This work addresses the end-to-end data privacy risks faced by Internet of Things (IoT) systems in cloud-assisted environments, where conventional trust models fall short of ensuring security across the entire data lifecycle. To this end, we propose the first unified privacy-preserving architecture that seamlessly integrates secure multi-party computation (MPC) and fully homomorphic encryption (FHE), enabling encrypted data processing throughout transmission, storage, and analysis phases without decryption. We implement an open-source prototype system to demonstrate the practical feasibility of our approach, showing that strong privacy guarantees can be maintained while incurring quantifiable performance overhead compared to plaintext-based analytics.

The rapid increase of Internet of Things (IoT) systems across several domains has led to the generation of vast volumes of sensitive data, presenting significant challenges in terms of storage and data analytics. Cloud-assisted IoT solutions offer storage, scalability, and computational resources, but introduce new security and privacy risks that conventional trust-based approaches fail to adequately mitigate. To address these challenges, this paper presents MOZAIK, a novel end-to-end privacy-preserving confidential data storage and distributed processing architecture tailored for IoT-to-cloud scenarios. MOZAIK ensures that data remains encrypted throughout its lifecycle, including during transmission, storage, and processing. This is achieved by employing a cryptographic privacy-enhancing technology known as computing on encrypted data (COED). Two distinct COED techniques are explored, specifically secure multi-party computation (MPC) and fully homomorphic encryption (FHE). The paper includes a comprehensive analysis of the MOZAIK architecture, including a proof-of-concept implementation and performance evaluations. The evaluation results demonstrate the feasibility of the MOZAIK system and indicate the cost of an end-to-end privacy-preserving system compared to regular plaintext alternatives. All components of the MOZAIK platform are released as open-source software alongside this publication, with the aim of advancing secure and privacy-preserving data processing practices.