DescriptionThe ubiquitous Internet of Things (IoT)-enabled applications pose unique challenges to user privacy protection. Privacy concerns arise when user information gets shared in the presence of adversarial inference attacks. As people become increasingly aware of privacy issues and their rights to protect personal information, it's crucial to i) design privacy-enabled countermeasures against such inference attacks, ii) study intrinsic tradeoffs between privacy protection and resource demands and iii) propose a unified framework for managing privacy and resource demands in shared IoT networks. For countermeasure design, we note that raw sensing data and encrypted network packets are two major forms of user information shared in an IoT network. To counter privacy attacks on these forms of user information, we focus on designing data compression and network traffic shaping mechanisms under the emerging framework of differential privacy (DP) that is formal and quantifiable. Privacy guaranteed by compressing data or shaping traffic then comes at the cost of data utility or communication overhead. To study and understand the cost of privacy, we formulate the problem of finding optimal compression or shaping mechanisms as (quasi)convex programs which have efficient solvers. By theoretical analysis and experimental demonstration, we show how certain dynamics of a network or traffic deploying these mechanisms trade less resources in terms of data utility or communication overhead for privacy protection. On top of countermeasure design and tradeoff analysis, we finally propose a unified framework for privacy-enabled resource management in a shared IoT network. We focus on shaping encrypted network traffic at individual user level to mask sensitive packet timing information. The goal is to allocate fair rates among bandwidth-sharing individuals given their heterogeneous privacy and overhead demands. We further derive the optimal rate allocation in closed form and show that it exemplifies a standard water-filling (WF) procedure yet the allocated rates (or "water levels") are scaled according to the individual privacy demands.