PRIVATICS - 2019 - Annual activity report

PRIVATICS

PRIVATICS - 2019

Project-Team Privatics

Team, Visitors, External Collaborators

Overall Objectives

Context

Application Domains

Highlights of the Year

New Software and Platforms

New Results

Differential Inference Testing
Analyse des impacts de la reconnaissance faciale - Quelques éléments de méthode (in French)
Towards a generic framework for black-box explanation methods
A generic information and consent framework for the IoT
Analysis of privacy policies to enhance informed consent
Understanding algorithmic decision-making: Opportunities and challenges, Study for the European Parliament (STOA)
Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism
Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile
Privacy implications of switching ON a light bulb in the IoT world
Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data
Plausible Deniability for Practical Privacy-Preserving Live Streaming
Protecting motion sensor data against sensitive inferences through an adversarial network approach
Inria white book on Cybersecurity: Current challenges and Inria's research directions
Inspect what your location history reveals about you - Raising user awareness on privacy threats associated with disclosing his location data
Pseudonymisation techniques and best practices

Partnerships and Cooperations

Dissemination

Bibliography

Publications of the year

Previous |

Home | Next next

Section: New Results

Inria white book on Cybersecurity: Current challenges and Inria's research directions

Participant : Vincent Roca.

This book provides an overview of research areas in cybersecurity, illustrated by contributions from Inria teams. The first step in cybersecurity is to identify threats and define a corresponding attacker model. Threats, including malware, physical damage or social engineering, can target the hardware, the network, the operating system, the applications, or the users themselves.

Then, detection and protection mechanisms must be designed to defend against these threats. One of the core mechanisms is cryptography, in order to ensure the confidentiality and integrity of data. These primitives must be the object of continuous cryptanalysis to ensure the highest level of security. However, secure cryptographic primitives alone are not sufficient for secure communications and services: cryptographic protocols, implementing richer interactions on top of the primitives, are needed. These protocols are distributed systems. Ensuring that they achieve their goals in the presence of an adversary requires the use of formal verification techniques, which have been extremely successful in this field.

Additional security services, such as authentication and access control, are needed to enforce a security policy. These security services, usually provided by the operating system or the network devices, can themselves be attacked and sometimes bypassed. Therefore, activities on the information system are monitored in order to detect any violation of the security policy. Finally, as attacks can spread extremely fast, the system must react automatically or at least reconfigure itself to avoid propagating attacks.

Privacy has also become an intrinsic part of cybersecurity. Privacy has its own properties, techniques, and methodology. Moreover, the study of privacy often requires to take legal, economical, and sociological aspects into account.

All these security mechanisms need to be carefully integrated in security-critical applications. These applications include traditional safety-critical applications that are becoming increasingly connected and therefore more vulnerable to security attacks, as well as new infrastructures running in the cloud or connected to a multitude of Things (IoT).

Previous |

Home | Next next