To address the fundamental tension between data collaboration and privacy/intellectual property (IP) protection in multi-vendor aircraft cabin IoT environments, this paper proposes a lightweight privacy-enhancing framework. Built upon the CSMIM secure communication architecture, it integrates configurable differential privacy and additive secret sharing, enabling efficient privacy preservation on resource-constrained embedded devices. A key contribution is the empirical finding that computational architecture design impacts system performance significantly more than the choice of privacy algorithm—leading to the formulation of architecture–privacy co-design principles for trustworthy IoT collaboration. Experiments demonstrate negligible privacy overhead (<2% CPU utilization, <1 ms latency), while achieving strong privacy guarantees (ε ≤ 1) and strict vendor IP isolation; data utility remains at 98.7%. This work delivers the first systematic solution for aviation IoT data governance that simultaneously satisfies regulatory compliance, practical applicability, and deployability.

The proliferation of IoT devices in shared, multi-vendor environments like the modern aircraft cabin creates a fundamental conflict between the promise of data collaboration and the risks to passenger privacy, vendor intellectual property (IP), and regulatory compliance. While emerging standards like the Cabin Secure Media-Independent Messaging (CSMIM) protocol provide a secure communication backbone, they do not resolve data governance challenges at the application layer, leaving a privacy gap that impedes trust. This paper proposes and evaluates a framework that closes this gap by integrating a configurable layer of Privacy-Enhancing Technologies (PETs) atop a CSMIM-like architecture. We conduct a rigorous, empirical analysis of two pragmatic PETs: Differential Privacy (DP) for statistical sharing, and an additive secret sharing scheme (ASS) for data obfuscation. Using a high-fidelity testbed with resource-constrained hardware, we quantify the trade-offs between data privacy, utility, and computing performance. Our results demonstrate that the computational overhead of PETs is often negligible compared to inherent network and protocol latencies. We prove that architectural choices, such as on-device versus virtualized processing, have a far greater impact on end-to-end latency and computational performance than the PETs themselves. The findings provide a practical roadmap for system architects to select and configure appropriate PETs, enabling the design of trustworthy collaborative IoT ecosystems in avionics and other critical domains.