Section: Partnerships and Cooperations
National Initiatives
ANR
ANR ARPEGE Project: DALI (2009-2012) - http://dali.kereval.com/
DALI aims at developing innovative design solutions to enhance the capabilities of current intrusion detection systems at the application level as well as new methodologies and tools for assessment and evaluation of the proposed solution with respect to their ability to detect potential intrusions. This project is led by Kereval and involves Supélec, Télécom Bretagne, and the LAAS/ CNRS. Our activity consists in the design and development of a mechanism to discover invariants in web applications. These invariants are weaved in the application source code, in order to be dynamically checked at runtime. The approach has been applied on an e-commerce application. The assessment phase which has been carried out by the LAAS-CNRS demonstrated a good detection rate of our mechanisms. This projet has been evaluated during the ANR « Grand Colloque STIC » January 2012 and has reached an end in June 2012.
ANR INS Project: AMORES (2011-2015) - http://amores-project.org/
Situated in the mobiquitous context characterized by a high mobility of individuals, most of them wearing devices capable of geolocation (smartphones or GPS-equipped cars), the AMORES project is built around three use-cases related to mobility, namely (1) dynamic carpooling, (2) real-time computation of multi-modal transportation itineraries and (3) mobile social networking. For these three use cases, the main objective of the AMORES project is to define and develop geo-communication primitives at the middleware level that can offer the required geo-located services, while at the same time preserving the privacy of users, in particular with respect to their location (notion of geo-privacy). Within this context, we study in particular the problem of anonymous routing and the design of a key generation protocol tied to a particular geographical location. Each of these services can only work through cooperation of the different entities composing the mobile network. Therefore, we also work on the development of mechanisms encouraging entities to cooperate together in a privacy-preserving manner. The envisioned approach consists in the definition of generic primitives such as the management of trust and the incentive to cooperation. This project is joint between the Université de Rennes 1, Supélec, LAAS-CNRS, Mobigis and Tisséo. The research project AMORES received the Innovation Award at the Toulouse Space Show last June. Simon Boche and Paul Lajoie-Mazenc are doing their PhD in the context of this project.
ANR INS Project: LYRICS (2011-2014) - http://projet.lyrics.orange-labs.fr/
With the fast emergence of the contactless technology such as NFC, mobile phones will soon be able to play the role of e-tickets, credit cards, transit pass, loyalty cards, access control badges, e-voting tokens, e-cash wallets, etc. In such a context, protecting the privacy of an individual becomes a particularly challenging task, especially when this individual is engaged during her daily life in contactless services that may be associated with his identity. If an unauthorized entity is technically able to follow all the digital traces left behind during these interactions then that third party could efficiently build a complete profile of this individual, thus causing a privacy breach. Most importantly, this entity can freely use this information for some undesired or fraudulent purposes ranging from targeted spam to identity theft. The objective of LYRICS (ANR INS 2011) is to enable end users to securely access and operate contactless services in a privacy-preserving manner that is, without having to disclose their identity or any other unnecessary information related to personal data. Within this project, we work mainly on the privacy analysis of the risks incurred by users of mobile contactless services as well as on the development of the architecture enabling the development of privacy-preserving mobile contactless services. The project is joint between France Télécom, Atos Wordline, CryptoExperts, ENSI Bourges, ENSI Caen, MoDyCo, Oberthur Technologies, NEC Corporation, Microsoft and Université de Rennes 1.
Inria Large-scale Actions
-
CAPPRIS stands for “Collaborative Action on the Protection of Privacy Rights in the Information Society”. The main objective of CAPPRIS is to tackle the privacy challenges raised by the most recent developments and usages of information technologies such as profiling, data mining, social networking, location-based services or pervasive computing by developing solutions to enhance the protection of privacy in the Information Society. To solve this generic objective, the project focuses in particular on the following four fundamental issues:
The design of appropriate metrics to assess and quantify privacy, primarily by extending and integrating the various possible definitions existing for the generic privacy properties such as anonymity, pseudonymity, unlinkability and unobservability, as well as notions coming from information theory or databases such as the recent but promising concept of differential privacy;
The definition and the understanding of the fundamental principles underlying “privacy by design”, with the hope of deriving practical guidelines to implement notions such as data minimization, proportionality, purpose specification, usage limitation, data sovereignty and accountability directly in the formal specifications of our information systems;
The integration between the legal and social dimensions, intensely necessary since the developed privacy concepts, although they may rely on computational techniques, must be in adequacy with the applicable law (even in its heterogeneous and dynamic nature). In particular, privacy-preserving technologies cannot be considered efficient as long as they are not properly understood, accepted and trusted by the general public, an outcome which cannot be achieved by the means of a mathematical proof.
Three major application domains have been identified as interesting experimentation fields for this work: online social networks, location-based services and electronic health record systems. Each of these three domains brings specific privacy-related issues. The aim of the collaboration is to apply the techniques developed to the application domains in a way that promotes the notion of privacy by design, instead of simply considering them as a form of privacy add-ons on the top of already existing technologies. CAPPRIS is a joint project between Inria, CNRS, Université de Rennes 1, Supélec, Université de Namur, Eurecom, and Université de Versailles.
Research mission “Droit et Justice”
-
The “right to be forgotten” can be viewed as a consequence and an extension of the right to privacy and to personal data protection, emphasized by the inherent difficulty to erase any given information from the omnipresent digital world. The French ministry of Justice has launched two twin projects (one of which is the DAO project), in order to explore the possible legal definitions of a “right to be forgotten”. Even though there are no legal foundations for such a right in France at the moment, the concept is already known from the general public and is also present in courts. Furthermore, individuals expect to be protected by such a right, thus it is important to understand why, how, in which circumstances and to which extent this new right may apply before envisioning a legal notion defining it. The DAO project involves a major legal component, a sociological survey and a technical study. In a nutshell, the legal part explores the possible boundaries and requirements of a right to be forgotten with respect to labor law, civil statuses, personal data protection, legal prescription and IT law. The sociological survey aims at understanding the root causes making people build a desire for forgetfulness in others. Finally, the objective of the computer science part is to elaborate a state of the art of the techniques that could be used to enforce a right to be forgotten in practice in the digital world. The expected output of the project as a whole is a detailed recommendation about whether an independent legislation proposal for the right to be forgotten would be justified, and how it should be done. The project is joint between Université de Rennes 1, Inria and Supélec.
Competitivity Clusters
The following projects are recognized by the Images & Réseaux cluster:
DALI (ANR ARPEGE 2008): http://www.images-et-reseaux.com/en/content/dali
AMORES (ANR INS 2011): http://www.images-et-reseaux.com/en/content/amores