Differential Privacy for IoT-Enabled Critical Infrastructure: A Comprehensive Survey

The rapid evolution of the Internet of Things (IoT) paradigm during the last decade has lead to its adoption in critical infrastructure. However, the multitude of benefits that are derived from the IoT paradigm are short-lived due to the exponential rise in the associated security and privacy threats. Adversaries carry out privacy-oriented attacks to gain access to the sensitive and confidential data of critical infrastructure for various self-centered, political and commercial gains. In the past, researchers have employed several privacy preservation approaches including cryptographic encryption and k-anonymity to secure IoT-enabled critical infrastructure. However, for various reasons, those proposed solutions are not well suited for modern IoT-enabled critical infrastructure. Therefore, Dwork’s differential privacy has emerged as the most viable privacy preservation strategy for IoT-enabled critical infrastructure. This paper provides a comprehensive and extensive survey of the application and implementation of differential privacy in four major application domains of IoT-enabled critical infrastructure: Smart Grids (SGs), Intelligent Transport Systems (ITSs), healthcare and medical systems, and Industrial Internet of Things (IIoT). Finally, we discuss some promising future research directions in differential privacy for IoT-enabled critical infrastructure.


I. INTRODUCTION
The rapid evolution of ubiquitous computing has led to the advent of a novel communication paradigm known as the Internet of Things (IoT). The IoT envisions an intelligent inter-connected network of everything to allow interaction and exchange of information based on agreed protocols without requiring human intervention. Throughout the last decade, several economic giants including USA and China have prioritized the developments and advancements of IoT-enabled systems and there have been remarkable advancements in this interesting field ever since. By the end of 2020, the global number of IoT-enabled systems is predicted to surpass 50 billion with China alone accounting for 24 billion IoT-enabled systems [1], [2]. Some years ago, The associate editor coordinating the review of this manuscript and approving it for publication was Nadeem Iqbal. independent embedded systems and sensors were utilized for conducting and monitoring a variety of processes and tasks in a range of sectors. The exponential growth of their applications precipitated the inter-connection of everything under a common infrastructure to provide information and control of state of objects [3] which ultimately led to the birth of IoT-enabled systems.
In addition to the ability of IoT-enabled systems to inter-connect several 'things' for efficient communication and data sharing across a single network, its vast array of benefits derived has grasped the attention of several technologists [4], [5]. Surprisingly, in a short span of time, IoT-enabled systems have become an integral part of several sectors, such as manufacturing, healthcare, transport and logistics, giving rise to IoT-enabled critical infrastructure (CI) [6]. Due to its increased architectural complexity and the use of several heterogeneous devices, privacy threats are strenuous to identify, assess and mitigate. Furthermore, those complex large-scale IoT-enabled systems create a data deluge. Since sensitive and confidential data are constantly being shared across the networks, security and privacy are the major prevailing concerns in the IoT-enabled CI [7]. Any cyber attack on those vulnerable systems can compromise the privacy and integrity of massive amounts of sensitive data.
There are several types of attacks performed on IoT-enabled CI including Sybil attacks, Denial of Service attacks and so on [8], [9]. Cyber attacks based on the access level of IoT-enabled critical networks can be categorized into active and passive attacks [10]. Active attacks, also known as security-oriented attacks, disrupt the network communication by evading the available security protection. On the other hand, passive attacks, also called privacy-oriented attacks, include eavesdropping the network, without causing any disruption, to gain illicit access to sensitive confidential information [10], [11]. The rapidly evolving IoT-enabled CIs are now becoming susceptible to several attacks launched by hackers and organized criminal syndicates [12]. Motivated by the rise in the number of privacy threats targeted for IoT-enabled CIs, several solutions are being developed. However, most of those proposed security approaches lack in applicability which may be due to computational complexity, costs as well as other related factors [11].

A. MOTIVATION: DIFFERENTIAL PRIVACY FOR IoT-ENABLED CRITICAL SYSTEMS
Over the last decade, a wide range of cryptographic approaches have been proposed by researchers in the view of tackling privacy concerns in IoT-enabled CIs [13]. Cryptographic techniques are the traditional data privacy mechanisms that encrypt the data using public or private keys prior to transmission at the sending end/node and decrypt data using those keys at the receiving end/node [14]. While several of those developed techniques can efficiently safeguard data privacy in IoT-enabled CIs, the usage of cryptographic encryption and decryption techniques with public and private keys present several drawbacks: • The implementation of cryptographic measures for IoT-enabled CIs is rather challenging due to the increased computational complexities involved [14]; • A node failure within the whole IoT-enabled critical network prevents the decryption and collection of data from the other network nodes due to missing network keys [14], [15]; • Asymmetric key cryptography techniques require the generation and distribution of the public and/or private keys. The processes involved are quite time-consuming, hence diminishing the whole CI speed [14], [15]; & • Computational resources and costs associated with cryptography techniques on huge public datasets are relatively high [14]. Furthermore, several researchers have also proposed data anonymization techniques for data privacy preservation in IoT-enabled CIs [16]. During data anonymization techniques, unique personal identifiers such as name, ID number, etc. are discarded prior to query evaluation [17]. Sweeney [18] first proposed a practical application of k-anonymity for privacy preservation on static datasets. Its application has, since then, been extended to privacy preservation in dynamic high dimensional datasets whereby new data are continuously updated, anonymized and shared [19]. However, data anonymization techniques present certain drawbacks when applied for IoT-enabled CI: • The data anonymization trade-off between data quality and utility results in the loss of original data during sharing and publishing [18]. For instance, the faster the anonymization, the greater the loss of original data [17]; • In IoT-based critical networks, data streams may also consist of missing data values. However, most of the conventional data anonymization techniques fail to handle missing values in data streams [17]; • Adversaries with background knowledge of the data may compromise data privacy through several privacy breach attacks such as unsorted matching attacks, temporal attacks and complementary release attacks [20]; • In large datasets, the risks of data re-identification from the already anonymized data still prevail [21]. The aforementioned existing data privacy preservation techniques failed to tackle the security issues faced by IoT CI. In response, several research efforts were geared towards the development of a more effective practical solution to overcome those rising threats. Dwork [22], [23] first developed a novel scheme entitled differential privacy (DP). In brief, DP, a statistical anonymity model, safeguards privacy of data by adding a desired amount of randomised noises using various mathematical algorithms [22]. An in-depth explanation of DP is given in the later section. Following Dwork's proposed privacy preservation schemes, DP gained industry-wide acclaims for its low complexity and resilience against privacy breaches.
As opposed to the other previously mentioned data privacy preservation methods, the DP approach further guarantees the definition of a formal level of privacy [23]. Furthermore, DP assumes that an adversary has the maximum background knowledge of a database. Therefore, DP approaches ignore an enemy's background knowledge of the dataset whilst still protecting privacy of records [24]. In 2010, Rastogi and Nath [25] first proposed the application of DP for distributed time-series data within a network. The researchers implemented a two-staged distributed protocol, PASTE, making usage of Distributive Fourier Transform, homomorphic encryption and threshold encryption. The proposed solution was evaluated using three real datasets: GPS trace from Microsoft's Multiperson Local Survey, Body weight trace from a weight-monitoring website and Traffic trace from the Department of Transportation of San Antonio, Texas. This research, showing an improved accuracy, managed to solve the issues that hindered participatory data mining by ensuring data privacy through the adoption of DP and the provision of a formal privacy guarantee during data publishing. VOLUME 9, 2021 Rastogi and Nath's [25] innovative approach for privacy preservation in distributed data sources illustrated the accuracy of DP and its extensions for IoT networks. Within the last five years, major companies have initiated the utilization of DP in several IoT-enabled systems [26]. Similarly, DP approaches have found their way into IoT-enabled CI. For instance, Bohli et al. [27] first introduced the application of DP in modern energy systems (smart-grids) to provide the 'perfect privacy' under certain conditions. Similarly, Shi et al. [28] put forward the application of differential privacy for railway freights systems. Lin et al. [29] proposed a light-weight DP-based privacy preservation scheme for sensitive big data in WBANs. Additionally, several other researchers have introduced the notion of differential privacy for privacy preservation in IoT-enabled CIs.

B. SCOPE: OUR SURVEY
Only a handful of previous survey articles have focused on DP techniques either in general IoT-enabled domains or are limited to certain IoT-enabled critical domains. However, to the best of our knowledge, there is very little or no other previous surveys that have addressed DP approaches in the critical IoT-enabled infrastructure domains. Therefore, this survey is the first to comprehensively include the practical aspects and application of current state-of-the-art DP schemes for the critical IoT-enabled critical energy, medical, transport and industrial infrastructure. To this regard, Table 1 provides a chronological format such that previous related survey articles in these research domains can be compared and contrasted with this study. This enables the reader to have a clearer overview of the scope of this survey.

C. CONTRIBUTIONS: OUR SURVEY
As far as it can be recalled, there is a lack of comprehensive survey on the adoption and utilization of DP approaches in critical IoT-enabled infrastructures which gave rise to unresolved future directives in this field. Therefore, in this paper, we present a thorough survey on the current state-of-the-art literature on DP approaches applied to each of the critical IoT-enabled infrastructure domains. The contributions of the review are as follows: • We review existing survey articles on DP to highlight their major contributions.
• We provide an extensive and comprehensive survey of the implementation of DP in IoT-Enabled Critical Infrastructure.
• We emphasize the focus of this manuscript to review the practical implementation of DP on the four main application domains namely Energy, Transport, Healthcare and Industrial IoT-enabled CIs.
• Lastly, we summarize some open challenges and possible future research directions to help advance research in the implementation of DP in IoT-enabled CIs. In our work, we address the lack of surveys as highlighted in Table 1 below. We divide and survey the papers related to the application of DP in four major critical areas namely Energy, Transport, Healthcare and Industrial IoT-enabled Systems. For each related aforementioned area, we first give a brief overview of the application domains and then survey the existing literature through into sub-fields of each domain. Lastly, we also provide some future research directions to help the readers and researchers advance the several aspects of DP applications and implementation in the related CIs.

D. ARTICLE ORGANISATION: OUR SURVEY
This survey paper has been structurally organized to ease reader's understanding. This section gives an brief introduction to the topic in question with Table 2 presenting the list of abbreviations used throughout the survey. The remaining sections of this paper are organised as follows: Sections II and III provide an overview of IoT-enabled CIs and security aspects, and, DP and its relation to IoT-enabled CIs respectively. Sections V, IV, VI, VII surveys in details the application of DP for privacy preservation of IoT-enabled infrastructures in each scoped critical sector namely Energy, Healthcare, Transportation and Industry respectively. Section VIII gives an outline of prevailing open issues, challenges and future vital research areas to focus on. Lastly, Section X concludes this survey manuscript.

II. IoT-ENABLED CIs AND SECURITY ASPECTS
The advent of computers followed by the birth of the internet motivated the concept of 'connected things'. While smart devices are now a common buzzword in the 21 st century, interest in the development and deployment of connected electrical and electronics equipment began in the early 1980's. The famous Coca Cola vending machine at Carnegie Mellon University was the first IoT-type equipment to be connected to the internet. In the start of the following decade, major advancements in the connected equipment concept included the Trojan Room Coffee Pot at the University of Cambridge which had a camera connected to the internet and John Romkey's toaster which could be operated wirelessly through the internet [53], [54].
In 1999, Kevin Ashton coined the term IoT as the title of a presentation made at Procter & Gamble [55]. Since then, IoT industry experienced a major leap with electronics giant, LG, initiating IoT commercialisation by developing a smart refrigerator that intelligently realise any food stock replenishment and alert its user [53]. The following decades witnessed a remarkable progress towards IoT, which became the preferred solution to countless challenges affecting every aspect of life ranging from homes to manufacturing plants and beyond [41].
Whilst research in IoT has seen remarkable growth, no exact universal formal definition has yet been adopted for the term. Table 3 provides a list of definitions adopted by some organisations. In an IoT perspective, 'Things' can be regarded as any internet-connected physical or virtual objects (including people) which have the ability to communicate and interact among each other or with human users [56]. IoT in 2021 has come down the road burgeoning and

A. IoT-ENABLED CRITICAL INFRASTRUCTURE
The real IoT-enabled CI era initiated around 10 years ago when Wen Jiabao, former Chinese Premier, identified IoT to revamp and foster China's economy and strength [2]. Since then, China has invested huge sums on IoT-enabled CIs [60]. Other major economic powers also followed in the same footsteps. With everything going smart, there is a strong tendency to closely link 'smart cities' to IoT-enabled CIs. While a smart city is heavily dependent on the deployment of IoT technology to collect data for insights [61], IoT-enabled CIs only form part of the 'smart city' technological framework.
According to the United Nation's Department of Economic and Social Affairs, it is estimated that 68% of the global population is expected to live in urban cities by 2050 [62]. With the influx of people rushing to mega cities, the issue remains whether basic resources are optimally and efficiently distributed to citizens. To tackle this complex issue, governments are making significant efforts to develop effective solutions by leveraging Information Technology in view of balancing overpopulation and resources crisis. CIs are vital to an economy's cohesiveness and performance.
Being regarded as the basis of digital data-driven economies, IoT is the key to enable the design of smart CIs, also known as IoT-enabled Critical Infrastructure for optimum distribution of resources, production of goods and services as well as usage of infrastructures [55]. IoT-enabled CIs are intelligent inter-related internet-connected networks of systems that work collaboratively and synergistically to manufacture and distribute an uninterrupted flow of essential goods or services [63].
With smart cities as the top agenda of several countries for the next decade, new devices are constantly being added to the network. Hence, the increases in heterogeneous network nodes lead to over complexity of the architecture of IoT-enabled CIs [64].

B. ARCHITECTURE PARADIGMS: IoT-ENABLED CI
The unprecedented growth of IoT, complemented mainly due to its inter-connectivity and real-time data sharing abilities, is set to continue in the next decade. As the application domains of IoT expand, it is now the right time to take a look at the several issues faced by IoT networks related to their architectural designs. One of the prevailing issues is the number of languages, protocols, standards and heterogeneous connected nodes that make up the IoT stack [63]. Until now, there is not a single unified IoT/IoT-enabled CI architectural model that has been agreed upon. Discussions regarding proposing a universally accepted architecture for IoT-enabled infrastructures started as early as 2013 although experts suggest even then, it may have already been well behind as IoT evolution has been dramatic [65].
Numerous initiatives, such as the IoT-A, IoT-I, EU FP7 Internet of Things Architecture project and so on, have been funded by reputed institutions to design new architectures [66]. This section prescribes some of the most common and widely adopted ones across several domains in the view of giving the reader a better comprehension of the core functional layers of an end-to-end IoT-enabled CI.

1) THREE TIER IoT ARCHITECTURE
The three tier architecture, as shown in Figure 1, is the most fundamental architecture blueprint introduced [65]. As its name suggests, this architectural model comprises of three layers [67]    infrastructure deployments such as in smart grids, industries, smart cities, etc [65]. However, this three tier architecture is very basic and is unable to sustain the growing needs of a more robust IoT architecture [68]. Therefore, a five tier IoT architecture was proposed.

2) FIVE TIER IoT ARCHITECTURE
The five tier architecture model, as illustrated in Figure 2 comprises of the perception layer and application layer with similar responsibilities as in the three tier architecture. It additionally consists of three layers [65] namely: 1) Transport Layer: Comprises of wired and wireless networks such as 5G, LoRaWAN, LAN, etc. and is responsible for converting and transmitting data to and through the perception layer and the processing layer [68]. 2) Processing Layer: Accountable for pre-processing, analysing and storing the huge chunks of data collected from the transport layer [65]. It also plays a vital role in processing and filtering the data to increase the efficiency of limited resources [68]. 3) Business Layer: Oversees the whole infrastructure, its applications, functionalities, business and profit models while still safeguarding data and user privacy [68].

3) DISTRIBUTED IoT NETWORK ARCHITECTURES
Recent works [69] to integrate high performance distributed computing paradigms has brought about innovations in IoT Network architectures. Some of the latest ones are briefly discussed below: 1) Cloud Based IoT Architecture: Enables centralized deployment of huge IoT-enabled CIs. The cloud layer is responsible for everything related to data processing and storage [68]. This architecture, as depicted in Figure 4 offers flexibility and scalability of various  resources such as data storage, robust infrastructure for development, analytical software and tools, etc [70]. 2) Fog Based IoT Architecture: Moves certain processes such as monitoring and data pre-processing closer to the edge (physical layer) to enable faster automation [70]. Within Fog-based IoT architectures, the Fog Node consists of: a) Monitoring layer: Controls and manages power, resources, responses and services [70]. b) Pre-processing Layer: Filters, tidies, processes and analyses data and commands [71]. c) Storage Layer: Stores cleansed data after pre-processing [68]. d) Security Layer: Encrypts and decrypts data for privacy preservation and cyber threats mitigation [70]. By moving data processing closer to the edge, transmission bandwidth and cloud consumption is reduced, hence real-time performance increases. Moreover, it also solves the issue of security in IoT networks through the addition of the security layer [68], [70], [71].
3) Mist Based IoT Architecture: An additional mist layer is included between the physical layer and the fog node to allow real-time information across the several nodes of the network through mesh connectivity [72].

III. OVERVIEW OF DIFFERENTIAL PRIVACY
Broadly speaking, privacy is the right to freedom from interference or intrusion. However, to a more technical audience, information privacy, also known as data privacy, can be defined as the protection of sensitive and personal information relating to individuals and/or organizations. The major threat faced by IoT-enabled CIs is privacy preservation. Sensitive and personal information is being collected by those IoT infrastructure, curated and shared to both public and private organizations for various reasons including for research and statistical purposes and improvement of services. As mentioned earlier, the public sharing and dissemination of personal sensitive data can put the privacy of individuals at high risk. Privacy preservation has now become an urgent priority four IoT-enabled critical infrastructures and therefore, is an emerging field of research both in academia and in industry. Privacy preservation, also known as statistical disclosure control, is the method of safeguarding personal and sensitive information of individuals [22]. Effective privacy preservation is a far more complex issue such that one can think of privacy as a multi-faceted concept involving several forms, for instance, only sensitive information must be safeguarded, identity of the users must be preserved, etc [73]. Furthermore, the analysis, correlation and linkage of different information sources can as well lead to unintended re-identification and disclosure of personal information [74].

A. PRIVACY ATTACKS IN IoT-ENABLED CIs
In recent years, the number of privacy attacks on IoT-enabled CIs have grown exponentially. Table 4 provides a brief overview of some of the privacy attacks in conjunction with DP and IoT-enabled CIs.

B. DIFFERENTIAL PRIVACY
Most of the state-of-the-art developments in statistical disclosure control have been completed in respect to databases. Those works can be further classified into two main groups: the first group being preservation of the entire dataset and the second one being the implementation of a theoretical framework on the basis of privacy requirement [80]. K-anonymity, L diversity and T-closeness are viable anonymization techniques related to the preservation of entire dataset [81]. The prevalent concerns of other privacy preservation techniques include lack of data usefulness after anonymization, risk of re-identification after anonymization, unprotected queries, unsafe query auditing, etc [22].
Motivated by those concerns regarding statistical databases, Dwork proposed the quantification of privacy through a concept known as DP [22], [23]. It is critical to note that DP is not an algorithm but a concept. Since its proposal, DP has born fruit and is being thoroughly applied to IoT-enabled CIs. With the assumption that the curator is trustworthy, DP is totally independent of the prior knowledge of the adversary. The major goal of DP is make sure that every record in the dataset is given the same amount of privacy regardless of whether the observation is included in the dataset [82]. From a more technical perspective, DP is a formal framework to quantify to what extent individual privacy in a statistical database is preserved while releasing useful aggregate information about the database [83].

1) MATHEMATICAL DEFINITIONS
Let R be the randomized algorithmic function applied by a curator while releasing information. The randomized function guarantees that the output of a query is indistinguishable whether or not a specific observation is present in a dataset. Considering datasets to be made up of rows, it is implicit that two neighbouring datasets,B 1 and B 2 are different by at least one additional row [82].

1) Definition 1 (Adjacent Datasets):
A randomized algorithmic function, R, gives -DP if any two neighbouring datasets, B 1 and B 2 , differ by at most one element for any possible outcome, S, S ⊆ Range(R) where Range(R) is the range of resultant output function R [80], [82]. The mathematical definition is as follows: where is the privacy parameter which sets the desired level of privacy. 2) Definition 2 (Sensitivity): Consider a query is a function f and a database is X , the global sensitivity is the value of f (X ). The sensitivity value sets the desired amount of perturbation in the differentially private mechanism [82], [84]. The mathematical definition is as follows: where for k = 1, the sensitivity of f is the maximum possible difference between query outputs from two adjacent datasets that differ by at most one element.

2) EXISTING METHODS
Existing approaches for DP can be further classified into two groups [80]: 1) Methods that do not take into consideration the datasets: DP Optimization protocols [80] do not take into consideration the database while performing noise addition via Laplacian or Exponential mechanism [85], [85]- [89]. On the other hand, DP Sensitivity Calibration protocols [80] involve the smoothing and balancing of the sensitivity value, f , to a healthy trade-off to maintain data utility [90]- [95].
To preserve the data privacy in relation to a probability distribution, it is desired to use DP optimization protocols. On the other hand, to preserve the data privacy in relation to a sensitivity value, it is desired to use DP Sensitivity Calibration protocols. However, it must be noted that both the protocols can be used together to adjust both the probability density and the sensitivity value to achieve the desired amount of privacy.

2) Methods that take into consideration the datasets:
The correlation among the different records and attributes [80] of a dataset is exploited to maintain a healthy trade-off between data utility and data privacy [96]- [98]. Furthermore, DP Database Synopsis [80] enables the creation of a database synopsis through several techniques such as decomposition, transformation and/or compression. The main aim of this method is to optimize the error rate and data utility while satisfying -DP during noise addition [25], [99]- [101].

3) NOISE ADDITION MECHANISMS
Noise Addition Mechanisms, also referred to as data perturbation mechanisms [85], are methods through which noise can be added to the data in the view of preserving data privacy. The amount of noise to be incorporated in the dataset is directly proportional to the sensitivity value, f and the privacy loss, [102]. The three noise addition mechanisms for DP are: 1) Laplace Mechanism: Laplace Mechanism is one of the most utilized methods for adding Laplace distributed artificial noise to sensitive data [103]. The magnitude of the noise added will be calibrated by Lap( f / ) [82]. Low sensitivity queries require very little noise. Considering the database, B, the Randomized Function, R and the sensitivity value, f , the randomized Laplace Algorithm, L can be denoted as: 2) Exponential Mechanism: Exponential Mechanism is another commonly used methods for DP whenever the outputs are not numerical. The exponential mechanism was developed for instances whereby the best response must be picked, for example, adding noise directly to an optimal value will highly impact data utility [82]. Considering the database, B, l can be considered a potential element of the answer set L, l ∈ L for the scoring function, s : B × L → L. The randomized Exponential Algorithm, E, can be denoted as: 3) Gaussian Mechanism: Gaussian Mechanism is another well-known method used for implementation of DP.
The use of Gaussian noise makes it easier to comprehend and enhance the effect mechanism on the statistical analysis of a database as the sum of two Gaussians is a Gaussian. Unlike the Laplace mechanism, the magnitude of the noise added through Gaussian Mechanism can be calibrated by fln(1/δ)/ [82]. Considering a query function f and the privacy loss, be in the range of 0 to 1, the Gaussian Mechanism with parameter, σ can be denoted as:

4) TECHNICAL ISSUES ENCOUNTERED DURING DIFFERENTIAL PRIVACY IMPLEMENTATION
Whilst the basic logic behind DP is fairly simple, there are some few technical difficulties that are usually faced by researchers during the implementation of DP both in academia and in industry. This section briefly introduces the various issues faced and can be potentially faced during the application of DP to IoT-enabled CIs. 1) Decision of -value: The lack of sound guidelines and methods for choosing the -value makes it difficult to choose the optimal value to have a healthy trade-off between utility and privacy [104]. Choosing a small -value inputs a large amount of noise and guarantees higher privacy preservation but results in lower data utility and query accuracy. On the other hand, choosing a large -value inputs a small amount of noise and guarantees data utility and query accuracy while compromising on privacy. Indeed, to overcome this issue, researchers have employed a number of approaches [104]- [108]. However, these proposed methods only work for certain circumstances and a sound approach is still missing.
2) Decision of sensitivity value: Similarly, a lack of effective frameworks and guidelines makes it difficult to choose the optimal value of sensitivity in the view of balancing a healthy trade-off between sensitivity and data utility [104]. In general, researchers tend to use a low sensitivity value on statistical databases [87] since it works well with global sensitivity. While using a low sensitivity value guarantees data utility, it is important to note that privacy is greatly compromised. On the other hand, a high sensitivity value tends to negatively impact data utility but guarantees better privacy. Several methods [109]- [111] have been proposed to tackle the decision of the sensitivity value. Proposed methods have been able to find near optimal values for a particular dataset but a certain amount of privacy is still allowed to be compromised [112]. However, an efficient method for choosing the optimal sensitivity value for a healthy privacy-utility trade-off is still lacking. 3) Overcoming data coupling: Overcoming data correlation is one of the biggest challenges faced during the implementation of DP [80], [104]. In real-world scenarios, datasets often include correlation amongst the several attributes present which can indefinitely help the attacker to perform inferences in the view of obtaining personal information relating to the individual [113]. Some few transformation based methods have been proposed but those methods [25], [90], [114]- [118] work in specific circumstances only and may even compromise data utility in other circumstances [112]. Therefore, effective methods of transforming the data and decreasing the correlation are still lacking. 4) Dealing with Structural and Sampling Zeros: In 2017, the US Census Bureau announced the usage of DP as the privacy preservation mechanism for the US 2020 Population of Housing Census [119]. In statistics, there are two types of zeros, namely, structural zeros and sampling zeros. Since this discussion is out of the scope of this survey, an example of sampling zero can be 'No Man over 75 years was living in this house.' while an example of structural zero can be 'It is impossible to have a 15 year old mother with a 30 year old son.' During the implementation of DP, it was found that noise added through the different data perturbation mechanisms may make sampling zeros and structural zeros positive in some cases [104].

5) DIFFERENTIAL PRIVACY STRENGTHS
The preservation of privacy in databases whilst safeguarding data utility is indeed a tedious task. Although Dwork's proposed DP has some drawbacks, it is a promising and powerful privacy preservation technique that is trending in major technology companies such as Apple, Microsoft, etc. This section briefly lists the strengths of DP that sustains its applications for several uses.
1) Protection against Linkage attacks: As previously mentioned, linkage attacks are some of the easiest attacks that is performed by attackers to gain illicit access to private sensitive information of individuals.
In most of the cases, DP ensures the neutralization of linkage attacks and indefinitely solves the risks of re-identification [82], [84].
2) Measurement of Privacy Loss: The measurement of privacy loss enables the control on the amount of information leakage allowed whilst preserving data utility and comparison of the different techniques of privacy preservation [22], [23], [82]. Furthermore, from the quantification of privacy loss, the cumulative privacy loss over several iterations can be analysed through composition in the view of implementing much more complex DP algorithms [84].

6) DIFFERENTIAL PRIVACY LIMITATIONS
Apart from the previously mentioned technical difficulties encountered by researchers during the implementation of DP both in academia and in industry, it very significant that DP does not promise a complete privacy preservation.
In instances whereby a dataset consists of very strongly correlated data with specific sensitive attributes, DP may fail to provide its promises [82]. Haeberlen et al. [120] reported that major well-known implementations of DP such as PINQ, Airavat, Fuzz, etc. consisted of vulnerabilities that can be further exploited by attackers to leak private sensitive attacks through covert channel attacks. It is critical to ensure that a channel is unable to learn anything about the data as a single bit of information learnt by a channel destroys all of DP's promises [120]. Furthermore, DP suffers from three major limitations [46], [121], [122] as in the following: 1) Large Query Sensitivity: Achieving DP during large query sensitivity is challenging while still maintaining the desired statistical properties needed for precise inference. 2) Privacy Budget: Maintaining an inferentially useful data which allows multiple queries in theory is already a daunting challenge faced by researchers. However, in practice, such challenges are amplified which hinders its application in scenarios where multiple queries are required. 3) Uncertainty of outcome: Differentially private mechanisms tend to produce results that differ enormously which decreases the reliability. For instance, Laplacian mechanism leads to significant differences in answers [123].

C. DIFFERENTIAL PRIVACY THREAT MODELS
Despite the various core strengths of DP as an outright paradigm for solving the global privacy problem, there are only specialized implementations by some few industries and academic. DP is still not used at a larger enterprise implementation scale as it is not an algorithm or technique but is merely a mathematical definition of privacy [124]. It is of no doubt that the deployment of practical systems that satisfy DP is very complex as in that case, it would be necessary to store all the data on one server which runs the system. Still, DP does not protect against any hacking of the server but rather only protects the output. Therefore, the design and deployment of differentially private systems requires the consideration VOLUME 9, 2021 of threat models [125]. This section briefly discusses the three main threat models to be considered while deploying differentially private large scale enterprise IoT-enabled CIs.

1) CENTRAL MODEL OF DIFFERENTIAL PRIVACY
The most popular threat model used in DP research over the past 15 years is the Central Model of DP, as depicted in Figure 6, whereby it is assumed that all the sensitive data is stored in a single centralized server which is 'impregnable' and the data curator is assumed to be a trusted one (meaning that the data curator will neither peek at the sensitive data not dishonestly share it with an adversary). In the central DP threat model, the analyst is untrusted and data perturbation typically happens for the query results. This model enables the addition of a minimal amount of perturbation which generally increases data utility. However, as earlier mentioned, the data curator must be trustworthy and must not 'sell the secrets'.

2) LOCAL MODEL OF DIFFERENTIAL PRIVACY
As previously highlighted, central DP threat model requires a trustworthy data curator. The Local Model of DP, as presented in Figure 7, addresses this concern through the elimination of a trustworthy data curator. Instead, data perturbation occurs prior to sending the data to the central server and the data curator, which implies that the data curator sees the noisy data. Furthermore, if in case, the central server is compromised, the adversaries only get access to perturbed data. However, the cumulative noise amount added by each data owner becomes pretty large and hence affects data utility.

3) HYBRID MODEL OF DP
Since both traditional central and local models of DP have their individual strengths and weaknesses, achieving the best of both threat models is being actively researched. The shuffle model [126]- [128], a recently proposed alternative, bridges the gap between central DP and local DP models. In addition to addressing the issue of the untrusted data curator, a partially trusted shuffler middleware, whose role is to randomly permute the data, is incorporated. Each individual data owner adds a smaller amount of noise to the data and sends it to the shuffler which randomly shuffles the data and may or may not add some additional noise before further sending the data batches to the central server whereby the data curator has access. Since the shuffler operates on batched inputs, it enables a smaller utility loss as compared to local DP model and guarantees privacy preservation. However, the amount of noise added is more than central DP.

IV. APPLICATION OF DIFFERENTIAL PRIVACY IN IoT-ENABLED CRITICAL INFRASTRUCTURE FOR THE ENERGY SECTOR
Modern-day energy systems, commonly referred to as Smart Grids (SGs), are holistic approaches to the traditional power grids of the 21st Century [129]. As opposed to traditional power grids, the integration of IoT within SG technologies enables intelligent, multi-directional communication and automated capabilities to facilitate real-time pricing, energy loss detection, early power cut warnings, etc [130], [131]. However, the benefits of SGs were short-lived as SGs have now become a luring playground for adversaries [132]. The disclosure of sensitive energy usage information of a particular building or house can pose a serious threat towards an organization or the individual in question. Non-Intrusive Load Monitoring (NILM) technique is an approach utilized by modern energy systems to analyse in detail the consumption of electricity in a particular house or building. This technique enables up to the fine-grained analysis of how much electricity is being consumed by a particular electric appliance in a particular time frame of an individual's house [133]- [135]. The amount of details and data generated by the NILM technique can easily fall in the wrong hands and the privacy, security and safety of an individual or an organization is at risk. For example, the data can be analysed by thieves to plan robberies or for targeted advertisements [80]. In this view, researchers have proposed several techniques to tackle the privacy and security related issues in SGs. However, DP has proven to be the most successful as per the aforementioned reasons. This section contains a detailed review and survey of the works carried out over the past few years.

A. DEMAND RESPONSE
Demand Side Management involves all the related procedures and steps required for the effective management of demand response with the goal of reducing operational expenses, blackout and emission of greenhouse gasses [136], [137]. To effectively and efficiently analyse, calculate, manage and predict demand response, smart meters collect data about clients' energy consumption. Due to the high dimension and resolution of the point-wise and specific data collection, intruders tend to illegitimately profit on such data for unethical purposes [138]. Therefore, data protection and privacy preservation is a highly regarded aspect of demand response [139].
Though the real-time data collected can be protected through the implementation of DP, demand response analytics becomes a major challenge through data perturbation. This has been resolved through the Barbosa et al.'s [15] DP Laplacian Noise perturbation and demand response analytics through individual appliances. This resulted in an improved real-time data privacy and utility. Furthermore, the work in [140] introduced a novel cost-effective differential privacy scheme which preserves data privacy through alternating the state of charge of rechargeable batteries to generate Laplace distributed random noise. Theoretical analysis and simulations revealed the cascading of renewable energy sources and rechargeable batteries enhances the performance of their proposed scheme in terms of privacy preservation and practicability. Gough et al. [141] proposed an cost-effective innovative Differential Privacy (DP) compliant algorithm based on cooperative game theory which resulted in a scalable computer efficient mechanism and performs effectively with a large number of smart meter devices.

B. SMART BUILDINGS
According to the United Nation's Department of Economic and Social Affairs, it is estimated that 68% of the global population is expected to live in urban cities by 2050, with Delhi set to become the world's most populated city on earth by 2030 [62]. With the influx of people rushing to mega cities due to increased job prospects and higher living standards, the issue remains whether basic resources such as food, water, transport, healthcare, etc. are being optimally and efficiently distributed to the citizens. To tackle this complex issue, several governments, including the US and China [1], [2], are making significant efforts to design effective solutions by leveraging IoT) in the view of balancing the overpopulation and dearth of resources crisis for optimum and efficient distribution of resources, production of goods and services as well as usage of infrastructures [55].
Smart buildings are one such solution to tackle the aforementioned issue. Smart buildings, also referred to as intelligent buildings, include the residential homes and commercial buildings that are able to self-use resources and technologies in a coordinated and intelligent way to enhance sustainability and habitability [142]. IoT technologies play a major role in home/building automation and will be currently one of the hottest markets of the next decade. A large number of sensors, actuators and controllers are installed in those buildings which indeed generate enormous amounts of data. These data are then processed and used for regulation of processes, internal monitoring of structural health, analytics and prediction [143]. However, it is without mention that, wherever sensitive data is being generated, the number of data integrity attacks are more likely to spike. Adversaries can unethically use the available data for other unintended usage which can even go to the extent of risking one's life. Indeed, privacy preservation through DP is one method to overcome this issue.
As earlier highlighted, the different sensors installed in smart buildings produce heaps of real-time data that can be used to analytics purposes. Therefore, it is of high priority to prevent any data leakage and breaches in order to safeguard the privacy and confidentiality of the building and its inhabitants [144]. To tackle this issue, Chen et al. proposed PeGaSus [145] as a viable solution to integrate DP with real-time sensors' data before transmission. The proposed solution made use of perturbation techniques (Pe), grouping (Ga) and smoothing (Sus) of data for protecting data privacy as well as query evaluation for hierarchical streams. The researchers then tested and evaluated the performance of their proposed mechanism on real-world data from 4000 access points gathered over a period covering 6 months. Even through PeGaSus was very effective as a data preservation technique for sensor data streaming, it was not yet tested on smart buildings and cities. Therefore, a couple of years later, Ghayyur et al. further evaluated PeGaSus solution on real-world IoT-generated data from smart buildings [146]. After conducting their experiments, they concluded that DP-based PeGaSus is indeed a solution for smart building sensors' streaming privacy as well as offer lower numerical error (data utility enhancement) as compared to competing methods. VOLUME 9, 2021 Moreover, in smart buildings, the majority of sensor-based devices are connected to the internet for monitoring, controlling and optimizing the resources available. This inter-woven connectivity of different devices form the basis of Smart Community [144]. After collection of data from various sensors, the data is transmitted over the internet in real-time to enable timely decisions and automation. Unfortunately, Liu et al. highlighted that in internet traffic can be exploited by attackers to cause data integrity attacks in perspective of smart homes [147]. Their paper showed the sensitive data can be easily leaked through analysis of internet traffic as well as the failure of privacy preservation even through cyrptographic techniques because of the novel advanced machine learning algorithms being used by adversaries during attacks. Therefore, the researchers proposed an utility-aware and exponential DP mechanism for obfuscating internet traffic and selecting gateway. After extensive testing of their proposed solution, the authors finally concluded that their technique enhanced data privacy preservation while simultaneously decreasing the latency in IoT-CI networks for smart houses.
Furthermore, Alisic et al. [148] found that sensors in smart buildings are susceptible to privacy leakage in terms of occupancy change. Therefore, they proposed a simple differential privacy method to mitigate such leaks using Gaussian noises in order to hide when the occupancy changes in an apartment. Simulation results on a KTH Live-In Lab testbed simulator revealed that a slow eigenvalue is not enough to draw a conclusion about the privacy leakage and that their scheme successfully preserved the privacy of the occupants without compromising data quality.

C. LOAD MONITORING
Without a doubt, one of, if not the, main issues of successful implementation and application of SGs is the preservation of customer privacy. Smart meters are responsible for the collection of energy usage data. Those smart meters are inter-linked to each other and are as well connected to a main SG utility through a strong and highly complex network known as Advanced Metering Infrastructure (AMI) [149]. Smart meters are designed to send their updated readings at each specific time interval to the main electricity grid utility. This transfer of sensitive information is at very high risk of breaches and leakages. Adversaries can illegitimately make use of those data which can then have serious implications. Therefore, the development and implementation of a secure privacy preservation strategy is definitely required to ensure secure real-time monitoring of SG data while still maintaining a healthy trade-off for data utility.
Previous literature of load monitoring privacy preservation include the use of several cryptographic encryption techniques to preserve data privacy such that only SG utilities are able to decipher the exact consumption of energy of SG users [146], [150]- [152]. However, it is worth noting that the use of encryption techniques on real-time load monitoring is an exhaustive and complex computational procedure, hence requiring expensive computational resources [153]. Furthermore, in case of failure of one smart meter, the whole network will be down due to lack of fault distribution and divergence [15]. Similarly, anonymization techniques [154] and the transmission of data using low-frequency and high-frequency ID [155] has been proposed but the risk of re-identification is still a considerable threat.
Therefore, the focus of researchers shifted to the implementation of DP as a viable alternative to preserve data privacy without much compromising on system performance, latency and data utility [156]. In perspective of DP privacy approaches to energy systems, the number of literature suggest that most work has been done in the field of load monitoring. Therefore, the works carried out can be grouped into two categories, namely, Battery Load Hiding (BLH) and direct noise addition through DP [80]. BLH is a customer-oriented approach that enables the preservation of data privacy of smart meters through the balancing of a load by making use of an external battery [157]. However, BLH techniques lack the theoretical proofs for privacy protection since relative entries, regressions, and clustering classifications are some of the only methods to measure their protection and privacy generation accuracy [158]. Therefore, in the view of being able to exactly quantify the privacy and accuracy, Zhang et al. proposed the perturbation of smart metering data using DP and multi-armed bandit (MAB) algorithm in respect to the battery constraints to decrease battery operational costs [159]. In addition, the researchers in [160] proposed stateless and stateful differential privacy BLH mechanisms in the view of optimizing mutual information sharing for different battery capacities. Zhang et al. further proposed an enhancement to the privacy loss of a battery using DP and the reduction of costs for both static and dynamic pricing environments through the development of two approaches [161]. Moreover, Zhao et al. proposed a multitasking BLH technique to further improve the shortcomings of traditional DP-based BLH techniques through the optimization of event detection accuracy [158].
On the other hand, many researchers have adopted another technique to preserve data privacy through direct perturbation of real-time smart-metering data. During data perturbation, the choice of the correct -value and the injection of the optimal amount of noise, also known as noise dimensioning, are some of the important factors for effective quantification of the level of privacy. Several papers concentrate on the different approaches to choose the optimum -value [162]. Furthermore, sensitivity must be taken into consideration while implementing DP for smart metering data. Whenever DP is applied on counting time-series data [25], the value of f (X ) is usually considered to be 1. However, in the case of smart metering data, the value of f (X ) is unknown [163]. Ács and Castelluccia proposed the perturbation of real-time smart-metering data through -distribution and encrypted aggregation strategy for making the aggregation secure [164].
The proposed solution was found to decrease error rate due to clustering as well as safeguard appliance multiple slot privacy. Barbosa et al. proposed a less complex DP strategy that depends on an empirical model and error rate for generating a random masking value [165]. The solution was applied to both residential and industrial SG scenarios and an analysis was carried out. Savi et al. calculated the -value for quantifying the level of privacy through a priori information and perturbed the data (from various smart meters) through Gaussian white and coloured noise and concluded that the coloured Gaussian noise is an optimal solution for privacy [166].
Baloglu and Demir put forward a DP-based cryptosystem for smart metering using Gaussian noise perturbation, task assigning algorithm and encryption [167]. The researchers also claimed that their DP-based cryptosystem can also protect smart meters from filtering and time value attacks. After analysis of the privacy-utility trade-off in smart metering, Eibl and Engel introduced a point-wise privacy strategy based on DP and claimed that the requirements for the implementation of DP for real-time data vs. statistical data differ [163]. Liao et al. suggested Di-PriDA, a 3 -DP strategy using Arduino micro-controller [168]. Their simulation results highlighted the fact that their approach optimized the efficiency value and reported fine-grained accuracy and results while eliminating the need of a trusted third party. Pal et al. proposed HIDE, a computationally efficient, and rigorous information-theoretic privacy engineering framework to tackle the privacy-utility trade-off of DP approaches in perspective of SGs through the use of queries, greedy algorithm, Markov assumption model and Laplace noise for differential privacy [169]. On the other hand, Xiong et al. introduced PADC, a light weight, secure and private data clustering technique for SGs based on DP and k -means algorithm [170]. They then evaluated it on different -values and found that the proposed solution outperforms other existing DP-based k-means algorithms for SGs.
Gai et al. [171] proposed lightweight local differentially private data aggregation scheme in which smart meters can perturb their generated data by randomized response locally without a trusted third party. Performance analysis of their approach revealed that their scheme is highly efficient in minimizing computation and communication overhead while still maintaining the data utility within acceptable error brackets. Similarly, Ou et al. [172] additionally applied singular spectrum analysis optimization to LDP with the addition of Fourier spectrum noise via geometric sum and resulted in increased data utility for any specified -value. The work in [173] developed the maximization of data utility in aggregated load monitoring and fair billing while preserving users privacy by using differential privacy with noise cancellation technique. Experimental validations of several periodic noise cancellation schemes on privacy and utility revealed that their proposed mechanism outperforms the existing scheme in terms of preserving the privacy while accurately calculating the bill.

D. GRID DATA COLLECTION
In modern SGs, fog computing has been thriving as a viable alternative to traditional cloud computing technologies for data aggregation and storage for its advantages of low latency and geographical distribution [80]. On the flip side of the coin, those advantages are short-lived due to recent literature [174] suggesting their vulnerability to privacy and security attacks. Fog nodes are highly susceptible to adversarial threats [175]. Indeed, data privacy preservation at fog nodes is a pressing issue. Therefore, in order to tackle this issue, Cao et al. put forward a DP-based Factorial Hidden Markov Model (FHMM) for privacy preservation at the nodes level in perspective of SGs [176]. The electricity usage for each appliance is directly perturbed using FHMM and then transferred to the fog layer for data storage. Their research improved the F1-score and Kullback Leibler divergence and proved to be an optimal solution as opposed to other existing methods. Moreover, Fan et al. [177] proposed a local differential privacy-based classification algorithm for data centers by adding Laplace noise to the data during pattern mining to ensure that data centres do not leak any sort of confidential information. Experimental validations revealed their proposed strategy has excellent reliability, efficiency and accuracy.

V. APPLICATION OF DIFFERENTIAL PRIVACY IN IoT-ENABLED CRITICAL INFRASTRUCTURE FOR THE TRANSPORT SECTOR
The transportation sector is one of the most thriving industries of the 21 st century. Through integration with the stateof-the-art technologies, the transportation industry aims at seamlessly enhancing both drivers and passengers experience [178]- [180]. Modern day Intelligent Transport Systems (ITS) have been constantly evolving from the early 1970s [181] and are now a fusion of novel technological paradigms including wireless data transmission, automated sensing, intelligent control, to name a few [182]. The array of wireless devices in ITS enable two types of communications: Vehicleto-Device (V2D) and Vehicle-to-Vehicle (V2V) communications [183]. Vehicular and other external information are constantly shared in real-time amongst ITSs through several technologies such as Mobile Ad-Hoc Network (MANET), Dedicated Short-Range Communication (DSRC), cognitive radio and/or Heterogeneous Vehicular Networks (HetVNET) [80]. Indeed, due to the enormous amounts of sensitive information being constantly shared, participating nodes of V2V and V2D communication schemes need a robust privacy preservation strategy to ensure no data leakage or breaches [184].
One of the major issues faced by ITSs are the rising number of adversarial privacy attacks being revealed through latest literature [185]. The severity and impact of those threats in perspective of ITSs can prove fatal which therefore hinders the expansion of the ITSs market to the daily life. In view of tackling this pressing issue, researchers have come up with VOLUME 9, 2021 several privacy preservation solutions for different scenarios in ITSs. However, this section provides a detailed review and survey of the works carried out in respect to DP for ITSs over the past few years.

A. SMART FREIGHTS
Regarded as one of the most critical modes of freight transportation, modern railway infrastructure has been combined with several technologies including Big Data for achieving efficacy and efficiency in the transportation industry [80]. However, it has been highlighted that the advantages achieved through the fusion of traditional railway infrastructure with advanced technologies is short lived due to the exponential rise in adversarial privacy and confidentiality breaches during information sharing within an ITS network [186], [187]. Huawei and Yusong proposed a non-cooperative game theory model obtained its pure strategic Nash Equilibrium solution and hybrid strategic Nash Equilibrium solution to protect rail freight data but however did not include any implementation of the strategy [188]. However, in relation of DP, at the time of writing, there has been only one proposed solution by Shi et al. [28]. The authors put forward a first of its kind DP-based correlation approach for railway freight systems. Since railway datasets are mostly of statistical type [80], the original data was first sliced to an optimal length before injecting Laplace noise in the datasets through DP [28]. The results of the experimentation highlighted successful privacy preservation and a viable light-weight alternative for bar illicit access even with background knowledge of the data.
Similarly, out of other modes of transportation in the logistics industry, maritime modes, also known as ships, account for over 90% of the world's trade economy [189]. Maritime logistic operations are preferred due to their massive capacity and reduced operational costs as opposed to air shipping. With the latest IoT technologies being incorporated for the enhanced safety of large carriers and real-time information being transferred to and from different nodes in those critical ITS infrastructure, any adversary can easily get access to the data and it can be used to track the movement and location trajectory of ships. This can indeed have unintended consequences especially from a criminal perspective. To tackle this issue, Jiang et al came up with a DP-based Sampling Distance and Direction (SDD) technique to publish ship trajectories [190]. The researchers concluded that their proposed mechanism achieved a healthy privacy-utility trade-off while delivering ship trajectories as compared to other traditional noise perturbation techniques which would result in zigzag shapes and with many crossings, thus rendering the data useless.

B. ELECTRIC VEHICLES
As opposed to traditional vehicles, new technologies have enabled the drivers and vehicles to communicate internally and externally to provide a smooth driving experience and ensure road traffic safety through intelligent decisions [191], [192]. Connected smart and sustainable mobility is a futuristic concept that signifies a global connectivity of every vehicle to the internet and the real-time sharing of information to introduce a decongested and safe transportation system [193]. Although advanced technologies have brought about several advantages in latest vehicular infrastructure, the sharing of real-time information lures several adversarial attacks on the privacy of individuals through unethical vehicle location tracking [194], passive eavesdropping of V2V and V2D communication [183], etc. The breaches and leakage of vehicle trajectory information can have adverse unintended consequences on the life of an individual [195]- [197]. Moreover, corporation and companies that may exploit the sensitive location trajectory information for selfish business purposes [198]. To tackle this issue, Zhou et al. proposed an exponential DP-based vehicular trajectory partitioning and clustering technique for VANETs [199]. The researchers found that their proposed technique enhanced both efficiency and data utility. Ma et al. also proposed a dynamic sampling technique for processing real-time location data, Kalman filter for ensuring data availability and DP through Laplace noise addition for privacy preservation [200]. The authors concluded that data privacy, utility and availability increased as compared to other existing techniques.
Furthermore, Electric Vehicles (EVs) are now equipped with flexible energy storage and bi-directional Inductive Power Transfer technology meaning that they can be charged with a low energy source and can even sell their energy to other EVs [201]. The sale and purchase of energy to other EVs or IoT-enabled CIs are done at swap stations [202] through a game-theoretic Normalized Nash Equilibrium auction process [80], [203]. Undeniably, the eavesdropping and leakage of discharge/charge cycle data and energy auction data at swap stations can compromise one's privacy and have unintended adverse consequences [204]. Prior works to overcome this issue included the use of cryptographic encryption techniques [205] for preserving auction data privacy which however was found to be computationally exhaustive. Therefore, Zhai et al. proposed ExPO, an exponential DP-based privacy preserving online auction scheme, to enable cybersecure energy trading at swap stations [206]. Through the use of auctioneers, their proposed strategy improves social welfare performance and load peak without compromising on privacy. Moreover, Han et al. put forward a joint DP strategy to restrict the users from influencing the scheduling process for energy auctions [207]. Through this proposed scheme, the authors were able to ensure data privacy even in cases where data is misreported to mediator. Indeed, DP serves as an excellent privacy strategy for auction energy swapping and outputting only the minimal required information [80].
Moreover, due to the abrupt increase in cyber-attacks, EVs are now equipped with intrusion detection systems to curb threats through adversarial detection using signature and/or anomaly based techniques [208]. In particular, EVs consists of Collaborative Intrusion Detection Systems (CIDS) that enable them to inter-share information about previous attacks that decreases training time and improves detection accuracy [209], [210]. However, the sharing of information among EVs in CIDS is not fully protected. The leakage or breach of data can enable an attacker to illegitimately manipulate the training process of CIDS for other illicit purposes with unintended adverse consequences on the life of an individual [80]. To mitigate this issue, Zhang and Zhu came up with a DP-based machine learning CIDS for VANETs [211]. Through the use of alternate-directional multipliers, the authors enhanced the empirical risk in VANETs using dual variable perturbation for data privacy preservation. Furthermore, the authors analyzed the performance their proposed scheme and the trade-off between security and privacy to conclude the effectiveness of their method as opposed to other existing ones. Therefore, we can derive the importance of DP for securing the data communication amongst modern EVs.
An et al. [212] proposed a differentially private strategy to preserve the location information along with the charging times of electric vehicles by leveraging Laplace noise addition mechanism. Experimental validations highlight that their work achieves the properties of incentive compatibility, individual rationality and better performance with respect to EV utility, buyer satisfaction ratio, electricity allocation efficiency and EV State-of-Charge (SoC), in comparison with existing schemes. Furthermore, their research is able to successfully protect EV location information with low chances of leakage with minimized computational overhead. The work in [213] put forward a differentially private dynamic data stream publishing mechanism to protect the release of sensitive EV information in V2G networks by leveraging the use of sampling intervals and variable sliding windows. Through experimental analysis on real data sets, and comparison with two representative w event privacy protection methods, the authors proved that their method exceeds in performance against the existing schemes and improves the utility of the data.

C. PERSONAL IDENTIFIABLE INFORMATION
ITSs tend to communicate data through a connected network. In so doing, they sometimes pass over sensitive Personal Identifiable Information (PII) in the form of names, tracking IDs etc [80]. Therefore, it is important to preserve the privacy of the PII. In this view, Kargl et al. brought forward a DP-based policy enforcement framework such as PRE-CIOSA PeRA in the view of preserving the privacy of floating car data storage in traffic data centres [214]. Furthermore, they proved that DP is a much better strategy for addition of noise in PIIs and for preserving information privacy during ITS data communication according to their different requirements.

VI. APPLICATION OF DIFFERENTIAL PRIVACY IN IoT-ENABLED CRITICAL INFRASTRUCTURE FOR THE HEALTHCARE SECTOR
One of the most important sectors of an economy is the healthcare sector. It is certainly undeniable that much of the recent healthcare research and progress is mainly due to the integration of advanced technological paradigms in medicine [215]. Among the various benefits of this healthcare sector revolution phenomenon include improved quality of life followed by an increase in life expectancy, reduction of operational costs, etc. Early patient health monitoring was limited to physical visits, calls and texts. However, through the deployment of IoT technologies in healthcare, a world of benefits with the inclusion of real-time health monitoring, fitness programs, remote health monitoring, remote diagnosis and so on have been unleashed to patients, doctors, insurance companies, clinics, etc [216].
One of most critical benefits of IoT technologies in the healthcare industry is the transfer, report and communication of sensitive confidential healthcare data to different nodes of an IoT-enabled CI [217]. HIoTs most commonly use wireless technologies including 4G long-term evolution (LTE), ultra-narrow band (UNB), ingenu, and low power wide area (LPWA) technologies for data communication [218]. These technologies enable the smooth transmission and communication process with minimum latency. However, since medical records are extremely sensitive, it is of highest priority to preserve the privacy of the individuals as even the slightest data tampering can cause the loss of lives [217]. Therefore, to overcome one of the biggest hurdles of the IoT employment in such critical infrastructure settings, researchers have come up with several privacy preservation mechanisms such as cryptographic encryption methods, anonymization techniques, public and private keys, etc [80]. Similarly, those previously devised techniques were found to be computationally exhaustive [205]. Therefore, the most viable privacy preservation strategy was found to be DP. In this view, this section deals with a survey of the state-of-the-art work.
A. WIRELESS BODY AREA NETWORK As highlighted earlier, health data e.g. heart rate, sleep conditions, blood pressure, walk steps of patients are periodically transmitted to centres to track users health, for insurance premium purposes, etc [219]. WBAN, through the form of wearable sensors, contribute towards non-invasive monitoring and transmission of health data of individuals [220]. Due to the life and critical health patterns present in the data being transferred, experts fear that the personal data of any individual can fall in the wrong hands which may have following adverse consequences. Therefore, a strong privacy preservation scheme is important to tackle this issue. However, it is important to also note that privacy preservation is health records must also take into account the utility of the data. In this view, DP emerged as the most viable solution for safeguarding the privacy of WBANs data transfer. Lin et al. proposed a light-weight DP-based privacy preservation scheme for sensitive big data in WBANs [29]. The authors firstly constructed a tree structure to improve the error rates and provide long range queries followed by Haar Wavelet transformation method for converting the histogram into a complete binary tree. After simulation, the authors concluded that their proposed tree structure decreases the associated computational complexity for privacy preservation while maintaining a healthy trade-off with data utility. Zhang et al. put forward Re-DPoctor, a DP-based mechanism, for budget allocation and adaptive sampling [219]. Through the use of a Proportional Integral Plus (PIP) and simulation on real-time health data, the researchers were able to conclude that their proposed scheme also reduces mean relative error and mean absolute error of the transmitted data.
Moreover, Sun et al. proposed a DP-based classification algorithm based on ensemble decision tree for WBANs [221]. The authors also used a bagging framework of ensemble learning in their proposed method to improve the stability and accuracy of the classification. The results of the different decision trees (trained on the bootstrap samples) were aggregated using weight-based voting. After simulation, the authors concluded that their novel algorithm resulted in better accuracy and stability on small datasets since the larger tree nodes depth mitigates the issue of excessive noise and finds the most optimal -value as opposed to other existing approaches. Chakraborty et al. brought forward a temporal DP technique by selectively delaying traffic traces at the nodes of Wireless Sensor Networks (WSNs) which are present in the routing paths of the messages to the sink while preventing the adversary any access to data from the start to the end of the communication [222]. After simulation, the jitter was estimated to be roughly between 436.15ms and 503.42ms. In relation to their work, the authors also highlighted that their proposed solution can be used to conceal temporal information about the traffic corresponding to any node even in WBANs. Moreover, Tang et al. proposed a DP-based signature technique for collecting health data from various nodes and guaranteeing fair incentives for contributing patients [223]. The authors also combined Boneh-Goh-Nissim crypto system, and Shamir's secret sharing for improving the data privacy and fault tolerance of the system. After the evaluation, the authors revealed that their proposed method reduced the computational, communication and storage overhead. Kang et al. proposed a two-tier data inference framework with the first layer involving a data inference algorithm to reduce redundancy so as for decreased energy usage and the second layer involving encryption and differential privacy techniques to protect sensitive health records [224]. The results after evaluation proved enhanced privacy preservation, improved data utility, significant data savings and lastly energy efficiency. Furthermore, Guo et al. [225] proposed the application of temporal differential privacy on physiological signals collected health IoT wearables within WBANs which effectively protects the privacy of IoT-based users.

B. PATIENT MEDICAL AND GENOMIC RECORDS
Throughout this decade, the traditional hospitals are revolutionizing their daily procedures through the use of novel technological paradigms such as cloud computing, etc. Leaving the manual traditional tedious tasks of storing and organizing patients' records, hospitals are now starting to adopt a digital approach for patient health records [226]. Those digitized patient-centered records are also known as Electronic Health Records (EHR) [227]. EHR consists of highly confidential and sensitive data such as medical conditions, names, date of birth, allergies, etc. Therefore, it is of extremely high priority to safeguard the data and only share them with authorized personnel. Several previous methods have been proposed such as obscuring and cryptographic encryption techniques [228], [229]. However, obscuring carries the risks of re-identification [230] and data encryption fails to preserve privacy during querying [231]. Therefore, DP emerged as the most viable alternative for storing and publicizing e-health data for query execution without compromising privacy and utility [232].
Li et al. took the first step towards developing an efficient e-health data release and heuristic hierarchical query scheme with consistency guarantee under a private partition algorithm for differential privacy [233]. They concluded that their proposed method was able to increase the accuracy of data release through consistency as well as enhancing time, computational overhead and query error. Beaulieu-Jones et al. proposed an end-to-end DP stochastic gradient descent based deep learning approach to enhance training accuracy and efficiency while preserving sensitive data privacy [234]. To further secure their proposed strategy, the researchers included the use of encryption. After testing the solution on eICU collaborative Research Database and The Cancer Genome Atlas, the researchers concluded that their strategy efficiently protects privacy and security along with decreasing computational overhead. Guan et al. proposed EDPDCS, an efficient DP-based data clustering technique, to optimize the privacy budget allocation and the improved selection of initial centroids for enhancing the accuracy of K-means clustering algorithm. [235]. After comparing the Normalized Intra-Cluster Variance on Blood and Adult from the UCI Knowledge Discovery Archive database, the authors then concluded that the proposed MapReduce based framework can improve the accuracy of the DP k-means algorithm. Alnemari et al. proposed DP-based improvements partitioning mechanisms through a greedy algorithms for partitioning counts' vectors and an adaptive mechanism that considers he sensitivity of the given queries before providing results [236]. The authors preserved privacy using Laplacian noise and worked over data partitioning and work load for optimization of error rate of queries. Similarly Mohammed et al. proposed a light-weight DP-based Laplacian noise for preserving data privacy on cancer patient's data [231]. After simulation and evaluation, the researchers concluded that their proposed strategy decreased the computational overhead and supported complex data mining tasks and a variety of SQL queries.
Genomics is also another research field that has been burgeoning since the early 2000s [237]. Genomics is the field of research that deals with whole genomes of organisms, and incorporates elements from genetics. Genomics uses a combination of recombinant DNA, DNA sequencing methods, and bioinformatics to sequence, assemble, and analyse the structure and function of genomes [238]. With the help of genomic data, biologists are able to understand, analyse, sequence and even edit genomes for an array of benefits. In smart hospitals, clinical genomic data are recorded, stored and distributed for respective purposes. However, it is as well vital to preserve the privacy of genomic data to mitigate the unwanted threats involved. Therefore, Raisaro et al. proposed the privacy preservation of genomic and distributed clinical data through cryptographic encryption measures followed by data perturbation using DP [239]. The authors also worked over Informatics for Integrating Biology and Bedside (i2b2) framework, and improved privacy preservation while decreasing the network overhead. Similarly, the authors in [240] took a further step by preserving genomic data privacy by using traditional differential privacy approach followed by a two way decryption method. They concluded that they were able to enhance both the privacy and execution time of i2b2 framework for electronic genomic data records. He et al. proposed a DP-based genomic data releasing method [241]. Firstly, the authors executed belief propagation on factor graph to factorize the distribution of sensitive genomic data into a set of local distributions followed by the injection of DP-based noise to these local distributions. The synthetic sensitive data created and factor graph are then used to construct approximate distribution of non-sensitive data which is then sampled to construct a synthetic genomic dataset. Almadhoun et al. put forward a DP-based privacy preservation mechanism for genomic datasets while taking into consideration the dependence between tuples [242]. After simulation of different genomic datasets, the authors empirically claimed that their proposed technique achieved up to 50% better privacy than traditional DP-based solutions.

VII. APPLICATION OF DIFFERENTIAL PRIVACY IN IoT-ENABLED CRITICAL INFRASTRUCTURE FOR THE INDUSTRIAL SECTOR
With the fast pace advancement of IoT technologies in several aspects of the world [55], the integration of IoT with industrial procedures has grown exponentially due to the various benefits [243], [244] which include scalability, analytics, standardization, interoperability, communication, etc [245]. Industrial IoT (IIoT) is the term used to refer to the use of certain IoT technologies and various smart objects in an industrial setting for the promotion of goals distinctive to the industry [246]. IIoT systems are capable of intelligently self-monitoring and operating without the need of any human intervention. However, modern IIoTs require hostile environment operations, predictable throughput, maintenance by some other than communication specialists, and extremely low down time [80]. To do so, IIoT components require efficient data communication through Fieldbus and Supervisory Control and Data Acquisition (SCADA) [247] between the different network nodes and components.
With the growing associated commercial and political interests [248] and the extreme vulnerability to cyberattacks [245], competitors and adversaries tend to illicitly obtain confidential and sensitive data for selfish gains. Therefore, privacy preservation in modern IIoT systems has gained momentum in the recent years as a hot area of research. Similar to the other previously discussed application areas, a number of techniques [249]- [252] including limit release [253], data distortion [254] and encryption [255], [256] have been proposed to tackle privacy preservation. However, most of them result in extreme computational overhead, energy inefficiency, time delays or are very specific to only one IIoT scenario. Therefore, DP emerged as the most viable solution for privacy preservation in IIoT systems. In this section, we survey the state-of-the-art literature of DP application in perspective of IIoT. VOLUME 9, 2021 FIGURE 11. Taxonomy of surveyed DP techniques as adopted in IIoT systems.

A. MOBILE CROWDSENSING
With the widespread and rapid digitization of industries, mobile crowdsensing has emerged as a novel intelligent data collection and processing paradigm in IIoT that leverages pervasive mobile devices to efficiently collect the big sensory data, enabling various large-scale applications [257], [258]. Mobile crowdsensing is capable of providing a large amount of data via pervasive mobile terminals for IIoTs. However, the generated data often contains users' sensitive information such as PIIs, etc., which reveals the urgent need for effective privacy-preservation strategies in data aggregation and analysis for IIoT [259]. To tackle the privacy preservation issues in mobile crowdsensing, a number of approaches [260]- [263] have been proposed. However, it was found that those previously devised techniques were found to be computationally exhaustive [205] and increased latency of data communication. Therefore, DP was found to be one of the most effective solutions to tackle data privacy preservation for mobile crowdsensing.
DP-based solutions for mobile crowdsensing have attracted the attention of researchers for the past couple of years. In this view, a number of research and literature mostly in relation to crowdsensing location privacy protection [264]- [275] and bid privacy preservation [276], [277] have been produced for several application areas. At the time of writing, not much work been done in perspective of DP-based solutions for mobile crowdsensing for IIoTs. Yin et al. proposed a DP-based location privacy preservation mechanism without compromising on data utility for IIoT via building a multilevel location information tree model and select data according to the tree node accessing frequency followed by Laplacian data perturbation of the accessing frequency [278]. The authors concluded that their proposed method enhanced security, privacy, and applicability.

B. SMART MANUFACTURING
Large-scale process control in industries has been constantly evolving from the late 1950s. With the introduction of electronic processors and graphic displays, the need for automated process control systems gave birth to the first Distributed Control System (DCS) [279]. During the past two decades, the industrial sector has been reformed and revolutionized with the exponential increase of intelligent DCSs. Through the utilization of those inter-connected and intelligent DCSs, industries are now taking a leap forward to automated production approaches, also known as smart manufacturing [280]. Smart manufacturing heavily benefits the industries through cost-efficient production lines, automated diagnostics and control, etc. This is usually achieved through real-time sensing and sharing of information using a multitude of sensors and actuators [281]. However, the growing complexity of modern DCSs make them extremely vulnerable and the rate of attacks leading to data breaches and leakages have grown exponentially over the last decade [282]. Therefore, the preservation crucial data privacy in modern DCSs has become a very crucial step for enabling safer industrial operations in the upcoming Industry 5.0 plan. So far, researchers have proposed several techniques including encryption [283]- [286] and k-anonymity [287]. Due to their respective drawbacks, DP emerged as the most promising privacy preservation approach for enhanced data utility, computational overhead and time delay.
Recent research in perspective of linear DCSs with quadratic cost functions [288] found that DP is the optimal privacy preservation strategy for safeguarding real-time continuously varying data. In this view, Wang et al. proposed a metric-based DP solution through the perturbation of data using Laplacian noise to the shared information in a way that depends on the sensitivity of the control system to the private data [289]. The researchers claimed that their proposed strategy achieved minimal system entropy and enhanced data privacy. Furthermore, Giraldo et al. proposed a DP-based methodology define the inherent DP of feedback-control systems without the addition of an external DP noise [290]. After perturbation of the data using the minimal required amount of Gaussian noise using bi-level optimization, the authors concluded that their novel solution enhanced performance, privacy and data utility of DCSs. Hu et al. proposed a DP-based solution and optimization of privacy parameters to achieve a healthier privacy-utility trade-off [291]. After evaluation on the modeling of cutting power consumption in computer numerical control turning processes, the authors claimed that their proposed strategy enhanced data utility by 9.4% and privacy by 13.1% for smart manufacturing processes.

C. INDUSTRIAL DATA AND PATTERN MINING
As highlighted earlier, modern industrial devices are equipped with a multitude of sensors and actuators that constantly collect environmental and behavioral data that are transmitted and stored in real-time. With an influx of industrial data available, pattern recognition tools and techniques are being applied to convert the raw data into information. However, during query evaluation, there are possible threats of data leakages as machine learning algorithms are easy to fool [292]. Ni et al. proposed MCDBScan, a DP-based data mining technique through the prior perturbation of data using Laplacian noise [293]. After simulation, the authors claimed that their proposed schema enhanced efficiency, accuracy and privacy as compared to other existing techniques. Taking a leap further, Zhu et al. initiated the implementation of machine learning along with differential privacy for efficient query evaluation [294]. The researchers concluded that their proposed transfer of data publishing problem to a machine learning problem achieved a lower mean absolute error and enhanced the privacy guarantee. Similarly, Arachchige et al.
introduced PriModChain an amalgamation of DP, federated ML, Ethereum blockchain and smart contracts for trustworthy machine learning in IIoTs [295]. Moreover, Hou et al. put forward a low-cohesion DP-based algorithm for frequent pattern mining for application-level privacy protection in IIoTs [296].The authors utilized Top-k frequent mode to combine the factors of index mechanism and low cohesive weight of each mode followed by Laplacian perturbation for each mode. The researchers then concluded that the proposed mechanism achieves an optimal privacy-utility trade-off for IIoT scenarios.

VIII. FUTURE RESEARCH DIRECTIONS
For the last few years, DP has starting caught the research momentum as the most viable and promising privacy preservation technique in several application domains. Currently, however, DP faces certain challenges while being implemented on dynamic IoT-enabled CIs [297]. While some of the issues of DP have already been successfully addressed by researchers, there is exists other pressing issues that require urgent attention. Therefore, in this section, we briefly discuss some few open challenges and future directions in hope of advancing research in the implementation of DP for IoT-enabled CIs.

A. BLOCKCHAIN TECHNOLOGY
More than a decade ago, S. Nakamoto introduced blockchain as a novel technological paradigm that enables the decentralization of data storage from the traditional centralized approach where one data author controls everything [298].
For the past few years, blockchain has successfully evolved, from being tightly associated with Bitcoin, into the talk of the down with several applications into different scenarios including the energy sector [299]- [301], financial sector [302], [303], healthcare sector [304], [305], etc. The application of blockchain in IoT-enabled CIs is proliferating at enormous pace due to its distributed ledger and the elimination of a central data owner [306].
Blockchain is well-known for its secure transaction mechanisms through the use of authentication and encryption [50]. However, the dearth of established blockchain protocols [307] has opened issues related to transaction and data privacy. In order to tackle this critical issue, researchers are currently proposing several privacy preservation strategies such as anonymity, and identity [308]- [311]. From the different drawbacks of the existing implementations of several privacy preservation strategies, we indeed that the advances in DP and its noise perturbation algorithms can be incorporated with blockchain-based IoT-enabled CI solutions in the aim of mitigating privacy issues during both private and public query evaluation. The non-complex underlying mathematical concept combined with its light-weight privacy approach will indeed be the major advantages of DP application in blockchain-based IoT-enabled CI solution. Therefore, it is necessary to encourage advanced research to integrate blockchain and DP to successfully eradicate privacy loss issues in IoT-enabled CIs.

B. LIGHTWEIGHT DIFFERENTIAL PRIVACY
For the past few years, DP popularity, research, adoption and implementation has grown exponentially both in academic and industry. This has brought forward several increasingly complex and sophisticated algorithms that enables the public publishing and sharing of information without compromising privacy. Furthermore, coupled with the increase in the complexity of modern DP algorithms, the number of wrong DP mechanisms and techniques, with several bugs that violate their claimed privacy, are also being developed [312]. It becomes necessary to have verification methods to filter sophisticated DP algorithms being proposed. However, using customised logical verification techniques to prove the claims of those algorithms requires high computational overheads [313].
Furthermore, the considerable rise in the adoption of fog and edge computing paradigms in IoT-enabled CIs has enabled low latency, location awareness, real-time data sharing and communication as well as quality of services [314], [315]. However, edge-deployed fog devices in IoT-enabled CIs are susceptible to privacy attacks [316]. In this view, several privacy preservation techniques, including modern sophisticated and traditional DP algorithms [317] have been proposed. Similarly, the implementation of those existing DP methods in edge/fog-based IoT-enabled CI solutions require expensive computational overhead. Therefore, we believe that researchers should shift focus to produce reliable works on DP techniques for IoT-enabled CIs that require minimal computational overhead.

C. BIG DATA ANALYTICS
Big Data, another buzzword of this decade, has been associated with several scenarios and are particularly the key advantages of IoT-enabled CIs. In perspective of DP applications VOLUME 9, 2021 for big data of IoT-enabled CIs, privacy level quantification and optimization are still two unsolved key areas Even after a decade of guaranteeing stronger privacy preservation as compared to other techniques and the several soundproof mathematical backgrounds of DP, it is still a challenge to derive the exact privacy level while handling loads of real-time data for IoT-enabled CIs [318]. Furthermore, the optimal calculation of composition of DP in big data analytics is still an unsolved issue [80], [319]. Moreover, one characteristic of big data for IoT-enabled CIs is its dimensionality [320]. DP preservation for high dimensional data is a big challenge for researchers [321]. Therefore, we believe that the design and derivation of optimal privacy level along with the preservation of high dimensional data must be the next focus of interested researchers.

D. DYNAMIC DATASETS
Most of the differentially private algorithms proposed to-date has been mostly focused on static unchanging datasets where queries are performed [322]. However, with the growing amount of data sensed by edge devices, datasets tend to evolve and change over time. Within situations where data keeps on updating, it is important to note that not all the data is available at the time of primary curation. The usage of current DP approaches on dynamic datasets poses three main issues [323], namely: 1) The adversary continuously observes the output of the sanitizer.
2) The adversary examines the internal state of the sanitizer. 3) Entries during updates may be mutually inclusive or singletons. Very few works [96], [324] have been carried out within this area. In this view, we recommend that future works in this focus area should be targeted on: 1) The conversion of static algorithms to dynamic ones by using parallel accumulators with counters and finally aggregating the number of accumulators utilized. 2) Pan-Private algorithms which enables an untrusted curator to accumulate statistical information but never stores sensitive data about individuals. In other words, the internal state completely hides the appearance pattern of any individual: presence, absence, frequency, etc. Therefore, we believe that designing effective and efficient differential privacy mechanisms is highly crucial for practicability of using DP within an industrial setting.

IX. LIMITATIONS OF OUR SURVEY
Within our survey, we have considered the four main IoT-enabled critical infrastructure namely power systems, transport systems, healthcare systems and lastly industrial systems. We have focused our work to comprehensively survey the applications of differential privacy within those four aforementioned critical infrastructure. However, we acknowledge that there are other critical fields such as military and defence sector, supply chain sector, etc. where differential privacy approaches are constantly being applied by researchers to protect the privacy of confidential data. Furthermore, within our paper, we do not specifically target our survey to cover either local DP or global DP, but we rather cover both applications within the four critical domains.

X. CONCLUSION
With fast paced developments in novel technological paradigms, IoT-enabled CIs have undeniably become the core of several economic sectors as well as our lives. On the flip side of the coin, the number of associated cyber threats are also on the rise. Adversaries tend to attack IoT-enabled CIs to gain illicit access to sensitive information which can then be used for selfish commercial and political gains. While several privacy preservation techniques have been proposed and tried, DP has evolved as the most viable solution to mitigate privacy threats through the noisy perturbation of data. Throughout this paper, we have covered an in-depth state-of-the-art survey of DP approaches for IoT-enabled CIs particularly in four application domains, namely energy, healthcare, transportation and industrial sectors. Within the energy sector, we covered privacy preservation for demand response, smart buildings and load monitoring. Moreover, within the transport sector, we surveyed the different DP applications in perspective of smart freights, electric vehicles and personal identifiable information. Similarly, in the healthcare sector, we presented the adoption of DP techniques for wireless body area networks as well as patient medical & genomic records. Lastly, we surveyed the application of DP mechanisms within the industrial sector though mobile crowdsensing, smart manufacturing and, industrial data and pattern mining. The paper then ends with a brief highlight of some challenges and future research directions for DP in IoT-enabled CIs. We believe that our survey can serve as the basis for further research and development of novel DP mechanisms to tackle several existing data privacy issues in IoT-enabled CIs. ADNAN ANWAR (Member, IEEE) received the master's (by Research) and Ph.D. degrees from UNSW. He is currently a Lecturer and the Deputy Director of postgraduate cybersecurity studies at the School of Information Technology, Deakin University. Previously, he has worked as a Data Scientist at Flow Power. He has over eight years of research and teaching experience in universities and research labs, including NICTA, La Trobe University, and the University of New South Wales. He is broadly interested in the security research for critical infrastructures, including smart energy grid, SCADA system, and application of machine learning and optimization techniques to solve cyber security issues for industrial systems. He has authored over 40 articles, including high-impact journals (mostly in Q1), conference articles, and book chapters in prestigious venues. He has been a recipient of several awards, including UPA Scholarship, UNSW TFR Scholarship, Best Paper Award, and several travel grants, including ACM and Postgraduate Research Student Support (PRSS) travel grants. He is an Active Member of IEEE for over nine years and serving different committees. MIKE J. RYAN (Senior Member, IEEE) received the bachelor's, master's, and D.Phil. degrees in engineering. In addition, he has completed two years formal engineering management training in the U.K. He is currently the Director of Capability Associates at Canberra. He has over 35 years of experience in communications engineering, systems engineering, project management, and management. Since joining UNSW, he has lectured in a range of subjects, including communications and information systems, systems engineering, requirements engineering, and project management, and he regularly consults in those fields. He is the author/coauthor of 12 books, three book chapters, and over a 250 refereed journal and conference papers. He is a fellow of Engineers Australia (FIEAust), the International Council on Systems Engineering (INCOSE), and the Institute of Managers and Leaders (FIML), and a Chartered Professional Engineer (CPEng) in electrical and ITEE colleges.