Next Article in Journal
An Improved DHKE-Based Encryption–Decryption Mechanism for Formation Control of MASs Under Hybrid Attacks
Next Article in Special Issue
Comparative Analysis of Attribute-Based Encryption Schemes for Special Internet of Things Applications
Previous Article in Journal
A Cryptocurrency Dual-Offline Payment Method for Payment Capacity Privacy Protection
Previous Article in Special Issue
AuditableLLM: A Hash-Chain-Backed, Compliance-Aware Auditable Framework for Large Language Models
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 15
Issue 2
10.3390/electronics15020399
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Privacy-Preserving Protocols in Smart Cities and Industrial IoT: Challenges, Trends, and Future Directions

by
Manuel José Cabral dos Santos Reis
Engineering Departement/IEETA, University of Trás-os-Montes e Alto Douro, Quinta de Prados, 5000-801 Vila Real, Portugal
Electronics 2026, 15(2), 399; https://doi.org/10.3390/electronics15020399
Submission received: 2 September 2025 / Revised: 9 January 2026 / Accepted: 14 January 2026 / Published: 16 January 2026
(This article belongs to the Special Issue Computer Networking Security and Privacy)
Browse Figures
Versions Notes

Abstract

The increasing deployment of interconnected devices in Smart Cities and Industrial Internet of Things (IIoT) environments has significantly enhanced operational efficiency, automation, and real-time data analytics. However, this rapid digitization also introduces complex security and privacy challenges, particularly in the handling of sensitive data across heterogeneous and resource-constrained networks. This review explores the current landscape of privacy-preserving protocols designed for Smart City and IIoT infrastructures. We examine state-of-the-art approaches including lightweight cryptographic schemes, secure data aggregation, anonymous communication protocols, and blockchain-based frameworks. The paper also analyzes practical trade-offs between security, latency, and computational overhead in real-world deployments. Open research challenges such as secure interoperability, privacy in federated learning, and resilience against AI-driven cyberattacks are discussed. Finally, the paper outlines promising research directions and technologies that can enable scalable, secure, and privacy-aware network infrastructures for future urban and industrial ecosystems.

1. Introduction

The rapid proliferation of interconnected devices in Smart City and Industrial Internet of Things (IIoT) environments has enabled transformative capabilities such as real-time monitoring, automation, and data-driven optimization across urban and industrial domains. However, the ubiquitous sensing and communication of sensitive data generate significant privacy and security risks, especially when heterogeneous, resource-constrained devices are involved.
Privacy preservation in these contexts is particularly challenging. Lightweight cryptographic techniques, designed with constrained computational and energy budgets in mind, must balance robustness with feasibility [1]. Moreover, decentralized and emerging approaches such as blockchain and federated learning offer potential, yet introduce novel performance and scalability trade-offs [2,3,4]. In addition, secure data aggregation (e.g., homomorphic encryption, differential privacy) and privacy-preserving analytics must respect latency and reliability requirements typical of mission-critical IIoT systems [5,6].
This article reviews recent advances (2020–2025) in privacy-preserving protocols tailored for Smart Cities and IIoT scenarios. We structure the landscape into four categories:
  • Lightweight cryptographic schemes for low-resource nodes [1], including hybrid designs that combine elliptic-curve methods with partially homomorphic techniques [2,3,4].
  • Secure data aggregation and analytics, leveraging homomorphic encryption, differential privacy, and federated learning to maintain utility while protecting sensitive data [5,6].
  • Blockchain- and ledger-based frameworks for integrity, traceability, and access control in distributed settings, with attention to throughput, energy, and storage overheads [7,8].
  • Emerging privacy-enhancing technologies (PETs) such as secure multi-party computation, trusted execution environments, and confidential computing, which provide complementary guarantees to protocol-level protections [9,10,11].
Beyond surveying methods, we analyze practical trade-offs among privacy strength, latency, computational and communication overhead, and scalability in heterogeneous deployments. We also highlight open challenges, including secure interoperability across vendors and protocols, resilience against AI-driven attacks (e.g., model inversion, data poisoning, and adversarial examples), and alignment with next-generation networks and edge intelligence (5G/6G, edge/cloud continuum, and digital twins).

Review Methodology

This work adopts a narrative review methodology aimed at synthesizing recent advances in privacy-preserving protocols for Smart City and Industrial IoT environments, rather than performing a formal systematic review or meta-analysis. Overall, approximately 150 peer-reviewed articles, surveys, and standards documents were examined, with emphasis on technical depth, relevance to constrained deployments, and maturity of evaluation or standardization. The methodology was designed to provide a coherent technical overview and comparative insights across heterogeneous technologies, rather than exhaustive coverage of all published works.
Scope and timeframe: We focus on literature published between 2020 and 2025. Foundational works and standards predating this window (e.g., RFCs, NIST publications) are included where necessary to provide background or ensure technical completeness. Only English-language sources were considered.
Sources: Primary sources include IEEE Xplore, ACM Digital Library, Scopus, Web of Science, SpringerLink, ScienceDirect, Wiley Online Library, and MDPI. Standards and guidance documents were collected from organizations such as NIST, IETF, ETSI/oneM2M, ISO/IEC, W3C, OPC Foundation, IEC/IEEE 60802, and ENISA. Preprints were used sparingly and only when peer-reviewed versions were unavailable and the topic was time-critical.
Search strategy: Search queries combined application context (e.g., “Smart City”, “Industrial IoT”, “IIoT”) with privacy-related technologies, including lightweight cryptography, secure data aggregation, differential privacy, federated learning, anonymous communication, and ledger-based mechanisms.
Selection and synthesis: After de-duplication, titles and abstracts were screened for scope relevance, followed by full-text assessment of selected works. Priority was given to recent contributions, standardization status, and empirical evaluation on constrained hardware or realistic deployments. The selected evidence was synthesized into the structure of Section 3 and Section 4, with comparative insights consolidated in Section 5 and forward-looking gaps discussed in Section 6 and Section 7.
Limitations: This is a narrative (non-PRISMA) review and does not include meta-analysis. Reported counts of screened and reviewed studies are approximate and intended to support transparency rather than exhaustiveness.
Figure 1 provides a high-level overview of how the main privacy-preserving techniques surveyed in this paper are typically positioned across the Smart City and IIoT stack, from resource-constrained devices to gateways and cloud services. The figure highlights the complementary roles of lightweight cryptography, secure aggregation, federated learning, anonymous communication, and ledger-based auditing within a defense-in-depth architecture.
Unlike prior surveys that focus on individual technologies or isolated application domains, this review provides a unified and system-level perspective on privacy-preserving protocols across both Smart City and Industrial IoT environments. The paper distinguishes itself by (i) jointly analyzing cryptographic, learning-based, and ledger-based mechanisms within a common cross-layer architecture spanning devices, edges, gateways, and the cloud; (ii) explicitly linking regulatory requirements (e.g., GDPR, NIS2, EU AI Act) to concrete technical safeguards; (iii) emphasizing deployment trade-offs under realistic constraints such as latency, resource limitations, interoperability, and operational scalability. This integrated perspective aims to support both researchers and practitioners in selecting and combining privacy-preserving technologies for real-world Smart City and IIoT deployments.
The remainder of this paper is organized as follows. Section 2 introduces the background and motivation. Section 3 systematizes key privacy challenges in Smart City and IIoT environments. Section 4 surveys state-of-the-art privacy-preserving protocols across devices, edges, gateways, and the cloud. Section 5 provides a comparative analysis highlighting deployment trade-offs under practical constraints. Section 6 discusses emerging trends and open challenges, while Section 7 outlines future research directions. Section 8 concludes the paper.

2. Background and Motivation

2.1. Characteristics of Smart City and IIoT Environments

Smart Cities and Industrial IoT (IIoT) integrate large numbers of heterogeneous sensors, actuators, and cyber–physical systems connected over constrained links and orchestrated via gateways and edge/cloud backends. Typical characteristics include the following: (i) multi-tenancy and data sharing across stakeholders; (ii) resource-constrained devices with tight energy, memory, and compute budgets; (iii) real-time or near real-time control loops with strict latency and availability requirements; (iv) highly heterogeneous networks and protocols that must coexist with legacy equipment [12]. These features amplify the attack surface and complicate the engineering of privacy-preserving mechanisms, especially when data must be aggregated or analyzed across organizational boundaries.

2.2. Security vs. Privacy: Distinctions and Interplay

Security mechanisms (e.g., access control, integrity, availability) are necessary but not sufficient for privacy. Privacy focuses on limiting the identifiability and inferences about individuals or sensitive operations, even when systems are “secure.” In practice, Smart City and IIoT deployments need both a security control baseline and a privacy risk management approach. NIST SP 800-53 Rev. 5 provides a consolidated catalog of security and privacy controls for systems engineering and operations [13], while the NIST Privacy Framework offers an enterprise risk model (Identify-P, Govern-P, Control-P, Communicate-P, Protect-P) to drive privacy-by-design across data lifecycles and stakeholders [14]. For data-driven analytics (traffic, energy, industrial telemetry), techniques such as secure aggregation, federated learning, and differential privacy can limit data exposure while meeting utility targets [15].

2.3. Regulatory and Ethical Considerations

Urban and industrial use cases intersect with evolving legal frameworks:
  • GDPR: In the EU, the General Data Protection Regulation (GDPR) frames core obligations (lawful basis, purpose limitation, data minimization, DPIAs) and rights (access, erasure) that constrain how sensor data can be collected and processed [16].
  • NIS2: The NIS2 Directive mandates risk management and incident reporting for essential and important entities across critical sectors (e.g., energy, transport, water, digital infrastructure), affecting industrial operators and Smart City providers [17].
  • Data Act: The EU Data Act clarifies fair access and use of data generated by connected products and related services, with implications for data sharing and interoperability among vendors and municipalities [18].
  • AI Act: The EU AI Act establishes harmonized rules for AI systems, including risk tiers and requirements that intersect with privacy (documentation, transparency, data governance), increasingly relevant to edge/IoT analytics in cities and industry [19].
  • Sectoral and baseline security standards: ETSI EN 303 645 sets a baseline for consumer IoT cybersecurity (password policy, vulnerability disclosure, secure updates) that increasingly informs procurement and conformance schemes [20]. ISO/IEC 27001:2022 defines ISMS requirements for organizations that operate Smart City and IIoT platforms [21].
These frameworks motivate privacy-preserving protocols that deliver verifiable protections (e.g., confidentiality, unlinkability, and bounded inference) while remaining feasible on constrained hardware and compatible with safety and availability requirements. Throughout this paper, we analyze how protocol design choices map to these regulatory and operational drivers.
From a system-design perspective, regulatory requirements can be systematically translated into concrete technical safeguards in Smart City and Industrial IoT deployments. GDPR principles such as data minimization and purpose limitation are operationalized through lightweight cryptography at the device layer, secure aggregation mechanisms that avoid raw-data disclosure, and differential privacy for controlled data or model release. GDPR accountability and auditability obligations are supported by permissioned ledgers, verifiable credentials, and zero-knowledge proofs, which enable verifiable access logging and compliance auditing without exposing sensitive payloads. The NIS2 Directive emphasizes resilience, secure operation, and risk management across interconnected infrastructures, aligning with the adoption of secure boot and attestation, fault-tolerant secure aggregation, confidential computing at gateways, and defense-in-depth strategies that combine cryptographic protections with AI-based anomaly detection. Finally, emerging requirements under the EU AI Act, including transparency, traceability, and responsible deployment of AI models, motivate privacy-preserving model training (e.g., federated learning with secure aggregation), differential-privacy-based model release, and provenance mechanisms that track data and model lineage while preserving confidentiality.

3. Privacy Challenges in Smart Cities and IIoT

The rapid digitization of urban services and industrial control systems magnifies longstanding privacy risks while introducing new ones tied to scale, heterogeneity, and stringent operational constraints. In this section, we synthesize key privacy challenges that systematically arise in Smart City and IIoT deployments and ground them in the recent literature.

3.1. Data Heterogeneity and Interoperability

Smart City and IIoT infrastructures integrate devices and platforms from multiple vendors, using diverse data models and communication stacks (e.g., MQTT, CoAP, OPC UA, proprietary fieldbuses). This heterogeneity complicates end-to-end enforcement of privacy policies (consent, purpose limitation, retention) and increases the probability of semantic leakage, where metadata or schema mismatches enable linkage across datasets [22,23]. The lack of uniform, machine-enforceable metadata for data provenance and usage constraints across city departments and contractors further weakens accountability and auditability [24]. Recent real-world scrutiny of smartphone-to-infrastructure interactions (e.g., “smart” traffic lights negotiating with mobile apps) illustrates how seemingly innocuous interoperability features can enable large-scale trajectory tracking unless privacy-by-design controls are in place [25].

3.2. Resource Constraints at the Edge

Many IIoT endpoints operate with tight energy, compute, and memory budgets. These constraints create tension between privacy strength and feasibility: strong cryptography, frequent key rotation, and fine-grained access control raise CPU and battery costs, while traffic shaping and padding to resist inference attacks consume bandwidth and power [12]. Edge/on-device AI can reduce raw-data exposure but introduces its own attack surface (e.g., model updates, telemetry) under limited resources, requiring careful trade-offs among privacy, accuracy, and efficiency [26,27].

3.3. Real-Time and Latency Sensitivity

Industrial processes and critical city services (e.g., protection relays, adaptive traffic control) impose strict bounds on latency and jitter. Time-Sensitive Networking (TSN) provides deterministic transport in converged IT/OT networks, yet privacy-preserving transformations (e.g., encryption, mix networks, dummy traffic) can perturb timing or increase buffering, risking SLA violations [28,29]. Engineering privacy for deterministic networks requires coordination with TSN scheduling/shaping (e.g., TAS, CBS) and awareness of profile constraints (e.g., IEC/IEEE 60802) to avoid timing regressions that degrade safety or quality of control [30,31].

3.4. Expanded Attack Surface and Inference

Smart urban services and IIoT generate continuous, multi-modal telemetry. Even when payloads are protected, traffic side-channels (rates, destinations, DNS names) can reveal device types, vendor ecosystems, and user behavior. Recent empirical studies show that distinctive DNS query patterns from common home/urban IoT applications enable high-accuracy device identification and targeted exploitation, highlighting the privacy risk of metadata [32]. At higher layers, linkage and profiling risks arise when datasets from mobility, utilities, and public services are combined, enabling re-identification of individuals and sensitive operations [23,24].
Adversarial capabilities extend beyond passive observers. Current surveys underscore persistent threats across IIoT layers (physical, network, application), including botnet-driven DDoS, supply-chain tampering, and protocol misuse with privacy impact (e.g., credential theft, covert exfiltration) [12,33,34]. For AI-driven systems, membership inference and related ML privacy attacks threaten models trained on sensitive operational or citizen data; their feasibility has been repeatedly demonstrated across modalities and architectures, motivating privacy-preserving learning and robust release practices [35].

3.5. Synthesis

Table 1 summarizes the above challenges, highlighting proximate causes and typical privacy risks seen in practice.

4. State-of-the-Art Privacy-Preserving Protocols

This section surveys the current landscape of privacy-preserving mechanisms most relevant to Smart City and IIoT deployments. We group techniques into four categories: (i) lightweight cryptography for constrained nodes; (ii) privacy-preserving data aggregation and analytics; (iii) anonymous communication protocols; (iv) blockchain- and ledger-based frameworks with privacy extensions.

4.1. Lightweight Cryptography (LWC) for Constrained Devices

Smart City and Industrial IoT (IIoT) nodes are often built around microcontrollers with kilobytes of RAM and flash, intermittent connectivity, and tight energy budgets. Security mechanisms must therefore minimize code size, RAM use, cycles per byte, and communication overhead while preserving authenticated encryption, integrity, and freshness. Recent standardization work has converged on permutation-based authenticated encryption with associated data (AEAD) and lightweight Hash/XOF primitives as the most suitable choices, emphasizing small, constant-time implementations and low-cost side-channel hardening [36,37,38].
NIST finalized its lightweight cryptography standard in August 2025 as Special Publication 800-232, selecting four algorithms from the Ascon family (Ascon-128 AEAD, Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128) [39,40]. The decision followed a multi-year public process in which Ascon had already been chosen (February 2023) as the basis for the standard due to its security analyses, implementation simplicity, and robust performance across constrained platforms [36,41]. Comparative evaluations reported that several finalists outperform AES-GCM and SHA-256 on representative MCUs when implementations were tuned to size or speed budgets [36,42].
For key establishment, the IETF recently published EDHOC (RFC 9528), a compact authenticated key exchange over COSE/CBOR suitable for CoAP/OSCORE stacks [43]. While LWC focuses on symmetric primitives, gateways and inter-domain channels are increasingly adopting post-quantum cryptography (PQC) following NIST’s approvals of FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA) [44,45]. In practice, EDHOC/OSCORE with Ascon AEAD at the edges and PQC at gateways provides a pragmatic hybrid [39].

4.2. Privacy-Preserving Data Aggregation and Analytics

Privacy-sensitive telemetry (e.g., mobility, energy, industrial process data) often must be aggregated or analyzed without exposing raw records. Three complementary families dominate practice.

4.2.1. Homomorphic Encryption (HE) and Verifiable Aggregation

In latency-sensitive Smart City and IIoT deployments, partially homomorphic encryption (PHE) and leveled homomorphic encryption (LHE) schemes are generally preferred over fully homomorphic encryption (FHE) due to their more favorable performance characteristics. Although FHE enables arbitrary computations over encrypted data, it entails substantial computational overhead, large ciphertext expansion, and high memory consumption, which render it impractical for real-time processing on constrained edge devices or gateway nodes.
By contrast, PHE and LHE deliberately restrict the supported operations to simple arithmetic, such as additions or low-degree multiplications, which are sufficient for common aggregation tasks including sums, averages, and counters. This reduced expressiveness enables predictable latency, significantly lower resource consumption, and better alignment with the deterministic timing, computational budget, and availability requirements of mission-critical IIoT systems. Consequently, the widespread adoption of PHE/LHE in practical Smart City and IIoT deployments reflects a pragmatic trade-off between computational expressiveness and operational feasibility.
Partially homomorphic (additive/multiplicative) and leveled schemes enable aggregators to compute statistics on ciphertexts, avoiding access to plaintexts. Recent IoT schemes combine lightweight HE with verifiability for adversarial settings or integrate blockchain for auditability [46,47,48]. At the edge, HE is typically constrained to low-degree polynomials or batched additions to respect latency and energy budgets; dense CKKS/BFV pipelines are more feasible at gateways.

4.2.2. Differential Privacy (DP)

DP mechanisms inject calibrated noise to the outputs or to per-record contributions, bounding inference against individuals. Recent work tailors DP to IoT and streaming/edge analytics, and explores tuning the privacy budget versus utility in federated settings [49,50]. Domain-specific variants (e.g., sensitivity-aware DP) are emerging to better reflect heterogeneous signal magnitudes common in sensor networks [51].

4.2.3. Federated Learning (FL) and Secure Aggregation

Trusted execution environments (TEEs) and confidential computing technologies provide strong isolation guarantees by executing sensitive code and data within hardware-protected enclaves, and are increasingly considered for secure aggregation and analytics at gateways or edge servers. However, their applicability in Smart City and IIoT deployments is subject to several practical constraints. TEEs inherently depend on trusted hardware and vendor-specific implementations, which may not be uniformly available across heterogeneous IIoT devices. In addition, remote attestation mechanisms introduce operational complexity and trust dependencies, while a growing body of work has demonstrated that TEEs remain susceptible to side-channel and microarchitectural attacks under certain threat models. Consequently, TEEs are best viewed as complementary building blocks that can enhance security when carefully integrated with cryptographic protections, rather than as a standalone solution for privacy preservation in large-scale IIoT infrastructures.
Beyond communication privacy, learning-time defenses are increasingly adopted to mitigate inference and poisoning risks in federated learning. Differentially Private Stochastic Gradient Descent (DP-SGD) bounds information leakage from model updates by injecting calibrated noise during training, while robust aggregation rules (e.g., median- or trimmed-mean-based aggregation) reduce the impact of malicious or corrupted clients. In Smart City and IIoT deployments, these mechanisms complement secure aggregation by addressing adversaries that operate within the learning process itself, albeit at the cost of potential accuracy degradation that must be balanced against privacy and robustness requirements.
FL avoids centralizing raw data, but model/gradient sharing still leaks information. Contemporary IoT-focused surveys emphasize secure aggregation, DP, and HE as complementary defenses, and discuss robustness to stragglers and dropouts [52,53,54,55]. Hybrid designs combine cryptographic secure aggregation with TEEs at aggregators to balance performance and trust assumptions [56].
  • Engineering guidance:
Engineers should prefer additive HE or lightweight accumulators for simple sum/mean queries on micro-batches; apply DP when releasing aggregates or trained models outside the trust boundary; and adopt secure aggregation for FL with explicit failure tolerance and auditability [49,53,55].

4.3. Anonymous Communication and Unlinkability

Anonymity protocols protect metadata (who talks to whom, when), complementing payload encryption. For latency-tolerant services (telemetry batching, alerting) modern continuous-time mix networks (e.g., Loopix-like designs) provide strong traffic-analysis resistance with sub-second to multi-second latencies; recent work analyzes their security and traffic-matching risks and proposes routing/measurement refinements [57,58,59]. For vehicular and smart-mobility systems, pseudonym schemes and privacy-preserving authentication are mainstream; 2024–2025 surveys systematize pseudonym-change strategies and lightweight group/ring-signature designs [60,61].
  • Design trade-offs:
Mixnets incur latency and bandwidth overhead (cover traffic); onion/Tor-style low-latency systems offer weaker metadata protection; vehicular pseudonyms protect linkability but require robust provisioning and revocation to resist Sybil attacks (recent proposals pair pseudonyms with zero-knowledge proofs for distinct identity) [62].

4.4. Blockchain- and Ledger-Based Frameworks

Permissioned ledgers are used for auditability (who accessed which dataset), policy enforcement (on-chain access control), and data integrity (tamper-evident logs). Recent surveys for IoT/IIoT highlight access-control patterns (ABAC with smart contracts), off-chain storage pointers, and integration with edge gateways [63,64,65,66]. Zero-knowledge proofs (ZKPs) increasingly enable selective disclosure and unlinkable attestations (e.g., credentials, compliance proofs) without revealing raw attributes [67,68]. Domain-specific frameworks (e.g., IoHT and industrial data-sharing) report privacy gains but must budget for throughput, storage, and key management overheads [69].
  • Post-Quantum Cryptography at Gateways and Inter-Domain Interfaces:
While most resource-constrained Smart City and IIoT devices are unlikely to support post-quantum primitives in the near term, gateways and inter-domain communication points represent realistic deployment locations for PQC. At these aggregation and trust-anchor layers, hybrid cryptographic schemes combining classical and post-quantum algorithms can be employed to protect long-lived keys, firmware update channels, and cross-organizational data exchanges against future quantum adversaries. From a systems perspective, this layered adoption aligns with both performance constraints and regulatory expectations, allowing PQC readiness to be incrementally introduced without disrupting latency-sensitive edge operations.
  • Design guidance:
Designers should keep sensor payloads off-chain and store only commitments and access logs on-chain. They should use permissioned ledgers for governance and audit, pair with ZKP-based selective disclosure where cross-organization trust is low, and benchmark throughput/latency on realistic gateway hardware [66,67].
Despite their benefits for integrity, traceability, and decentralized governance, blockchain- and ledger-based solutions present non-negligible practical limitations in Smart City and IIoT deployments. Even permissioned ledgers incur throughput constraints and latency overheads when transaction rates scale, while ledger state growth introduces long-term storage and synchronization costs. Energy consumption and operational complexity remain relevant concerns, particularly when ledger components extend beyond cloud infrastructure to gateways or edge nodes. Consequently, ledger-based approaches are most appropriate for selective functions such as access control, audit logging, and compliance verification, often in combination with off-chain storage and privacy-enhancing techniques, rather than for high-frequency telemetry or real-time control loops.

5. Comparative Analysis and Trade-Offs

Privacy-preserving mechanisms for Smart Cities and IIoT exhibit different performance envelopes and privacy guarantees depending on device class, network conditions, and governance constraints. We compare four families introduced in Section 4: (i) lightweight cryptography for constrained nodes; (ii) privacy-preserving aggregation and analytics (HE/DP/FL with secure aggregation); (iii) anonymous communication for metadata protection; (iv) blockchain- and ledger-based frameworks with privacy extensions. We assess their latency, compute/energy, bandwidth overhead, privacy strength, deployability, and governance.

5.1. Threat Model and Assumptions

We compare techniques under a common adversary model tailored to Smart City and IIoT deployments. Unless otherwise noted, we assume standard key management is in place, devices run vendor firmware (no physical tampering), and links use best-effort IP or deterministic TSN as specified by the application.
To provide a structured overview, Table 2 summarizes the threat coverage offered by each technique family under the considered adversary classes, highlighting which threats are mitigated, partially addressed, or remain out of scope, as well as the typical residual risks.
  • Adversary classes:
  • Passive network eavesdropper (payload) can read packets on one or more links but cannot modify traffic.
  • Passive traffic analyst (metadata) observes timing, sizes, endpoints, DNS/flow patterns; attempts linkage and profiling without decrypting payloads.
  • Honest-but-curious aggregator follows the protocol but tries to infer per-device values or identities from messages or model updates.
  • Malicious participant (Byzantine) deviates from the protocol (e.g., sends crafted updates or malformed aggregates) to degrade privacy or integrity.
  • Compromised gateway/edge has full control of a gateway or edge server; can read local memory and keys present on that node.
  • Scope assumptions:
Physical side-channels and invasive hardware attacks on end devices are out of scope. Timing constraints of control loops constrain allowable overhead (see Section 5).
This model aligns the qualitative ratings in Table 3 with explicit attacker capabilities: e.g., LWC thwarts passive payload eavesdroppers but not traffic analysts; mix networks address metadata privacy at the cost of latency; HE/secure aggregation and DP address honest-but-curious aggregators with different utility trade-offs; and ledger/ZK mechanisms primarily support governance and accountability rather than data-plane confidentiality.
Figure 2 summarizes where each technique family sits in the device–edge–gateway–cloud stack and how it maps to the adversaries in Section 5.1.

5.2. Methodological Criteria

We adopt common metrics from recent benchmarks and surveys: cycles per byte and memory footprint for cryptography on MCUs [36,37,42]; end-to-end latency and determinism for time-sensitive industrial networks [28,29]; privacy leakage via metadata and linkage risk when datasets are combined [23,24,32]; and governance/audit requirements for cross-organizational data sharing [63,64,67].

5.3. Qualitative Comparison Across Technique Families

Table 3 summarizes dominant trade-offs. Qualitative ratings are based on the cited surveys and standards, and reflect typical, carefully engineered deployments rather than worst-case configurations. The qualitative low/medium/high (L/M/H) ratings used in the following tables summarize relative trade-offs reported in the literature, considering computational cost, latency, communication overhead, and deployment feasibility under representative Smart City and IIoT constraints.

5.4. Latency and Determinism

Industrial and urban control loops are sensitive to added jitter. Symmetric AEAD in the lightweight class typically adds negligible delay compared with transport and application processing [36,37]. Conversely, mix networks deliberately trade latency for metadata privacy via batching and cover traffic [57,58]. HE- and FL-based pipelines introduce computation-dependent delays; buffering into micro-batches can bound worst-case latency but must be coordinated with TSN scheduling and shaping to avoid missed windows [28,29].

5.5. Compute/Energy and Footprint

NIST microcontroller benchmarks show that Ascon-class AEAD and Hash/XOF implementations meet tight code and RAM budgets while outperforming conventional primitives under size or speed constraints [36,42]. HE-secured aggregation and verifiability add nontrivial CPU and memory overhead; in practice, offloading to gateways or hardware accelerators is common. Secure aggregation for FL incurs cryptographic and communication costs proportional to the number of participants and failure tolerance [53,55].

5.6. Privacy Guarantees and Residual Risks

Payload encryption without metadata protection leaks device roles and behaviors through side-channels (DNS/flow patterns), enabling profiling or targeted exploitation [32]. DP provides formal guarantees against individual inference but requires careful budgeting and accounting across multiple releases. Secure aggregation prevents an honest-but-curious aggregator from learning individual updates, yet model inversion and membership inference remain viable without DP or robust training practices [52,53]. Mixnets strengthen metadata privacy but require explicit latency budgets and bandwidth headroom [57,58]. Blockchains deliver auditability and integrity; ZK-based selective disclosure reduces unnecessary exposure of attributes, at the expense of proof-generation costs and key management complexity [63,67,68].

5.7. Deployability, Interoperability, and Governance

For constrained links, combining EDHOC for compact authenticated key exchange and OSCORE-style object security with LWC AEAD provides interoperability on IETF stacks [43]. Gateways and inter-domain channels can terminate or encapsulate with PQC primitives to future-proof trust anchors [44,45]. Where data must cross organizational boundaries (municipalities, utilities, contractors), permissioned ledgers support accountability and policy enforcement; however, sensor payloads should remain off-chain, with commitments and access logs recorded on-chain and privacy-sensitive attributes revealed via ZK only as needed [63,64,67].

5.8. When to Use What: Design Heuristics

The comparative analysis above highlights that privacy-preserving techniques differ substantially in terms of latency, resource demands, threat coverage, and governance implications. Rather than advocating a single mechanism, practical Smart City and IIoT deployments require selecting and composing techniques according to application criticality, trust assumptions, and operational constraints. The following design heuristics summarize when specific classes of techniques are most appropriate and when their use may be impractical or counterproductive.
  • Constrained real-time control: Favor LWC AEAD for payloads; align with TSN schedules; avoid latency-inducing PETs on the control plane [28,36].
  • City-scale sensing with periodic uploads: Combine LWC with batching; if metadata privacy is required, consider light mixing on the telemetry uplink with explicit latency budgets [57].
  • Cross-agency analytics: Apply DP to released statistics/models; use HE or secure aggregation where raw data must not be centralized; enforce governance and audit off-chain, logging accesses on-chain if multiple parties are involved [49,53,63].
  • Edge/FL model training: Use secure aggregation; add DP for external model releases; harden update channels with LWC; consider TEE-assisted aggregation if trust and performance requirements allow [52,55].

5.9. Summary

No single technique dominates across all constraints. LWC provides the best latency/footprint profile for constrained links; HE/DP/FL address analytics-phase risks with moderate overhead; mixnets add strong metadata privacy when delay is tolerable; and permissioned ledgers plus ZK primarily serve governance and cross-organization accountability. A layered composition, mindful of TSN and service-level constraints, is typically required.

6. Emerging Trends and Open Challenges

Privacy preservation for Smart Cities and IIoT is evolving alongside new interoperability stacks, edge/AI pipelines, and next-generation networks. We highlight four areas where research and standardization are converging, and outline open problems that remain unsolved in realistic deployments.

6.1. Secure Interoperability Across Vendors and Protocols

Heterogeneous ecosystems force privacy requirements to span device, gateway, cloud, and organizational boundaries (Section 3). Industrial data exchange is increasingly mediated by interoperability and data sovereignty frameworks such as OPC UA for operational technology (OT) integration, oneM2M for IoT service enablement, and International Data Spaces (IDS) for governed data sharing [70,71,72,73,74]. In parallel, W3C Verifiable Credentials (VC) 2.0 enables cryptographically verifiable, privacy-preserving claims (e.g., role, authorization, compliance) that can travel with data and devices across organizations [75].
Open challenges: (i) Machine-enforceable usage control semantics (purpose, retention, DP budgets) that travel across OPC UA/oneM2M/IDS boundaries; (ii) binding VCs to device identities and secure boot attestations without creating linkability; (iii) mapping sectoral regulations (GDPR, NIS2, Data Act) into enforceable policies and audit logs with minimal metadata leakage; (iv) harmonizing IEC 62443 zones/conduits with cross-domain credentials and privacy-by-design procurement [72,73,75].

6.2. Privacy in Federated Learning and Edge AI

Edge/FL pipelines reduce raw-data centralization but remain vulnerable to inference, poisoning, and side-channel leakage. Recent surveys consolidate privacy attacks and defenses in FL (secure aggregation, DP, HE) and emphasize evaluation realism in non-i.i.d. and resource-constrained settings [54,76,77]. On-device/edge AI trends (smaller, specialized models, streaming inference) shift privacy risk to the periphery, where telemetry, model updates, and logging must be minimized or hardened [26].
Confidential computing using TEEs (CPU and emerging GPU TEEs) is gaining traction to protect data-in-use for aggregation and inference, though attestation supply chains, performance overheads, and side-channel surfaces remain active research topics [78,79,80]. Hybrid designs that combine secure aggregation (cryptography) with TEE-backed coordinators show promising performance/privacy trade-offs for IIoT scale (cf. Section 4.2).
Open challenges: (i) End-to-end privacy accounting that composes FL, DP, and TEE trust assumptions; (ii) robust, auditable attestation for fleets of heterogeneous edge devices; (iii) standardized privacy telemetry for compliance without leaking sensitive signals; (iv) fallback strategies when devices are intermittently connected or compromised [54,78].

6.3. Resilience Against AI-Driven Attacks

Beyond cryptographic and protocol-level protections, AI-based cyber threat detection and intrusion detection systems (IDS) play complementary roles in Smart City and IIoT security architectures. Machine learning models for anomaly and intrusion detection can identify deviations in network traffic, device behavior, or model updates that may indicate compromised nodes, data poisoning attempts, or coordinated attacks. When integrated as part of a defense-in-depth strategy, such mechanisms enhance the resilience of privacy-preserving deployments by enabling early detection and response to threats that cannot be fully mitigated by privacy-preserving protocols alone. Importantly, these approaches are complementary rather than substitutive, and must be carefully designed to avoid introducing additional privacy leakage through monitoring or centralized logging [81].
Adversarial ML and poisoning threaten the privacy (e.g., membership inference) and safety of urban/industrial analytics. The latest taxonomies and surveys underscore the breadth of attacks (adversarial examples, label and data poisoning, backdoors) and the gaps in robust defenses under distribution shift and constrained compute [34,76,82].
Design directions: (i) Defense-in-depth—robust aggregation and anomaly detection in FL, DP for external model release, and dataset provenance with cryptographic commitments; (ii) red-teaming and continuous evaluation using standardized threat models; (iii) privacy-preserving monitoring (e.g., DP counters) to detect poisoning without exposing individual device behavior [54,76].

6.4. Integration with 6G, Digital Twins, and Metaverse/XR

Dense edge compute, native sensing, and support for immersive/XR and digital-twin workloads are anticipated by 6G roadmaps. These amplify privacy stakes by increasing spatiotemporal data granularity and coupling network, compute, and sensing planes [83,84]. For industrial digital twins, recent surveys document privacy and security issues across data pipelines, model synchronization, and lifecycle governance [85,86]. In XR/metaverse contexts, both systematizations and empirical studies highlight biometric and motion-based re-identification risks and the need for privacy-by-design in interaction data and bystander protections [87,88].
  • Practical readiness of privacy-enhancing technologies:
While the techniques discussed in this section represent important research and standardization trends, their deployment feasibility varies considerably across current Smart City and IIoT infrastructures. Lightweight cryptography, secure aggregation, and output differential privacy are already deployable on constrained devices, gateways, and cloud backends. In contrast, continuous-time mix networks, advanced zero-knowledge proof systems, and GPU-based trusted execution environments typically require substantial computational resources, specialized hardware, or tightly controlled execution environments. As a result, these approaches are currently limited to pilot deployments, research prototypes, or high-end infrastructures, and should be viewed as medium-term options rather than immediately applicable solutions for most operational city- or factory-scale systems.
Open challenges: (i) Privacy-preserving networked twins—bounding inference from cross-layer telemetry (radio, control, OT) while maintaining real-time synchronization; (ii) integrating slice-aware privacy policies into 5G-Advanced/6G orchestration; (iii) XR-specific PETs (secure eye-tracking, on-device filtering, differential privacy for interaction logs) with usability guarantees; (iv) cross-domain credentials (VC 2.0) for access and compliance that avoid pervasive linkability [75,83,88].

7. Future Research Directions

Drawing from Section 3, Section 4, Section 5 and Section 6, we outline four research thrusts that can meaningfully advance privacy preservation in Smart City and IIoT systems over the next 3–5 years.

7.1. Standardization and Secure Interoperability

Interoperability stacks (OPC UA, oneM2M, IDS) and web-native descriptions (W3C WoT Thing Description 1.1) are converging on machine-readable interfaces and semantics for IoT resources. Two missing pieces remain: (i) portable, machine-enforceable usage control that accompanies data across organizational boundaries (purpose, retention, privacy budgets); (ii) verifiable device and software trust signals that can be evaluated across vendors and jurisdictions.
  • Usage control that travels with data: Combine WoT TD 1.1 metadata with consent/usage schemas aligned to ISO/IEC TS 27560 (consent record information structure), enabling policy evaluation at collection, aggregation, and release time. (See also governance frameworks discussed in Section 2).
  • Attestation at scale: Operationalize IETF RATS (RFC 9334) and EAT (RFC 9711) for heterogeneous fleets, so privacy policies can key off trustworthy device claims (hardware/firmware identity, secure boot, configuration) without introducing linkability [89,90].
  • Cross-standard bindings: Formal profiles that bind RATS/EAT claims into WoT TDs and data-space connectors (e.g., IDS) are largely unexplored and would enable privacy-by-design procurement and auditing.

7.2. AI-Driven Adaptive Privacy Mechanisms

Static privacy configurations (fixed DP budgets, one-size-fits-all aggregation) underperform in dynamic, non-i.i.d. urban/industrial workloads. Promising directions include the following:
  • Adaptive DP accounting and release: Develop controllers that adjust DP noise and sampling rates based on risk and utility signals (concept drift, query mix), with validated accounting and auditing toolchains [91,92,93].
  • Privacy-aware FL under constraints: Scheduling and secure aggregation tuned to device energy/connectivity while using DP only for external model release to preserve accuracy and battery life [54].
  • Policy learning: Reinforcement learning to allocate privacy budgets and select PETs (e.g., HE vs. DP vs. mixnet routing) per context, with safety guards that prevent budget overrun and latency violations.

7.3. Quantum-Safe Cryptography for IIoT

With NIST PQC standards finalized (FIPS 203/204) and migration playbooks available, research must bridge enterprise guidance and brownfield IIoT constraints:
  • Hybrid trust anchors: Patterns that terminate PQC at gateways while keeping LWC payload protection on constrained links, with formal end-to-end risk models [94,95].
  • Lifecycle and inventory: Automatable discovery of cryptographic dependencies and firmware signing roots in sprawling device fleets, aligned with CNSA 2.0 timelines and sectoral mandates [96,97].
  • PQC-on-IoT benchmarks: Open datasets and testbeds comparing PQ KEMs/signatures on common MCU/SoC classes under realistic link MTUs and energy budgets, to guide protocol selections in Smart City backbones [98].

7.4. Privacy-Aware Middleware and Orchestration

Privacy needs to be a first-class objective of orchestration layers (from TSN schedules to edge/cloud pipelines), not an afterthought.
  • Policy-as-code for IoT: Declarative policies that compose authentication (EDHOC/OSCORE), attestation (RATS/EAT), privacy budgets (DP), and governance (consent/usage) into deployable artifacts across vendors.
  • Telemetry minimization: Principled designs for privacy-preserving observability (e.g., DP counters, redacted logs) that still support SLOs and incident response in critical infrastructures.
  • Co-design with determinism: Tooling to co-synthesize privacy mechanisms (padding, batching, mixing) with deterministic networking (TSN), so that privacy targets are met without violating latency bounds.

8. Conclusions

Smart City and Industrial IoT (IIoT) ecosystems expose rich, continuous streams of operational and citizen-centric data across highly heterogeneous, resource-constrained infrastructures. This review synthesized the privacy challenges that arise in such settings (heterogeneity and interoperability, edge resource limits, real-time constraints, metadata leakage, and adversarial/AI-driven threats) and systematized the state of the art in privacy-preserving protocols through four families: lightweight cryptography (LWC) for constrained nodes; privacy-preserving aggregation and analytics (homomorphic encryption, differential privacy, and federated learning with secure aggregation); anonymous communication for metadata protection; and blockchain/ledger frameworks with privacy extensions.
Our comparative analysis highlighted that no single technique suffices across the full spectrum of urban and industrial requirements. In practice, layered designs are necessary:
  • At the constrained edge, LWC AEAD/Hash primitives provide strong payload confidentiality and integrity with minimal latency and footprint, and pair naturally with compact key exchange on IETF stacks.
  • At aggregation and analytics layers, HE- and DP-based mechanisms, as well as FL with secure aggregation, reduce exposure of raw records and bound inference risks when models or statistics are shared across organizational boundaries.
  • For metadata privacy, mix networks and related anonymization mechanisms offer robust unlinkability when latency budgets allow, complementing payload encryption.
  • For governance and accountability, permissioned ledgers (kept off the data plane) with selective disclosure via privacy-enhancing proofs strengthen audit trails and cross-organization policy enforcement.
We distilled concrete design heuristics for typical deployments: align privacy mechanisms with Time-Sensitive Networking constraints on control planes; prefer lightweight aggregation for simple telemetry (sum/mean) and apply DP upon external release; add secure aggregation (and, when appropriate, TEEs) for FL; and retain sensor payloads off-chain while recording only commitments and access logs.
Looking forward, we identified four research thrusts with outsized impact: (i) standardization and secure interoperability, including machine-enforceable usage control that travels with data and verifiable device/software trust at fleet scale; (ii) AI-driven adaptive privacy, with controllers that allocate privacy budgets and select PETs under non-i.i.d. and resource-constrained conditions; (iii) quantum-safe migration tailored to brownfield IIoT, using hybrid trust anchors and realistic benchmarks; (iv) privacy-aware middleware and orchestration that co-designs privacy with determinism, observability, and service-level objectives.

9. Limitations

As a survey, our scope emphasized protocols and system patterns rather than domain-specific case studies or longitudinal measurements. Performance and privacy guarantees are context-dependent; engineers should validate assumptions on the target hardware, network profiles, and regulatory environment.

10. Outlook

The convergence of interoperable data spaces, verifiable trust signals, and adaptive privacy controls—combined with pragmatic layering from the edge to the cloud—can deliver scalable, privacy-aware Smart City and IIoT infrastructures. Realizing this vision will require sustained collaboration across standards bodies, municipalities and operators, vendors, and the research community.

Funding

This research received no external funding.

Data Availability Statement

The raw data supporting the conclusions of this article will be made available by the authors upon reasonable request to the corresponding author.

Acknowledgments

During the preparation of this manuscript/study, the author used Chat-GPT (version 5.2) in order to improve readability and language. The author have reviewed and edited the output and take full responsibility for the content of this publication.

Conflicts of Interest

The author declares no conflict of interest.

Abbreviations

The following abbreviations are used in this manuscript:
LWCLightweight Cryptography
DPDifferential Privacy
FLFederated Learning
HEHomomorphic Encryption
PQCPost-Quantum Cryptography
TEETrusted Execution Environment
TSNTime-Sensitive Networking
IDSInternational Data Spaces
VC 2.0W3C Verifiable Credentials, Version 2.0

References

  1. Kumar, S.; Kumar, D.; Dangi, R.; Choudhary, G.; Dragoni, N.; You, I. A Review of Lightweight Security and Privacy for Resource-Constrained IoT Devices. Comput. Mater. Contin. 2024, 78, 31–63. [Google Scholar] [CrossRef]
  2. Mathews, R.; Jose, D.V. Hybrid homomorphic-asymmetric lightweight cryptosystem for securing smart devices: A review. Trans. Emerg. Telecommun. Technol. 2024, 35, e4866. [Google Scholar] [CrossRef]
  3. Hazzaa, F.; Hasan, M.M.; Qashou, A.; Yousef, S. A New Lightweight Cryptosystem for IoT in Smart City Environments. Mesopotamian J. Cybersecur. 2024, 4, 46–58. [Google Scholar] [CrossRef]
  4. Khalique, A.; Siddiqui, F.; Ahad, M.A.; Hussain, I. Lightweight authentication for IoT devices (LAID) in sustainable smart cities. Sci. Rep. 2025, 15, 25410. [Google Scholar] [CrossRef] [PubMed]
  5. Dhinakaran, D.; Sankar, S.M.U.; Selvaraj, D.; Raja, S.E. Privacy-Preserving Data in IoT-based Cloud Systems: A Comprehensive Survey with AI Integration. arXiv 2024, arXiv:2401.00794. [Google Scholar] [CrossRef]
  6. Ali, M.; Suchismita, M.; Ali, S.S.; Choi, B.J. Privacy-Preserving Machine Learning for IoT-Integrated Smart Grids: Recent Advances, Opportunities, and Challenges. Energies 2025, 18, 2515. [Google Scholar] [CrossRef]
  7. Wei, L.; Liu, Z. Light weight blockchain with IoT devices to secure smart non-fungible tokens using hybrid secure functions. Sci. Rep. 2025, 15, 31633. [Google Scholar] [CrossRef]
  8. Majeed, A.; Patni, S.; Hwang, S.O. A Comprehensive Analysis of Privacy-Preserving Solutions Developed for IoT-Based Systems and Applications. Electronics 2025, 14, 2106. [Google Scholar] [CrossRef]
  9. Smajlović, H.; Shajii, A.; Berger, B.; Cho, H.; Numanagić, I. Sequre: A high-performance framework for secure multiparty computation enables biomedical data sharing. Genome Biol. 2023, 24, 5. [Google Scholar] [CrossRef]
  10. Zhou, I.; Tofigh, F.; Piccardi, M.; Abolhasan, M.; Franklin, D.; Lipman, J. Secure Multi-Party Computation for Machine Learning: A Survey. IEEE Access 2024, 12, 53881–53899. [Google Scholar] [CrossRef]
  11. Geppert, T.; Deml, S.; Sturzenegger, D.; Ebert, N. Trusted Execution Environments: Applications and Organizational Challenges. Front. Comput. Sci. 2022, 4, 930741. [Google Scholar] [CrossRef]
  12. Alotaibi, B. A Survey on Industrial Internet of Things Security: Requirements, Attacks, AI-Based Solutions, and Edge Computing Opportunities. Sensors 2023, 23, 7470. [Google Scholar] [CrossRef]
  13. Joint Task Force on Cybersecurity Education. Security and Privacy Controls for Information Systems and Organizations; NIST Special Publication 800-53, Revision 5; National Institute of Standards and Technology: Gaithersburg, MA, USA, 2020. [Google Scholar] [CrossRef]
  14. Boeckl, K.; Fagan, M.; Fisher, N.; Lefkovitz, N.; Megas, K.; Nadeau, J.; Ronquillo, D.; Smith, E.; Wald, D. NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0; Technical Report; National Institute of Standards and Technology: Gaithersburg, MA, USA, 2020. [Google Scholar] [CrossRef]
  15. Al-Huthaifi, R.; Li, T.; Huang, W.; Gu, J.; Li, C. Federated Learning in Smart Cities: Privacy and Security Survey. Inf. Sci. 2023, 632, 833–857. [Google Scholar] [CrossRef]
  16. European Parliament and the Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). 2016. Available online: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng (accessed on 2 September 2025).
  17. European Parliament and the Council of the European Union. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on Measures for a High Common Level of Cybersecurity Across the Union, Amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and Repealing Directive (EU) 2016/1148 (NIS 2 Directive). 2022. Available online: https://eur-lex.europa.eu/eli/dir/2022/2555/oj/eng (accessed on 2 September 2025).
  18. European Parliament and the Council of the European Union. Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on Harmonised Rules on Fair Access to and Use of Data (Data Act). 2023. Available online: https://eur-lex.europa.eu/eli/reg/2023/2854/oj/eng (accessed on 2 September 2025).
  19. European Parliament and the Council of the European Union. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act). 2024. Available online: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng (accessed on 2 September 2025).
  20. European Telecommunications Standards Institute (ETSI). ETSI EN 303 645 V3.1.3 (2024-09); Cyber Security for Consumer Internet of Things: Baseline Requirements. ETSI: Sophia Antipolis, France, 2024. Available online: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/03.01.03_60/en_303645v030103p.pdf (accessed on 2 September 2025).
  21. International Organization for Standardization (ISO); International Electrotechnical Commission (IEC). ISO/IEC 27001:2022; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. ISO: Geneva, Switzerland, 2022. Available online: https://www.iso.org/standard/27001 (accessed on 2 September 2025).
  22. Peralta Abadía, J.J.; Walther, C.; Osman, A.; Smarsly, K. A systematic survey of Internet of Things frameworks for smart city applications. Sustain. Cities Soc. 2022, 83, 103949. [Google Scholar] [CrossRef]
  23. Pinto, G.P.; Donta, P.K.; Dustdar, S.; Prazeres, C. A Systematic Review on Privacy-Aware IoT Personal Data Stores. Sensors 2024, 24, 2197. [Google Scholar] [CrossRef]
  24. OECD. Smart City Data Governance; Technical Report; Organisation for Economic Co-Operation and Development: Paris, France, 2023. [Google Scholar]
  25. Autoriteit Persoonsgegevens (Dutch DPA). The Dutch Data Protection Authority (DPA) Concerned About Smart Traffic Lights. 2024. Available online: https://www.autoriteitpersoonsgegevens.nl/en/current/the-dutch-data-protection-authority-dpa-concerned-about-smart-traffic-lights (accessed on 2 September 2025).
  26. Wang, X.; Tang, Z.; Guo, J.; Meng, T.; Wang, C.; Wang, T.; Jia, W. Empowering Edge Intelligence: A Comprehensive Survey on On-Device AI Models. ACM Comput. Surv. 2025, 57, 22. [Google Scholar] [CrossRef]
  27. Wang, X.; Wang, B.; Wu, Y.; Ning, Z.; Guo, S.; Yu, F.R. A Survey on Trustworthy Edge Intelligence: From Security and Reliability to Transparency and Sustainability. arXiv 2024, arXiv:2310.17944. [Google Scholar] [CrossRef]
  28. Zhang, T.; Wang, G.; Xue, C.; Wang, J.; Nixon, M.; Han, S. Time-Sensitive Networking (TSN) for Industrial Automation: Current Advances and Future Directions. ACM Comput. Surv. 2024. early access. [Google Scholar] [CrossRef]
  29. Fedullo, T.; Morato, A.; Tramarin, F.; Rovati, L.; Vitturi, S. A Comprehensive Review on Time Sensitive Networks with a Special Focus on Its Applicability to Industrial Smart and Distributed Measurement Systems. Sensors 2022, 22, 1638. [Google Scholar] [CrossRef] [PubMed]
  30. Institute of Electrical and Electronics Engineers (IEEE). IEEE 802.1 Time-Sensitive Networking (TSN) Task Group; IEEE: Piscataway, NJ, USA, 2025; Available online: https://1.ieee802.org/tsn/ (accessed on 2 September 2025).
  31. International Electrotechnical Commission (IEC); Institute of Electrical and Electronics Engineers (IEEE). IEC/IEEE 60802 Joint Project: TSN Profile for Industrial Automation; IEC: Geneva, Switzerland; IEEE: Piscataway, NJ, USA, 2025; Available online: https://1.ieee802.org/tsn/iec-ieee-60802/ (accessed on 2 September 2025).
  32. Moure-Garrido, N.; Casillas-Pérez, D.; Ortego, J.; Vázquez-Gallego, F. Reducing DNS Traffic to Enhance Home IoT Device Privacy. Sensors 2024, 24, 2690. [Google Scholar] [CrossRef]
  33. Sasi, T.; Lashkari, A.H.; Lu, R.; Xiong, P.; Iqbal, S. A Comprehensive Survey on IoT Attacks: Taxonomy, Detection Mechanisms and Challenges. J. Inf. Intell. 2024, 2, 455–513. [Google Scholar] [CrossRef]
  34. European Union Agency for Cybersecurity (ENISA). ENISA Threat Landscape 2024; Technical Report; ENISA: Athens, Greece, 2024. [Google Scholar]
  35. Niu, J.; Liu, P.; Zhu, X.; Shen, K.; Wang, Y.; Chi, H.; Shen, Y.; Jiang, X.; Ma, J.; Zhang, Y. A Survey on Membership Inference Attacks and Defenses in Machine Learning. J. Inf. Intell. 2024, 2, 404–454. [Google Scholar] [CrossRef]
  36. Turan, M.S.; McKay, K.A.; Chang, D.; Bassham, L.E.; Kang, J.; Waller, N.D.; Kelsey, J.M.; Hong, D. Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process; NIST Interagency or Internal Report NIST IR 8454; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2023. [Google Scholar] [CrossRef]
  37. Madushan, H.; Salam, I.; Alawatugoda, J. A Review of the NIST Lightweight Cryptography Finalists and Their Fault Analyses. Electronics 2022, 11, 4199. [Google Scholar] [CrossRef]
  38. Soto-Cruz, J.; Ruiz-Ibarra, E.; Vázquez-Castillo, J.; Espinoza-Ruiz, A.; Castillo-Atoche, A.; Mass-Sanchez, J. A Survey of Efficient Lightweight Cryptography for Power-Constrained Microcontrollers. Technologies 2025, 13, 3. [Google Scholar] [CrossRef]
  39. Sönmez Turan, M.; McKay, K.; Kang, J.; Kelsey, J.; Chang, D. Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions; NIST Special Publication 800-232; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2025. [Google Scholar] [CrossRef]
  40. National Institute of Standards and Technology (NIST). NIST Finalizes “Lightweight Cryptography” Standard to Protect Small Devices; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2025. Available online: https://www.nist.gov/news-events/news/2025/xx/nist-finalizes-lightweight-cryptography-standard (accessed on 2 September 2025).
  41. National Institute of Standards and Technology (NIST). NIST Selects “Lightweight Cryptography” Algorithms to Protect Small Devices; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2023. Available online: https://www.nist.gov/news-events/news/2023/xx/nist-selects-lightweight-cryptography-algorithms-protect-small-devices (accessed on 2 September 2025).
  42. McKay, K.; National Institute of Standards and Technology (NIST). Benchmarking of NIST LWC Finalists on Microcontrollers; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2023. [CrossRef]
  43. Selander, G.; Mattsson, J.P.; Palombini, F. RFC 9528: Ephemeral Diffie-Hellman Over COSE (EDHOC); Internet Engineering Task Force (IETF): Fremont, CA, USA, 2024. [Google Scholar] [CrossRef]
  44. National Institute of Standards and Technology (NIST). Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM); Federal Information Processing Standards Publication FIPS 203; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2024. [CrossRef]
  45. National Institute of Standards and Technology (NIST). Module-Lattice-Based Digital Signature Standard (ML-DSA); Federal Information Processing Standards Publication FIPS 204; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2024. [CrossRef]
  46. Zhou, F.; Wang, X.; Zhang, W. Privacy-Preserving and Verifiable Data Aggregation for Internet of Vehicles. Comput. Netw. 2024, 241, 110055. [Google Scholar] [CrossRef]
  47. Zhang, J.; Li, X.; Chen, Y.; Wang, J. A Lightweight Privacy-Preserving Data Aggregation Scheme Against Malicious Aggregators for IoT. J. King Saud Univ. Comput. Inf. Sci. 2023, 35, 105180. [Google Scholar] [CrossRef]
  48. Loukil, F.; Ghedira-Guegan, C.; Boukadi, K.; Benharkat, A. Privacy-Preserving IoT Data Aggregation Based on Blockchain and Homomorphic Encryption. Sensors 2021, 21, 2452. [Google Scholar] [CrossRef] [PubMed]
  49. Aziz, R.; Aljarah, I.; Abdullah, S.; Faris, H. Exploring Homomorphic Encryption and Differential Privacy in Federated Learning: A Survey. Future Internet 2023, 15, 310. [Google Scholar] [CrossRef]
  50. Tayyeh, H.K.; Hammoudeh, M.; Ould, S.M. A Differential Privacy Approach in Federated Learning. Computers 2024, 13, 277. [Google Scholar] [CrossRef]
  51. Zheng, L.; Zhang, Q.; Li, W.; Chen, H. Sensitivity-Aware Differential Privacy for Federated Medical Imaging. Sensors 2025, 25, 2847. [Google Scholar] [CrossRef]
  52. Dritsas, E.; Trigka, M. Federated Learning for IoT: A Survey of Techniques, Challenges, and Applications. IoT 2025, 14, 9. [Google Scholar] [CrossRef]
  53. Zhang, X.; Sun, K.; Liu, Q. A Review of Research on Secure Aggregation for Privacy-Preserving Federated Learning. Future Internet 2025, 17, 308. [Google Scholar] [CrossRef]
  54. Zhao, J.; Bagchi, S.; Avestimehr, S.; Chan, K.; Chaterji, S.; Dimitriadis, D.; Li, J.; Nourian, A.; Roth, H. A Survey of Federated Learning Privacy Attacks, Defenses, Applications, and Policy Landscape. ACM Comput. Surv. 2025, 57, 230. [Google Scholar] [CrossRef]
  55. Shi, R.; Liu, Y.; Zhang, C.; Li, W. More Efficient and Verifiable Privacy-Preserving Aggregation for Federated Learning. Appl. Sci. 2024, 14, 5361. [Google Scholar] [CrossRef]
  56. de Laage, R.; Yuhala, P.; Wicht, F.X.; Felber, P.; Cachin, C.; Schiavoni, V. Practical Secure Aggregation by Combining Cryptography and Trusted Execution Environments. In Proceedings of the 19th ACM International Conference on Distributed and Event-Based Systems, Gothenburg, Sweden, 10–13 June 2025. [Google Scholar] [CrossRef]
  57. Oldenburg, L.; Juarez, M.; Rúa, E.A.; Diaz, C. MixMatch: Flow Matching for Mixnet Traffic. Proc. Priv. Enhancing Technol. 2024, 2024, 276–294. [Google Scholar] [CrossRef]
  58. Das, D.; Diaz, C.; Kiayias, A.; Zacharias, T. Are Continuous Stop-and-Go Mixnets Provably Secure? Proc. Priv. Enhancing Technol. 2024, 2024, 665–683. [Google Scholar] [CrossRef]
  59. Rahimi, M. CLAM: Client-Aware Routing in Mix Networks. In Proceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security, Baiona, Spain, 24–26 June 2024. [Google Scholar] [CrossRef]
  60. Benarous, L.; Zeadally, S.; Boudjit, S.; Mellouk, A. A Review of Pseudonym Change Strategies for Location Privacy in Vehicular Networks. ACM Comput. Surv. 2025, 57, 204. [Google Scholar] [CrossRef]
  61. Sutradhar, K.; Das, A.; Khan, M.N.; Shivam, P.; Khandelwal, P. A Survey on Privacy-Preserving Authentication Protocols for Vehicular Networks. Comput. Netw. 2024, 240, 110001. [Google Scholar] [CrossRef]
  62. Tao, Y.; Wu, H.; Javanmardi, E.; Tsukada, M.; Esaki, H. Zero-Knowledge Proof of Distinct Identity for Sybil-Resistant Pseudonyms in C-ITS. arXiv 2024, arXiv:2403.14020. [Google Scholar]
  63. Khan, I.; Majib, Y.; Ullah, R.; Rana, O. Blockchain Applications for Internet of Things—A Survey. Array 2024, 27, 101254. [Google Scholar] [CrossRef]
  64. Mathur, S.; Kalla, A.; Gür, G.; Bohra, M.K.; Liyanage, M. A Survey on the Role of Blockchain for IoT: Applications and Challenges. Comput. Netw. 2023, 225, 109518. [Google Scholar] [CrossRef]
  65. Enaya, A.; Fernando, X.; Kashef, R. Survey of Blockchain-Based Applications for IoT. Appl. Sci. 2025, 15, 4562. [Google Scholar] [CrossRef]
  66. Hu, T.; Yang, S.; Wang, Y.; Li, G.; Wang, Y.; Wang, G.; Yin, M. A Blockchain-Based Access Control Framework for Secure IoT Data Management. Sensors 2023, 23, 8535. [Google Scholar] [CrossRef]
  67. Zhou, L.; Diro, A.; Saini, A.; Kaisar, S.; Hiep, P.C. Leveraging Zero Knowledge Proofs for Blockchain-Based Identity Sharing: A Survey of Advancements, Challenges and Opportunities. J. Inf. Secur. Appl. 2024, 80, 103678. [Google Scholar] [CrossRef]
  68. Roelink, B.O.; El-Hajj, M.; Sarmah, D. Promise of Zero-Knowledge Proofs (ZKPs) for Blockchain Systems. Secur. Priv. 2024, 7, e461. [Google Scholar] [CrossRef]
  69. Qi, M.; Wang, Z.; Han, Q.L.; Zhang, J.; Chen, S.; Xiang, Y. Privacy Protection for Blockchain-Based Healthcare IoT Systems: A Survey. IEEE/CAA J. Autom. Sin. 2024, 11, 1143–1163. [Google Scholar] [CrossRef]
  70. OPC Foundation. OPC UA: Interoperability for Industrie 4.0 and IoT; OPC Foundation: Scottsdale, AZ, USA, 2023. [Google Scholar]
  71. oneM2M Partnership Project. oneM2M: IoT Standards for Interoperable and Secure Services. 2025. Available online: https://www.onem2m.org (accessed on 2 September 2025).
  72. International Society of Automation (ISA); International Electrotechnical Commission (IEC). ISA/IEC 62443; Series of Standards for Industrial Automation and Control Systems Security. International Society of Automation (ISA): Research Triangle Park, NC, USA, 2025. Available online: https://www.iec.ch/dyn/www/f?p=103:85:0::::FSP_LANG_ID:25 (accessed on 2 September 2025).
  73. International Data Spaces Association (IDSA). IDS Reference Architecture Model (IDS-RAM), Version 4.0; International Data Spaces Association: Dortmund, Germany, 2022; Available online: https://internationaldataspaces.org/publications/ids-reference-architecture-model/ (accessed on 2 September 2025).
  74. International Data Spaces Association (IDSA). Understanding the IDS Reference Architecture Model. 2024. Available online: https://internationaldataspaces.org/understanding-the-idsa-reference-architecture-model/ (accessed on 2 September 2025).
  75. World Wide Web Consortium (W3C). Verifiable Credentials Data Model v2.0. 2025. Available online: https://www.w3.org/TR/vc-data-model-2.0/ (accessed on 2 September 2025).
  76. Li, Y.; Xie, B.; Guo, S.; Yang, Y.; Xiao, B. A Survey of Robustness and Safety of 2D and 3D Deep Learning Models against Adversarial Attacks. ACM Comput. Surv. 2024, 56, 138. [Google Scholar] [CrossRef]
  77. Liu, B.; Lv, N.; Guo, Y.; Li, Y. Recent advances on federated learning: A systematic survey. Neurocomputing 2024, 597, 128019. [Google Scholar] [CrossRef]
  78. Feng, D.; Qin, Y.; Feng, W.; Li, W.; Shang, K.; Ma, H. Survey of Research on Confidential Computing. IET Commun. 2024, 18, 1405–1428. [Google Scholar] [CrossRef]
  79. Sabt, M.; Achemlal, M.; Bouabdallah, A. Trusted Execution Environment: What It Is, and What It Is Not. In Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 20–22 August 2015. [Google Scholar] [CrossRef]
  80. Wang, Q.; Oswald, D. Confidential Computing on Heterogeneous CPU-GPU Systems. arXiv 2024, arXiv:2408.11601. [Google Scholar]
  81. Addula, S.R.; Meesala, M.K.; Ravipati, P.; Sajja, G.S. A Hybrid Autoencoder and Gated Recurrent Unit Model Optimized by Honey Badger Algorithm for Enhanced Cyber Threat Detection in IoT Networks. Secur. Priv. 2025, 8, e70086. [Google Scholar] [CrossRef]
  82. Vassilev, A.; Oprea, A.; Fordyce, A.; Anderson, H. Adversarial Machine Learning: A Taxonomy and Terminology; NIST AI Technical Report AI 100-2e202; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2025. [Google Scholar]
  83. Mao, B.; Liu, J.; Wu, Y.; Kato, N. Security and Privacy on 6G Network Edge: A Survey. IEEE Commun. Surv. Tutor. 2023, 25, 1095–1127. [Google Scholar] [CrossRef]
  84. Ferrag, M.A.; Friha, O.; Kantarci, B.; Tihanyi, N.; Cordeiro, L.; Debbah, M.; Hamouda, D.; Al-Hawawreh, M.; Choo, K.K.R. Edge Learning for 6G-enabled Internet of Things: A Comprehensive Survey of Vulnerabilities, Datasets, and Defenses. arXiv 2023, arXiv:2306.10309. [Google Scholar] [CrossRef]
  85. Qureshi, A.R.; Asensio, A.; Imran, M.; Garcia, J.; Masip-Bruin, X. A Survey on Security-Enhancing Digital Twins: Models, applications and tools. Comput. Commun. 2025, 238, 108158. [Google Scholar] [CrossRef]
  86. Odeh, J.O.; Yang, X. Industrial-Internet-of-Things-Based Digital Twin and Cybersecurity. IT Prof. 2024, 26, 14–23. [Google Scholar] [CrossRef]
  87. Wang, Y.; Su, Z.; Zhang, N.; Xing, R.; Liu, D.; Luan, T.H.; Shen, X. A Survey on Metaverse: Fundamentals, Security, and Privacy. IEEE Commun. Surv. Tutor. 2023, 25, 2337–2371. [Google Scholar] [CrossRef]
  88. Garrido, G.M.; Nair, V.; Song, D. SoK: Data Privacy in Virtual Reality. Proc. Priv. Enhancing Technol. 2024, 2024, 21–40. [Google Scholar] [CrossRef]
  89. Birkholz, H.; Thaler, D.; Richardson, M.; Smith, N.; Moran, B.; Eckel, M. RFC 9334: Remote Attestation Procedures (RATS) Architecture; Internet Engineering Task Force (IETF): Fremont, CA, USA, 2023. [Google Scholar] [CrossRef]
  90. Lundblade, L.; Mandyam, G.; O’Donoghue, J.; Wallace, C. RFC 9711: The Entity Attestation Token (EAT); Internet Engineering Task Force (IETF): Fremont, CA, USA, 2025. [Google Scholar] [CrossRef]
  91. Pan, K.; Ong, Y.S.; Gong, M.; Li, H.; Qin, A.K.; Gao, Y. Differential Privacy in Deep Learning: A Literature Survey. Neurocomputing 2024, 589, 127663. [Google Scholar] [CrossRef]
  92. Demelius, L.; Kern, R.; Trügler, A. Recent Advances of Differential Privacy in Centralized Deep Learning: A Survey. ACM Comput. Surv. 2025, 57, 158. [Google Scholar] [CrossRef]
  93. Wang, Y.; Liu, Y.; Chen, X. Scenario-based Adaptations of Differential Privacy: A Survey. ACM Comput. Surv. 2024, 56, 199. [Google Scholar] [CrossRef]
  94. Newhouse, W.; Souppaya, M.; Barker, W.; Brown, C.; Kampanakis, P.; Goodman, J.; Prat, J.; Gray, J.; Ounsworth, M.; Viana, C.; et al. SP 1800-38B: Migration to Post-Quantum Cryptography—Quantum Readiness: Cryptographic Discovery; Technical Report; National Institute of Standards and Technology, National Cybersecurity Center of Excellence (NCCoE): Gaithersburg, MD, USA, 2023. Available online: https://www.nccoe.nist.gov/projects/migration-post-quantum-cryptography (accessed on 2 September 2025).
  95. Newhouse, W.; Souppaya, M.; Barker, W.; Brown, C.; Kampanakis, P.; Manzano, M.; McGrew, D.; Dames, A.; Soukharev, V.; Lafrance, P.; et al. SP 1800-38C: Migration to Post-Quantum Cryptography—Approaches for Discovery and Remediation; Technical Report; National Institute of Standards and Technology, National Cybersecurity Center of Excellence (NCCoE): Gaithersburg, MD, USA, 2023. Available online: https://www.nccoe.nist.gov/projects/migration-post-quantum-cryptography (accessed on 2 September 2025).
  96. National Security Agency (NSA). NSA Releases Future Quantum-Resistant Algorithm Requirements for National Security Systems (CNSA 2.0); National Security Agency: Fort Meade, MD, USA, 2022. Available online: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/xxxx/ (accessed on 2 September 2025).
  97. National Security Agency (NSA). Commercial National Security Algorithm Suite 2.0 (CNSA 2.0): Algorithms and Guidance; National Security Agency: Fort Meade, MD, USA, 2025. Available online: https://www.nsa.gov/Press-Room/Press-Releases-Statements/ (accessed on 2 September 2025).
  98. Liu, T.; Ramachandran, G.; Jurdak, R. Post-Quantum Cryptography for Internet of Things: A Survey. arXiv 2024, arXiv:2401.17538. [Google Scholar] [CrossRef]
Electronics 15 00399 g001
Figure 1. High-level architecture of privacy-preserving techniques in Smart City and IIoT deployments. Lightweight cryptography protects data at the device layer; federated learning, differential privacy, and secure aggregation operate at the edge and gateways; confidential computing enhances trust at aggregation points; and anonymous communication and ledger-based mechanisms support unlinkability, auditability, and regulatory compliance in higher layers.
Figure 1. High-level architecture of privacy-preserving techniques in Smart City and IIoT deployments. Lightweight cryptography protects data at the device layer; federated learning, differential privacy, and secure aggregation operate at the edge and gateways; confidential computing enhances trust at aggregation points; and anonymous communication and ledger-based mechanisms support unlinkability, auditability, and regulatory compliance in higher layers.
Electronics 15 00399 g001
Electronics 15 00399 g002
Figure 2. Taxonomy of privacy-preserving techniques across the Smart City/IIoT stack and their threat coverage. (Top): Typical placement at device, edge, gateway, and cloud. (Bottom): Coverage against adversaries defined in Section 5.1 (Y = mitigated; P = partial/conditional; N = out of scope).
Figure 2. Taxonomy of privacy-preserving techniques across the Smart City/IIoT stack and their threat coverage. (Top): Typical placement at device, edge, gateway, and cloud. (Bottom): Coverage against adversaries defined in Section 5.1 (Y = mitigated; P = partial/conditional; N = out of scope).
Electronics 15 00399 g002
Table 1. Privacy challenges in Smart Cities/IIoT: causes and typical risks.
Table 1. Privacy challenges in Smart Cities/IIoT: causes and typical risks.
ChallengePrimary CausesExamples of Typical Privacy Risks
Heterogeneity and interoperabilityMulti-vendor stacks; divergent schemas; cross-agency data sharingPolicy drift; inconsistent consent/retention; cross-dataset linkage [22,24]
Resource constraintsLow-power MCUs; limited RAM/flash; bandwidth capsWeakened crypto/padding; coarse-grained access; stale keys [12]
Real-time determinismTight latency/jitter bounds; TSN schedulesInfeasible mixing/padding; timing side effects; safety regressions [28,29,31]
Side-channel inferenceDistinctive DNS/flow patterns; traffic rate fingerprintsDevice/behavior identification; targeted exploits [32]
Data aggregation and linkageMobility, utility, service logs combined at scaleRe-identification; trajectory and profile reconstruction [23,24]
Adversarial/AI-driven threatsIoT botnets; supply chain; ML privacy attacks6.1 cm mass surveillance via compromised endpoints; MIA/model leakage [33,34,35]
Table 2. Threat coverage by technique family. Y = mitigated; P = partial/conditional; N = out of scope. Residual risks summarize common remaining exposures.
Table 2. Threat coverage by technique family. Y = mitigated; P = partial/conditional; N = out of scope. Residual risks summarize common remaining exposures.
Technique FamilyPassive
Payload		Traffic
Analysis		Honest-
But-Curious		Malicious
Participant		Compromised
Gateway		Typical Residual Risks
Lightweight cryptography
(Ascon AEAD/Hash)		YNNNNMetadata leakage (flows, DNS, timing),
key theft on nodes without hardening,
misconfigurations (nonce reuse)
HE/secure aggregation
(sums, low-degree)		YNYPNMetadata leakage unless combined with
padding/mixing; limited function classes;
aggregator compromise if not verifiable
Differential privacy
(output/local)		PNYNNUtility loss vs. privacy budget;
composition across releases;
local DP depends on client honesty and calibration
Federated learning
+ secure aggregation		PNYPNModel leakage (membership/inversion) without DP;
poisoning/backdoors by malicious clients;
dropouts/stragglers
Anonymous communication
(mix networks)		PYNNNAdded latency and bandwidth (cover traffic);
global observers may still infer under
misconfiguration or low load
Permissioned blockchain
+ ZK (off-chain payloads)		NNPPNThroughput/storage overhead;
key management; privacy of off-chain stores;
correlation via access patterns
Table 3. Technique families vs. deployment trade-offs in Smart Cities/IIoT. L = low, M = medium, H = high (cost or strength). Qualitative ratings (L/M/H) are derived from the ranges and trends reported in the cited surveys, benchmarks, and experimental studies, and reflect relative comparisons across techniques rather than absolute performance values.
Table 3. Technique families vs. deployment trade-offs in Smart Cities/IIoT. L = low, M = medium, H = high (cost or strength). Qualitative ratings (L/M/H) are derived from the ranges and trends reported in the cited surveys, benchmarks, and experimental studies, and reflect relative comparisons across techniques rather than absolute performance values.
Technique FamilyLatency
Overhead		Compute/
Energy		Bandwidth
Overhead		Privacy StrengthTypical Fit
Lightweight cryptography
(Ascon AEAD/Hash)		LLLPayload confidentiality/integrity
(medium vs. traffic analysis)		Constrained sensors/actuators;
TSN-aware deployments [28,36,37,42]
HE-based secure aggregation
(additive/leveled)		MM–HMStrong on-value privacy;
metadata exposed unless combined with PETs		Gateway-side aggregation;
micro-batch analytics [47,48,49]
Differential privacy
(output or local)		L–ML–MLFormal bounds on individual leakage;
depends on budget and composition		Release of statistics/models;
cross-agency sharing [49,51]
Federated learning
+ secure aggregation		MMMLimits raw-data exposure;
residual model leakage without DP		On-device/edge training with
aggregator trust minimization [52,53,55]
Anonymous communication
(mixnets)		M–HMHStrong metadata privacy;
configurable latency		Telemetry batching, alerting
where delay is tolerable [57,58,59]
Permissioned blockchain
+ ZK		MMMAuditability, integrity, selective disclosure;
keys/throughput are bottlenecks		Cross-organization access control
and compliance logging [63,64,67,68]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Reis, M.J.C.d.S. Privacy-Preserving Protocols in Smart Cities and Industrial IoT: Challenges, Trends, and Future Directions. Electronics 2026, 15, 399. https://doi.org/10.3390/electronics15020399

AMA Style

Reis MJCdS. Privacy-Preserving Protocols in Smart Cities and Industrial IoT: Challenges, Trends, and Future Directions. Electronics. 2026; 15(2):399. https://doi.org/10.3390/electronics15020399

Chicago/Turabian Style

Reis, Manuel José Cabral dos Santos. 2026. "Privacy-Preserving Protocols in Smart Cities and Industrial IoT: Challenges, Trends, and Future Directions" Electronics 15, no. 2: 399. https://doi.org/10.3390/electronics15020399

APA Style

Reis, M. J. C. d. S. (2026). Privacy-Preserving Protocols in Smart Cities and Industrial IoT: Challenges, Trends, and Future Directions. Electronics, 15(2), 399. https://doi.org/10.3390/electronics15020399

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop