT data releasing. IEEE Trans. Dependable Secur. Comput. 2020, 18, 1528–1540. [Google Scholar] [CrossRef]
Zhang, Y.; He, Q.; Chen, G.; Zhang, X.; Xiang, Y. A low-overhead, confidentiality-assured, and authenticated data acquisition framework for IoT. IEEE Trans. Ind. Inform. 2019, 16, 7566–7578. [Google Scholar] [CrossRef]
Nie, S.; Ren, J.; Wu, R.; Han, P.; Han, Z.; Wan, W. Zero-Trust Access Control Mechanism Based on Blockchain and Inner-Product Encryption in the Internet of Things in a 6G Environment. Sensors 2025, 25, 550. [Google Scholar] [CrossRef] [PubMed]
Mahalle, P.N.; Patil, R.V.; Dey, N.; Crespo, R.G.; Sherratt, R.S. Explainable AI for human-centric ethical IoT systems. IEEE Trans. Comput. Soc. Syst. 2023, 11, 3407–3419. [Google Scholar]
Pan, Y.; Su, Z.; Wang, Y.; Li, R.; Wu, Y. Privacy-Enhanced and Efficient Federated Knowledge Transfer Framework in IoT. IEEE Internet Things J. 2024, 11, 37630–37644. [Google Scholar] [CrossRef]
Luo, D.; Sun, G.; Yu, H.; Guizani, M. Blockchain-Based Cross-Domain Authentication with Dynamic Domain Participation in IoT. IEEE Internet Things J. 2024, 12, 5385–5395. [Google Scholar] [CrossRef]
Vardalachakis, M.; Tampouratzis, M. Privacy Preservation in IoT: Anonymization Methods and Best Practices. In Proceedings of the 2024 5th International Conference on Communications, Information, Electronic and Energy Systems (CIEES), Veliko Tarnovo, Bulgaria, 20–22 November 2024; pp. 1–6. [Google Scholar]
Yin, X.; Wang, S.; Zhu, Y.; Hu, J. A novel length-flexible lightweight cancelable fingerprint template for privacy-preserving authentication systems in resource-constrained IoT applications. IEEE Internet Things J. 2022, 10, 877–892. [Google Scholar] [CrossRef]
Feng, J.; Wu, Y.; Sun, H.; Zhang, S.; Liu, D. Panther: Practical Secure 2-Party Neural Network Inference. IEEE Trans. Inf. Forensics Secur. 2025, 20, 1149–1162. [Google Scholar] [CrossRef]
Alrayes, F.S.; Maray, M.; Alshuhail, A.; Almustafa, K.M.; Darem, A.A.; Al-Sharafi, A.M.; Alotaibi, S.D. Privacy-preserving approach for IoT networks using statistical learning with optimization algorithm on high-dimensional big data environment. Sci. Rep. 2025, 15, 3338. [Google Scholar] [CrossRef]
Amiri-Zarandi, M.; Dara, R.A.; Fraser, E. A survey of machine learning-based solutions to protect privacy in the Internet of Things. Comput. Secur. 2020, 96, 101921. [Google Scholar] [CrossRef]
Rishiwal, V.; Agarwal, U.; Yadav, M.; Tanwar, S.; Garg, D.; Guizani, M. A New Alliance of Machine Learning and Quantum Computing: Concepts, Attacks, and Challenges in IoT Networks. IEEE Internet Things J. 2025. [Google Scholar] [CrossRef]
Kumar, A.; Singh, D. Securing IoT Devices in Edge Computing Through Reinforcement Learning. Comput. Secur. 2025, 155, 104474. [Google Scholar] [CrossRef]
Pan, Z.; Ying, Z.; Wang, Y.; Zhang, C.; Zhang, W.; Zhou, W.; Zhu, L. Feature-Based Machine Unlearning for Vertical Federated Learning in IoT Networks. IEEE Trans. Mob. Comput. 2025, 24, 5031–5044. [Google Scholar] [CrossRef]
Ameen, M.; Wang, P.; Su, W.; Wei, X.; Zhang, Q. Speed up Federated Unlearning with Temporary Local Models. IEEE Trans. Sustain. Comput. 2025. [Google Scholar] [CrossRef]

Figure 1. Technologies originating from the IoT paradigm.

Figure 2. Service scenarios of IoT-based systems.

Figure 3. Three types of IoT architecture used in enterprises (adapted from Li et al. [48]).

Figure 4. Main pillars of IoT-based systems (adapted from Swamy et al. [50]).

Figure 5. High-impact applications of IoT systems.

Figure 6. The systematic procedure used in the selection of studies for in-depth analysis of privacy preservation in the IoT domain (the # of papers filtered at each stage is indicated with blue arrows).

Figure 7. Overview of the two different IoT settings ((a) denotes the cloud computing setting, and (b) denotes the on-device setting) considered for privacy analysis.

Figure 8. Overview of (a) privacy engineering and (b) privacy-by-design solutions for IoT data.

Figure 9. Workflow of the IoT data sharing/analytics by using the DP model (partially adopted from Islam et al. [100]). The * in this figure simply means another type of request (e.g., requesting data instead of posing a query).

Figure 10. A high-level taxonomy of PbD and PES methods, along with representative techniques.

Figure 11. Overview of synergies between PES and PbD methods in the context of the IoT.

Table 1. Analysis of recent and SOTA privacy-preserving methods for two IoT settings.

IoT Setting	Study	Technique(s)	Strength(s)	Weakness(es)	Application(s)
On-device	Zhang et al. [68]	Obfuscation and verification	Sustained model accuracy	Reliance on cloud results	General AI applications
	Osia et al. [69]	Siamese fine-tuning	PA-T optimization	Limited utility in some tasks	Sex classification, activity recognition
	Wang et al. [70]	Differential privacy	Model compression along with privacy	No. of parameters is very high	Generic mobile apps
	Zhang et al. [71]	Channel-wise trainable noise	Protection against inversion attacks	High computing overheads	Inference and predictions
	Jiang et al. [72]	Gaussian random projection	Enhanced privacy of the raw data	Prone to inference attacks	Generic sensing apps
	Zhang et al. [73]	NAS and contrastive learning	No interaction between devices and the cloud	Higher dependence on labeled data	Traffic video analytics
	Li et al. [74]	Fuzzification and obfuscation	90% reduction in data upload	Prone to spatial data disclosure	Contact tracing for infectious diseases
	Hajihassani et al. [75]	DAP transformations	Inferences have sufficient accuracy	Limited flexibility w.r.t. privacy preferences	Fitness tracker
	Snader et al. [76]	Lightweight encryption	Limited user tracking	Slow due to more math operations	Generic IoT apps
Cloud	Jourdan et al. [77]	Generalization	Protection against re-identification	Higher utility decrease	Activity recognition
	Bigelli et al. [78]	Auto encoder	No inference of SA from sensor streams	Limited support for PS and/or DDP	Activity recognition
	Liu et al. [79]	Random perturbation	Prevents inference of true sensor readings	Poor data fidelity at small $ϵ$	Fitness monitoring system
	Wang et al. [80]	Auto-encoder and DP	Provable privacy guarantee	Poor discovery of obfuscated data	Generic IoT applications
	Wang et al. [81]	DP transformation and noisy training	Protection of PI inference	Poor utility on complex data	Generic mobile apps
	Tchaye-Kondi et al. [82]	Inductive learning and LDP	Protection of end-user privacy	Poor utility due to two privacy layers	Generic cloud-based AI apps
	Shen et al. [83]	Information entropy	Protects locations of users	Protection against few attacks	Generic mobile apps
	Qu et al. [84]	Pre-trained and encryption	Privacy protection of device data	High computing overhead	Generic AI apps
	Fernandez et al. [85]	Access control and PUM	Users have control of data	Hard to manage privacy policies	Smart vehicle environments
	Fernandez et al. [86]	Hybrid mechanisms	End-to-end privacy solutions	High cost for policies	Generic cloud-IoT apps
	Malekzadeh et al. [87]	AE-based anonymizer	Minimal data perturbation	Protection for less number of threats	Human activity recognition
	Khalili et al. [88]	Encoding and perturbation	Effective resolution of PA-T	Poor scalability w.r.t. data size	Generic IoT apps
	Gupta et al. [89]	K-A, CP-ABE, VC	Solves privacy vs. efficiency trade-off	Complex data partitioning	Generic ML applications

Abbreviations: SA = sensitive attribute, PS = personalized service, DDP = data-driven product, PA-T = privacy–accuracy trade-off, PI = private information, LDP = local DP, PUM = privacy-utility mechanisms, AE = auto-encoder, DAP = deterministic and probabilistic, CP-ABE = ciphertext-policy attribute-based encryption, VC = voting classifier, K-A = k-anonymization.

Table 4. Analysis of SOTA PbD solutions for IoT settings/environments.

Technique	Method(s)	Strength(s)	Weakness(es)	Data Modality	Study
FL	FL + BDP	Privacy efficient adaptive MDS	Accuracy drop with non-i.i.d. data	Images	Yin et al. [155]
	FL2DP	Protects DE and preserves TE	Reliance on trusted shuffler	Images	Gu et al. [156]
	FL, DP, and CbA	Accuracy and time optimization	Accuracy degrades with noise	Text data	Li et al. [157]
	Fed_Select	PP of gradient transfer operations	High complexity, many operations	Images	Nair et al. [158]
	Three-fold FEA	Protection for inference and free-riding	Prone to adversarial attacks (e.g., poisoning)	Iamge + x-ray	Akter et al. [159]
SL	Class activation maps and AE	PP and destabilizes an adversary	Many partitions and operations	Facial images	Higgins et al. [160]
	DP	PP of data and labels	Partially disturb the AP	Remote sensing	Wu et al. [161]
	AL + NCP	Protects against data reconstruction	Protects against one attack only	Facial images	Alhindi et al. [162]
	Binarized SL	Ensures privacy in smashed data	Leakages cannot be fully limited	Images/health data	Pham et al. [163]
	SLwF framework	Data retention and privacy guarantees	Huge training cost	Image data	Feng et al. [164]
ZKPs	AES + ZKP	PP in data transfer in C-S settings	More calculations and low utility	General IoT data	Soewito et al. [165]
	zk-Devices + BC	Privacy of compromised IoT devices	Treats all data as sensitive, leading to high overhead	Smart city, healthcare, IA	Ramezan et al. [166]
	PUFs + ZKPs	Protection for impersonation and DT	Limited evaluation for real apps	General IoT data	Commey et al. [167]
	Non-interactive ZKPs + IPFS	PP of data and indexes	High computing and storage costs	General IoT data	Jiang et al. [168]
	SC+ ZKPs + PRT	Secure data sharing between CSPs	Relies on third-party servers	General IoT data	Feng et al. [169]
SD	GANs and VAEs	AI model building and validation	Failure to capture subtle nuances	mHealth app data	Bharathi et al. [170]
	AML + GT	Higher accuracy than RD	Risky with high-stakes apps	Smart meter data	Singh et al. [171]
	GAN model	PP in modern reactive IoT apps	Lacks adaptability to other modalities	Time series data	Gkoulis [172]
	EAS + SD	Efficient filling of missing data	Poor fidelity in real-world cases	Tabular data	Alawad et al. [173]
	GAN + DP	Yields stable privacy and accuracy	Privacy leakage can occur via trained model	SCADA system data	Hindistan et al. [174]

Abbreviations: BDP = Bayesian differential privacy, MDS = multiparty data sharing, DE = data identity, TE = training efficiency, CbA = cryptography-based aggregation, FEA = federated edge aggregator, AE = autoencoder, AP = attack performance, AL = adversarial learning, NCP = network channel pruning, ZKP = zero knowledge proof, C-S = client server, IA = industrial automation, DT = data tampering, PRT = proxy reencryption technology, CSP = cloud service provider, AML = adversarial ML, GT = game theory, EAS = enhanced adaptive scheduling.

Table 5. Analysis of SOTA synergized privacy solutions for IoT settings/environments.

Type	No. of Methods	Method Names	Purpose	Scenario(s)	Study
PES	Two	Anonymity, DP	Make users highly indistinguishable	Parking recommendation	[177]
	Two	Cryptography, local DP	Eliminate necessity for a TP	Parking recommendation	[178]
	Two	Anonymization, DP	IC and stability of the IoT dataset	General scenarios	[179]
	Two	SMC, encryption	Enhance AI potential to SD	Mobile healthcare	[180]
	Two	SMC, DP	Strong privacy protection in LM	Activity recognition	[181]
	Two	Blockchain, DP	Protection against DM-based attacks	General scenarios	[182]
	Two	Anonymization, encryption	Privacy of stored and transferred data	Smart healthcare	[183]
	Two	DP, blockchain	Accomplish various privacy requirements	General scenarios	[184]
	Two	SMC, blockchain	PP in data sharing and computing	Industrial IoT	[185]
	Three	Anonymization, blockchain, DP	Realize fair and auditable DS	Data sharing	[186]
	Three	Encryption, blockchain, DP	Data sharing across N parties	Collaborative learning	[187]
	Three	Encryption, blockchain, SMC	Resistance to various privacy attacks	Data sharing	[188]
	Four	MPC, blockchain, DP, encryption	Identifying security risks in data processing	General scenarios	[189]
PbD	Two	FL, SD	Stronger privacy protection in CL	Real-time services	[190]
	Two	FL, SD	P-A learning with fast convergence	General scenarios	[191]
	Two	FL, SL	Secure aggregation and strong PP	Activity recognition	[192]
	Two	FL, ZKPs	Enhancement of security, privacy, and auditability	Healthcare services	[193]
	Two	FL, ZKPs	Secure aggregation and PP	Industrial IoT	[194]
	Two	FL, ZKPs	Protection against malicious Byzantine attacks	General scenarios	[145]
	Two	FL, FA	To ensure privacy, accuracy, and sustainability	Healthcare scenarios	[195]
	Two	SD, FA	To guarantee generalization from the model	General scenarios	[196]
	Two	SD/RD, FA	To support FAIR principles	Predictive diagnostics	[197]
	Two	SL, FL	Privacy, robustness and scalability of AIoT systems	Smart cities	[198]
	Two	FL, ZKPs	To mitigate various privacy attacks	Collaborative learning	[199]

Abbreviations: TP = third party, IC = information content, SD = sensitive data, LM = learning model, P-E = privacy-energy, DM = data mining, DS = data sharing, CL = collaborative learning, P-A = privacy-aware, ZKPs = zero-knowledge proofs, FAIR = findable, accessible, interoperable, and reusable, MIE = multiple industrial entities, CM = collaborative modeling, FC=fault classification.

Table 6. Analysis of synergized (PES + PbD) privacy solutions for IoT settings.

No. of Methods	Method Names	Purpose	Scenario(s)	Study
Two	DP, FL	PP in FL with non-i.i.d. data	General scenarios	[203]
Two	BC, FL	Establishing distributed SE	Smart healthcare	[204]
Two	FL, encryption	PP of local models against two attacks	IoT-based healthcare	[205]
Two	SL, DP	Data-hiding across split layers	General scenarios	[206]
Two	HDP, FL	To balance data privacy and utility in DL tasks	Knowledge sharing	[207]
Two	FL, encryption	Data security at all stages	Sensing platforms	[208]
Two	SD, DP	To train more accurate classifiers	Industrial IoT	[209]
Two	BC, SD	Support non-BC and BC-based IIoT systems	Industrial IoT	[210]
Two	ZKPs, BC	Strong PP in analytics computation	Telemedicine	[211]
Two	ZKPs, BC	Optimize aggregation process with privacy	General scenarios	[212]
Three	DP, BC, FL	PP in CL tasks	Crowdsourcing	[213]
Three	FL, blockchain, DP	To resolve P-A-T in DL	General scenarios	[214]
Three	FL, SL, DP	Privacy–performance trade-off analysis under different data settings	Human activity recognition	[215]
Three	FL, ZKPs, BC	To reduce computations and PR	General scenarios	[216]
Three	FL, ZKPs, BC	Secure aggregation despite malicious actors	Autonomous vehicles	[217]
Three	BC, FL, encyption	To accomplish multiple performance goals	General scenarios	[218]
Three	SMC, DP, FL	PP in the learning and inference process	General scenarios	[219]
Three	SD, SMC, FL	High accuracy while maintaining privacy	General scenarios	[220]
Three	Encryption, FL, DP	Optimize trade-off between P-and-C	General scenarios	[221]
Three	FL, BC, DP	To eliminate privacy concerns and foster DS	Analytics	[222]
Three	Encryption, BC, FL	To accomplish diverse performance goals	5G scenarios	[223]
Three	SMC, DP, FL	Achieve better accuracy, CE, and PP	Healthcare scenarios	[224]
Three	DP, SD, FL	Effective balance between PP and data utility	Smart parking	[225]
Four	BC, FL, DP, encryption	PP in model and data sharing	Industrial IoT	[226]
Four	BC, FL, DP, encryption	To protect sensitive data shared by devices	General scenarios	[227]

Abbreviations: SE = secure environment, PP = privacy protection, P-A-T = privacy–accuracy trade-off, DL = distributed learning, PR=privacy risk, P-and-C = privacy and convergence, CE=computational efficiency, DS = data sharing.

Table 7. Analysis of the recent quantum-based privacy-preserving solutions for IoT data privacy.

Method (Ref.)	Privacy Feature(s)	Advantages	Disadvantages	Study Nature	Target Domain
QuTPSI ([238])	PP of user routes	Quantum-secure with long-term SG	Requires QI and trusted TP	Theoretical	Ride sharing
FQPPM ([239])	Client data and model weights	Prevents UA participants while preserving privacy	Computational overhead for E/D operations	Practical	Consumer IoT
QBC-ZKPAF ([240])	Identity information	Quantum-resilient (98% preservation); other benefits	Complex cryptography; BC scalability issues	Practical	Smart healthcare; smart cities; industrial IoT
Lattice-Based Cryptography ([241])	Communication data	Efficient with short keys and strong security	Relies on specialized implementation techniques	Theoretical	Edge computing
QSP-Based Range Query ([242])	User’s queries	I-T security based on QM principles	Requires QI for validation	Theoretical	Edge-based IoT
OSID-based Range Query ([243])	MAX/MIN query	Efficient XOR implementation for PP	Requires QI and a non-colluding quantum cloud	Theoretical	Edge-based IoT systems
PQ ring structure ([244])	Input and output transactions	Multivariate polynomial-based strong PP	High computing and storage costs of BC	Practical	Social IoTs
Quantum resistant DS + lattice-based HE ([245])	Device data	Strong PP and anti-quantum attacks	Scalability issues with massive # of IoT devices	Practical	5G scenarios

Abbreviations: TP = third party, SG=security guarantee, PP = privacy protection, FQPPM = federated quantum-based privacy-preserving model, UA = unauthorized, E/D = encryption/decryption, BC = blockchain, I-T = Information-theoretic, QM = quantum mechanics, QI = quantum infrastructure.

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

Share and Cite

MDPI and ACS Style

Majeed, A.; Patni, S.; Hwang, S.O. A Comprehensive Analysis of Privacy-Preserving Solutions Developed for IoT-Based Systems and Applications. Electronics 2025, 14, 2106. https://doi.org/10.3390/electronics14112106

AMA Style

Majeed A, Patni S, Hwang SO. A Comprehensive Analysis of Privacy-Preserving Solutions Developed for IoT-Based Systems and Applications. Electronics. 2025; 14(11):2106. https://doi.org/10.3390/electronics14112106

Chicago/Turabian Style

Majeed, Abdul, Sakshi Patni, and Seong Oun Hwang. 2025. "A Comprehensive Analysis of Privacy-Preserving Solutions Developed for IoT-Based Systems and Applications" Electronics 14, no. 11: 2106. https://doi.org/10.3390/electronics14112106

APA Style

Majeed, A., Patni, S., & Hwang, S. O. (2025). A Comprehensive Analysis of Privacy-Preserving Solutions Developed for IoT-Based Systems and Applications. Electronics, 14(11), 2106. https://doi.org/10.3390/electronics14112106

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Menu

A Comprehensive Analysis of Privacy-Preserving Solutions Developed for IoT-Based Systems and Applications

Abstract

1. Introduction

2. Preliminaries and Background

2.1. Technologies Originating from the IoT Paradigm/Concept

2.2. Four Main Components of IoT Systems

2.3. Three Types of IoT Architecture

2.4. Key Pillars of the IoT

2.5. High-Impact Applications of the IoT in Diverse Sectors

3. Review Methodology

4. Privacy-Preserving Methods for Two IoT Settings

5. Privacy-by-Design and Privacy Engineering Solutions for IoT Data

6. Synergy of Multiple Privacy-Preserving Solutions for Privacy Protection of IoT Data

7. Quantum-Based Privacy Preserving Solutions for IoT Data Privacy

8. Lessons Learned, Current Challenges, and Future Research Directions

9. Conclusions and Future Work

Author Contributions

Funding

Institutional Review Board Statement

Informed Consent Statement

Data Availability Statement

Conflicts of Interest

References

Share and Cite

Article Metrics

Article Access Statistics

Further Information

Guidelines

MDPI Initiatives

Follow MDPI