Abstract

Despite the existence of data privacy regulations, such as the general data protection regulation (GDPR), data leaks in the Internet of Things (IoT) still occur and cause significant harm due to the noncompliance of data users. To address this issue, a notable solution involves recording the process in an open, immutable blockchain and utilizing the trusted execution environment (TEE) for reliable compliance verification. Although substantial progress has been made in designing compliance schemes in recent years, current approaches suffer from various limitations, including compliance incompleteness, regulation faultiness, and privacy leak. This article introduces PACTA, an IoT data privacy regulation compliance scheme that leverages TEE and blockchain technology. In the protocol, PACTA efficiently handles both dynamic and static consent of data owners and utilizes TEE for compliance analysis of requests and processes. By storing encrypted critical data, the blockchain facilitates privacy-preserving audits of the entire compliance process. Additionally, we have designed a challenge–response protocol to address the silent behavior of the TEE. We demonstrate that PACTA effectively enforces regulation compliance while safeguarding privacy. We thoroughly evaluate our implementation’s efficiency and effectiveness using Ethereum and Intel SGX platforms.