PRIVATICS - 2019 - Annual activity report

PRIVATICS

PRIVATICS - 2019

Project-Team Privatics

Team, Visitors, External Collaborators

Overall Objectives

Context

Application Domains

Highlights of the Year

New Software and Platforms

New Results

Differential Inference Testing
Analyse des impacts de la reconnaissance faciale - Quelques éléments de méthode (in French)
Towards a generic framework for black-box explanation methods
A generic information and consent framework for the IoT
Analysis of privacy policies to enhance informed consent
Understanding algorithmic decision-making: Opportunities and challenges, Study for the European Parliament (STOA)
Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism
Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile
Privacy implications of switching ON a light bulb in the IoT world
Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data
Plausible Deniability for Practical Privacy-Preserving Live Streaming
Protecting motion sensor data against sensitive inferences through an adversarial network approach
Inria white book on Cybersecurity: Current challenges and Inria's research directions
Inspect what your location history reveals about you - Raising user awareness on privacy threats associated with disclosing his location data
Pseudonymisation techniques and best practices

Partnerships and Cooperations

Dissemination

Bibliography

Publications of the year

Previous |

Home | Next next

Section: Partnerships and Cooperations

National Initiatives

ADT PRESERVE

Title: PRESERVE: Plate-foRme wEb de SEnsibilisation aux pRoblèmes de Vie privéE
Duration: 2019 - 2020
Coordinator: INSA.
Abstract: The goal of this project is to develop a web platform to increase the user awareness on privacy issues. This platform will gather multiple works investigated in the team and will be used to conduct demonstration and stimulate new collaborations and dissemination actions to end users and media.

ANR

CISC

Title: Certification of IoT Secure Compilation.
Type: ANR.
Duration: April 2018 - March 2022.
Coordinator: Inria INDES project-team (France)
Others partners: Inria CELTIC project-team (France), College de France (France) (France).
See also: http://cisc.gforge.inria.fr.
Abstract: The objective of the ANR CISC project is to investigate multitier languages and compilers to build secure IoT applications with private communication. A first goal is to extend multitier platforms by a new orchestration language that we call Hiphop.js to synchronize internal and external activities of IoT applications as a whole. CISC will define the language, semantics, attacker models, and policies for the IoT and investigate automatic implementation of privacy and security policies by multitier compilation of IoT applications. To guarantee such applications are correct, and in particular that the required security and privacy properties are achieved, the project will certify them using the Coq proof assistant.

SIDES 3.0

Title: Application of privacy by design to biometric access control.
Type: ANR.
Duration: August 2017 - August 2020.
Coordinator: Uness (France).
Others partners: Inria, UGA, ENS, Theia, Viseo.
Abstract: Since 2013, faculties of medicine have used a shared national platform that enables them to carry out all of their validating exams on tablets with automatic correction. This web platform entitled SIDES allowed the preparation of the medical students to the Computerized National Classing Events (ECN) which were successfully launched in June 2016 (8000 candidates simultaneously throughout France). SIDES 3.0 proposes to upgrade the existing platform. Privatics goals in this project is to ensure that privacy is respected and correctly assessed .

DAPCODS/IOTics

Title: DAPCODS/IOTics.
Type: ANR 2016.
Duration: May 2017 - Dec. 2020.
Coordinator: Inria PRIVATICS.
Others partners: Inria DIANA, EURECOM, Univ. Paris Sud, CNIL.
Abstract:

Thanks to the exponential growth of Internet, citizens have become more and more exposed to personal information leakage in their digital lives. This trend began with web tracking when surfing the Internet with our computers. The advent of smartphones, our personal assistants always connected and equipped with many sensors, further reinforced this tendency. And today the craze for “quantified self” wearable devices, for smart home appliances or for other connected devices enable the collection of potentially highly sensitive personal information in domains that were so far out of reach. However, little is known about the actual practices in terms of security, confidentiality, or data exchanges. The enduser is therefore prisoner of a highly asymmetric system. This has important consequences in terms of regulation, sovereignty, and leads to the hegemony of the GAFAs (Google, Amazon, Facebook and Apple). Security, transparency and user control are three key properties that should be followed by all the stakeholders of the smartphone and connected devices ecosystem. Recent scandals show that the reality is sometimes at the opposite.

The DAPCODS project gathers four renowned research teams, experts in security, privacy and digital economy. They are seconded by CNIL, the French data protection agency. The project aims at contributing along several axes:
- by analyzing the inner working of a significant set of connected devices in terms of personal information leaks. This will be made possible by analyzing their data flows (and associated smartphone application if applicable) from outside (smartphone and/or Wifi network) or inside, through ondevice static and dynamic analyses. New analysis methods and tools will be needed, some of them leveraging on previous works when applicable;
- by studying the device manufacturers' privacy policies along several criteria (e.g., accessibility, precision, focus, privacy risks). In a second step, their claims will be compared to the actual device behavior, as observed during the test campaigns. This will enable an accurate and unique ranking of connected devices;
- by understanding the underlying ecosystem, from the economical viewpoint. Data collected will make it possible to define the blurred boundaries of personal information market, a key aspect to set up an efficient regulation;
- and finally, by proposing a public website that will rank those connected devices and will inform citizens. We will then test the impact of this information on the potential change of behavior of stakeholders.
By giving transparent information of hidden behaviors, by highlighting good and bad practices, this project will contribute to reduce the information asymmetry of the system, to give back some control to the endusers, and hopefully to encourage certain stakeholders to change practices.

Inria-CNIL collaboration

Privatics is in charged of the Cnil-Inria collaboration. This collaboration was at the origin of the Mobilitics project and it is now at the source of many discussions and collaborations on data anoymisation, risk analysis, consent or IoT Privacy. Privatics and Cnil are both actively involved on the IoTics project, that is the follow-up of the Mobilitics projects. The goal of the Mobilitics project was to study information leakage in mobile phones. The goal of IoTics is to extend this work to IoT and connected devices.

Privatics is also in charged of the organization of the Cnil-Inria prize that is awarded every year to an outstanding publication in the field of data privacy.

Previous |

Home | Next next