8.1.1 On dark patterns and manipulation of website publishers by CMPs

Participants: Michael Toth, Nataliia Bielova, Vincent Roca.

Web technologies and services widely rely on data collection via tracking users on websites. In the EU, the collection of such data requires user consent thanks to the ePrivacy Directive (ePD), and the General Data Protection Regulation (GDPR). To comply with these regulations and integrate consent collection into their websites, website publishers often rely on third-party contractors, called Consent Management Providers (CMPs), that provide consent pop-ups as a service. Since the GDPR came in force in May 2018, the presence of CMPs continuously increased. In our work, we systematically study the installation and configuration process of consent pop-ups and their potential effects on the decision making of the website publishers. We make an in-depth analysis of the configuration process from ten services provided by five popular CMP companies and identify common unethical design choices employed. By analysing CMP services on an empty experimental website, we identify manipulation of website publishers towards subscription to the CMPs paid plans and then determine that default consent pop-ups often violate the law. We also show that configuration options may lead to non-compliance, while tracking scanners offered by CMPs manipulate publishers. Our findings demonstrate the importance of CMPs and design space offered to website publishers, and we raise concerns around the privileged position of CMPs and their strategies influencing website publishers.

Related publication: 6

8.1.2 My Cookie is a phoenix: detection, measurement, and lawfulness of cookie respawning with browser fingerprinting

Participants: Imane Fouad, Cristiana Santos, Arnaud Legout, Nataliia Bielova.

Stateful and stateless web tracking gathered much attention in the last decade, however they were always measured separately. To the best of our knowledge, our study is the first to detect and measure cookie respawning with browser and machine fingerprinting. We develop a detection methodology that allows us to detect cookies dependency on browser and machine features. Our results show that 1,150 out of the top 30,000 Alexa websites deploy this tracking mechanism. We find out that this technique can be used to track users across websites even when third-party cookies are deprecated. Together with a legal scholar, we conclude that cookie respawning with browser fingerprinting lacks legal interpretation under the GDPR and the ePrivacy directive, but its use in practice may breach them, thus subjecting it to fines up to 20 million Euros.

Related publication: 2

8.1.3 Device re-identification in LoRaWAN through messages linkage

Participants: Samuel Pelissier, Mathieu Cunche, Vincent Roca.

In LoRaWAN networks, devices are identified by two identifiers: a globally unique and stable one called DevEUI, and an ephemeral and randomly assigned pseudonym called DevAddr. The association between those identifiers is only known by the network and join servers, and is not available to a passive eavesdropper. In this work, we consider the problem of linking the DevAddr with the corresponding DevEUI based on passive observation of the LoRa traffic transmitted over the air. Leveraging metadata exposed in LoRa frames, we devise a technique to link two messages containing respectively the DevEUI and the DevAddr, thus identifying the link between those identifiers. The approach is based on machine learning algorithms using various pieces of information including timing, signal strength, and fields of the frames. Based on an evaluation using a real-world dataset of 11 million messages, with ground truth available, we show that multiple machine learning models are able to reliably link those identifiers. The best of them achieves an impressive true positive rate of over 0.8 and a false positive rate of 0.001.

Related publication: 5

8.1.4 Generalizable Features for Anonymizing Motion Signals Based on the Zeros of the Short-Time Fourier Transform

Participants: Pierre Rougé, Ali Moukadem, Alain Dieterlen, Antoine Boutet, Carole Frindel.

Thanks to the recent development of sensors and Internet of Things (IoT), it is now common to use mobile application to monitor health status. These applications rely on sensors embedded in the smartphones that measure several physical quantities such as acceleration or angular velocity. However, these data are private information that can be used to infer sensitive attributes. This contribution presents a new approach to anonymize the motion sensor data, preventing the re-identification of the user based on a selection of handcrafted features extracted from the distribution of zeros of the Shot-Time Fourier Transform (STFT). This work is motivated by recent works which highlight the importance of the zeros of the STFT ([Flandrin 2015]) and link them in the case of white noise to Gaussian Analytical Functions (GAF) ([Bardenet 2020]) where the distribution of their zeros is formally described. The proposed approach is compared with an extension of an earlier work based on filtering in the time-frequency plane and doing the classification task based on convolutional neural networks, for which we improved the evaluation method and investigated the benefits of gyroscopic sensor’s data. An extensive comparison is performed on a first public dataset to assess the accuracy of activity recognition and user re-identification. We showed not only that the proposed method gives better results in term of activity/identity recognition trade-off compared with the state of the art but also that it can be generalized to other datasets.

Related publication: 8

8.2.1 MixNN: Protection of Federated Learning Against Inference Attacks by Mixing Neural Network Layers

Participants: Thomas Lebrun, Jan Aalmoes, Adrien Baud, Antoine Boutet.

Machine Learning (ML) has emerged as a core technology to provide learning models to perform complex tasks. Boosted by Machine Learning as a Service (MLaaS), the number of applications relying on ML capabilities is ever increasing. However, ML models are the source of different privacy violations through passive or active attacks from different entities. In this contribution, we present MixNN a proxy-based privacy-preserving system for federated learning to protect the privacy of participants against a curious or malicious aggregation server trying to infer sensitive information (i.e., membership and attribute inferences). MixNN receives the model updates from participants and mixes layers between participants before sending the mixed updates to the aggregation server. This mixing strategy drastically reduces privacy leaks without any trade-off with utility. Indeed, mixing the updates of the model has no impact on the result of the aggregation of the updates computed by the server. We report on an extensive evaluation of MixNN using several datasets and neural networks architectures to quantify privacy leakage through membership and attribute inference attacks as well the robustness of the protection. We show that MixNN significantly limits both the membership and attribute inferences compared to a baseline using model compression and noisy gradient (well known to damage the utility) while keeping the same level of utility as classic federated learning.

Related publication: 4

8.2.2 Inferring Sensitive Attributes from Model Explanations

Participants: Vasisht Duddu, Antoine Boutet.

Model explanations provide transparency into a trained machine learning model’s blackbox behavior to a model builder. They indicate the influence of different input attributes to its corresponding model prediction. The dependency of explanations on input raises privacy concerns for sensitive user data. However, current literature has limited discussion on privacy risks of model explanations. We focus on the specific privacy risk of attribute inference attack wherein an adversary infers sensitive attributes of an input (e.g., Race and Sex) given its model explanations. We design the first attribute inference attack against model explanations in two threat models where model builder either (a) includes the sensitive attributes in training data and input or (b) censors the sensitive attributes by not including them in the training data and input. We evaluate our proposed attack on four benchmark datasets and four state-of-the-art algorithms. We show that an adversary can successfully infer the value of sensitive attributes from explanations in both the threat models accurately. Moreover, the attack is successful even by exploiting only the explanations corresponding to sensitive attributes. These suggest that our attack is effective against explanations and poses a practical threat to data privacy. On combining the model predictions (an attack surface exploited by prior attacks) with explanations, we note that the attack success does not improve. Additionally, the attack success on exploiting model explanations is better compared to exploiting only model predictions. These suggest that model explanations are a strong attack surface to exploit for an adversary.

Related publication: 1

8.2.3 Towards Privacy Aware Deep Learning for Embedded Systems

Participants: Thomas Lebrun, Jan Aalmoes, Adrien Baud, Antoine Boutet.

Memorization of training data by deep neural networks enables an adversary to mount successful membership inference attacks. Here, an adversary with blackbox query access to the model can infer whether an individual’s data record was part of the model’s sensitive training data using only the output predictions. This violates the data confidentiality, by inferring samples from proprietary training data, and privacy of the individual whose sensitive record was used to train the model. This privacy threat is profound in commercial embedded systems with on-device processing. Addressing this problem requires neural networks to be inherently private by design while conforming to the memory, power and computation constraints of embedded systems. This is lacking in literature. We present the first work towards membership privacy by design in neural networks while reconciling privacy-accuracy-efficiency trade-offs for embedded systems. We conduct an extensive privacy-centered neural network design space exploration to understand the membership privacy risks of well adopted state-of-the-art techniques: model compression via pruning, quantization, and off-the-shelf efficient architectures. We study the impact of model capacity on memorization of training data and show that compressed models (after retraining) leak more membership information compared to baseline uncompressed models while off-the-shelf architectures do not satisfy all efficiency requirements. Based on these observations, we identify quantization as a potential design choice to address the three dimensional trade-off. We propose Gecko training methodology where we explicitly add resistance to membership inference attacks as a design objective along with memory, computation, and power constraints of the embedded devices. We show that models trained using Gecko are comparable to prior defences against blackbox membership attacks in terms of accuracy and privacy while additionally providing efficiency. This enables Gecko models to be deployed on embedded systems while providing membership privacy.

Related publication: 13

8.3.1 Mapping the Use of Facial Recognition in Public Spaces in Europe

Participants: Claude Castelluccia, Daniel Le Métayer.

How to regulate the use of facial recognition in public spaces in Europe? This crucial debate has often been characterised by a lack of clarity and precision. In the context of the AI-regulation MIAI Chair, the authors have been working on 6 Reports to analyse the different ways in which facial recognition is being used and the related legal issues.

The first report presents the political landscape, dives into definitions of key terms and explains the project’s main objectives and methodological tools, which led to the selection – and detailed study – of 25 representative cases.

The second report provides a path to understanding with a classification table presenting in the most accessible way the different facial processing functionalities and applications used in public spaces.

The 3rd Report should be of great interest to lawyers interested in data protection; AI ethics specialists; the private sector; data controllers; DPAs and the EDPB; policymakers; and the general public, who will find here an accessible way to understand all these issues.

Three additional reports are expected on other aspects of AI regulation.

Related website: ai-regulation.com

Related publications: 2223

8.4.1 Can Authoritative Governments Abuse the Right to Access?

Participants: Cedric Lauradoux, Cristiana Santos.

Since the application of the GDPR, legal scholars and computer scientists have identified several issues with the right of access:

• Organizations are not prepared to answer subject access requests (see [AD18]);
• Organizations are using weak methods to verify subject access requests;
• European Data Protection Authorities(DPAs) are providing different recommendations and they request non proportional or unnecessary documents to verify the identity of the requester.

We note that the EDPB guidelines address the first two issues. We hope that these Guidelines will shape and homogenize the recommendations published by all European DPAs in their websites and help in the complaining process. Whereas the present guidelines consist of a significant step to the exercise of the right of access, they need to clarify several important elements discussed in the following sections.

Related publications: 163

9.1.1 Inria associate team not involved in an IIL or an international program

9.1.2 Participation in other International Programs

9.2.1 Visits of international scientists

9.2.2 Visits to international teams

9.3.1 H2020 projects

9.3.2 Other european programs/initiatives

9.4.1 ANR

9.4.2 INRIA-CNIL collaboration

PRIVATICS and CNIL collaborate since 2012 through several collaborative projects (e.g., the Mobilitics bi-lateral project on privacy and smartphones in 2012-2014, the IoTics ANR research project on privacy and connected devices), workshops and discussions on data anoymisation, risk analysis, consent or IoT Privacy. PRIVATICS is also in charged of the organization of the CNIL-Inria prize that is awarded every year to an outstanding publication in the field of data privacy.

Last but not least:

• Nataliia Bielova worked in the Laboratoire d'Innovation de la CNIL (LINC) in the context of a "mise à disposition", from September 2021 to December 2022. News CNIL
• Claude Castelluccia is "Commissaire CNIL" since August 2021. Liste des commissaires CNIL

9.4.3 Inria Exploratory Action (AEx)

DATA4US (Personal DAta TrAnsparency for web USers)

• Participants: Cedric Lauradoux, Nataliia Bielova
• Duration: 2020-2024
• Abstract: Since May 2018, General Data Protection Regulation (GDPR) regulates collection of personal data in all EU countries, but users today are still tracked and their data is still silently collected as they browse the Web. GDPR empowers users with the rights to access their own data, but users have no means to exercise their rights in practice. DATA4US tackles these interdisciplinary challenges by establishing collaborations with researchers in Law. DATA4US will propose a new architecture for exercising access rights that will explain the users whether their data has been legally collected and eventually help contact DPAs for further investigations.

9.4.4 Inria Action de Dévelopement Technologique (ADT)

PRESERVE (Plate-foRme wEb de SEnsibilisation aux pRoblèmes de Vie privéE):

• Participant: Antoine Boutet, Adrien Baud.
• Abstract: The goal of the PRESERVE ADT is to design a platform whose goal is to raise users' awareness of privacy issues. The first version implements tools in order to inspect location history. Specifically, this version implements [hal-02421828] where a user is able to inspect the private and sensitive information inferred from its own location data.

10.1.1 Scientific events: organisation

10.1.2 Scientific events: selection

10.1.3 Invited talks

• Claude Castelluccia was invited by the Académie Nationale de Médecine for the "Médecine et IA" special day, on the occasion of the publication of the collective book "Médecine et intelligence artificielle", CNRS édition, directed by B. Nordlinger, C. Villani and O. de Fresnoye, May 2022. Suject of the contribution: "Online Brain Hacking"
• Vincent Roca was invited by the Académie Nationale de Médecine for the "Médecine et IA" special day, on the occasion of the publication of the collective book "Médecine et intelligence artificielle", CNRS édition, directed by B. Nordlinger, C. Villani and O. de Fresnoye, May 2022. Suject of the contribution: "TousAntiCovid : gros plan sur les deux protocoles de traçage numérique"
• Vincent Roca, "Digital contact/presence tracing in FR/Europe: lessons learned after two years", talk during the PRIVASKI seminar, March 2022.
• Vincent Roca, "Web and privacy: where do we go and what do we want?", invited talk during the STIC AmSud Scientific Seminar, October 2022.
• Vincent Roca, round table "Souveraineté Numérique et Vie Privée, entre contrôle et respect des données", 12ème Atelier sur la Protection de la Vie Privée (APVP 2022), June 2022.
• Antoine Boutet, "Inférence d'informations sensibles dans l'apprentissage automatique et contre mesures", GT-PVP seminar, September 2022
• Antoine Boutet, "Vers une protection à la source des informations capteurs pour se prémunir des inférences d'informations sensibles", FIL seminar, April 2022
• Antoine Boutet, "DYSAN: dynamically sanitizing motion sensor data against sensitive inferences through adversarial networks", French-Japan Cybersecurity Workshop, March 2022

10.1.4 Leadership within the scientific community

• Mathieu Cunche, co-chair of the Privacy Protection (PVP) Working Group of GDR Sécurité
• Nataliia Bielova, member of the Steering Committee of Atelier sur la Protection de la Vie Privée (APVP)
• Antoine Boutet, chair of the Privacy Protection Working Group of the French-Japan Cybersecurity Collaboration

10.4.1 Teaching

Most of the PRIVATICS members' lectures are given at INSA-Lyon (Antoine Boutet and Mathieu Cunche are associated professor at INSA-Lyon), at Grenoble Alps University (Claude Castelluccia, Vincent Roca and Cédric Lauradoux).

Most of the PRIVATICS members' lectures are on the foundations of computer science, security and privacy, as well as networking. The lectures are given to computer science students but also to business school students and to laws students.

Details of lectures:

• Master : Antoine Boutet, Privacy, 80h, INSA-Lyon, France.
• Master : Antoine Boutet, Security, 40h, INSA-Lyon, France.
• Undergraduate course : Mathieu Cunche, Introduction to computer science, 120h, L1, INSA-Lyon, France.
• Master : Mathieu Cunche, Wireless Security, 6h, M2, INSA-Lyon, France.
• Undergraduate course : Mathieu Cunche, On Wireless Network Security, 10h, L1, IUT-2 (UPMF - Grenoble University) , France.
• Undergraduate course : Mathieu Cunche, Systems and Networks Security , 10h, M2, INSA-Lyon, France.
• Master : Mathieu Cunche, Privacy and Data protection, 26h, M2, INSA-Lyon, France.
• Master : Mathieu Cunche, Cryptography and Communication Security, 18h, M1, INSA-Lyon, France.
• Master : Cédric Lauradoux, Advanced Topics in Security, 20h, M2, Ensimag/INPG, France.
• Master : Cédric Lauradoux, Systems and Network Security, 30h, M1, Ensimag, France.
• Master : Cédric Lauradoux, Internet Security, 12h, M2, University of Grenoble Alpes, France.
• Master : Cédric Lauradoux, Cyber Security, 3h, M2, Laws School of University of Grenoble Alpes, France.
• Master : Claude Castelluccia, Advanced Topics in Security, 15h, M2, Ensimag/INPG, France.
• Master : Claude Castelluccia, Cyber Security, 6h, M2, Laws School of University of Grenoble Alpes, France.
• Master : Claude Castelluccia, Data Privacy, 6h, M2, Laws School of University of Grenoble Alpes, France.
• Master : Claude Castelluccia, Data Privacy, 12h, SKEMA Business School, Sophia-Antipolis, France.
• Master : Vincent Roca, Wireless Communications, 16h, M2, Polytech, University of Grenoble Alpes, France.
• Undergraduate course : Vincent Roca, C Programming and Security, 24h, L-Pro, IUT-2 (University of Grenoble Alpes), France.
• Undergraduate course : Vincent Roca, Privacy in Smartphones and Internet of Things, 3h, L-Pro, University of Grenoble Alpes, France.
• Master : Vincent Roca, Privacy in Smartphones and Internet of Things, 3h, M2, Ensimag/INPG, France.
• Master : Vincent Roca, Privacy in Smartphones, 1.5h, M2 (University of Cote-d'Azur), France.

10.4.2 Supervision

PhD defended in 2022: None

On-going PhDs:

• Coline Boniface, (Sept. 2019 - ) "Attribution of cyber attacks", co-supervised by Cédric Lauradoux and Karine Bannelier
• Michael Toth (Dec. 2019 - ), co-supervised by Nataliia Bielova and Vincent Roca
• Samuel Pelissier, (Sept. 2021 - ), co-supervised by Mathieu Cunche and Vincent Roca
• Suzanne Lansade, (Oct. 2020 - ), co-supervised by Cédric Lauradoux and Vincent Roca
• Jan Aalmoes, (Sept. 2021 - ), co-supervised by Antoine Boutet, Carole Frindel and Mathieu Cunche
• Thomas Lebrun, (Oct. 2021 - ), co-supervised by Antoine Boutet, Claude Castellucccia and Mathieu Cunche

New PhDs:

• Gilles Mertens, (Nov. 2022 - ), "Progressive Web Apps", co-supervised by Vincent Roca and Mathieu Cunche
• Teodora Curelariu, (Dec. 2022 - ), "Cyber-incidents entre monde privé et public", co-supervised by Cédric Lauradoux and Karine Bannelier

10.4.3 Juries

• Vincent Roca was examiner for the PhD defense of Tomas Conception Miranda, "Profiling and Visualizing Android Malware Datasets", November 2022.
• Nataliia Bielova was a member of PhD defense of Hanaa Alshareef, Chalmers University of Technology (SE), August 2022.
• Nataliia Bielova was a member of the PhD thesis supervision commitee of Emre Kocyigit, University of Luxembourg (LU), 2022.
• Nataliia Bielova was a member of the Comprehensive exam committee of Maaz Bin Musa, University of Iowa (US), 2022.
• Mathieu Cunche was examiner for the PhD defense of Robin Carpentier, "Privacy-preserving third-party computations on secure personal data management systems", Université de Versailles-Saint-Quentin-en-Yvelines, December 2022
• Mathieu Cunche was reviewer for the PhD defense of Andy Amoordon, "Méthodes de détection d’attaques cybernétiques par une surveillance multicouches de communication", Université de Lille December 2022
• Mathieu Cunche was reviewer for the PhD defense of Héber Hwang Arcolezi, "Production de Données Catégorielles Respectant la Confidentialité Différentielle Conception et Applications au Apprentissage Automatique", Université de Franche-Comté, January 2022
• Antointe Boutet was reviewer for hte PhD defense of Lestyan Szilvia, "Privacy of Vehicular Time Series Data", June 2022

10.5.1 Interventions

• Nataliia Bielova was interviewed in LeMonde.fr on their large-scale detection of Web tracking, cookie syncing and browser fingerprinting, and development of ERNIE extension, 2022.
• Nataliia Bielova was interviewed in Wired.com about the advances in the field of Browser Fingerprinting based on her journal article at ACM TWEB, 2022.
• Mathieu Cunche was a guest on RFI, Le débat du jour : Sommes-nous condamnés à être espionnés?, 16/06/22
• Mathieu Cunche was a guest on RTBF, Les éclaireurs : "Totale connexion !", 02/04/22
• Mathieu Cunche was interviewed in the podcast Monde Numérique, Vous allez tout comprendre : le Wi-Fi, 06/08/22
• Mathieu Cunche was interviewed in Imagine, Totale connexion, 03/01/22 , N° 149 / mars-avril 2022
• Mathieu Cunche was interviewed in Femme Actuelle, Je protège mes données personnelles, 03/02/2022

International journals

• 7 articleM.Marcello Ienca, J. J.Joseph J Fins, R. J.Ralf J Jox, F.Fabrice Jotterand, S.Silja Voeneky, R.Roberto Andorno, T.Tonio Ball, C.Claude Castelluccia, R.Ricardo Chavarriaga, H.Hervé Chneiweiss, A.Agata Ferretti, O.Orsolya Friedrich, S.Samia Hurst, G.Grischa Merkel, F.Fruzsina Molnár-Gábor, J.-M.Jean-Marc Rickli, J.James Scheibner, E.Effy Vayena, R.Rafael Yuste and P.Philipp Kellmeyer. Towards a Governance Framework for Brain Data.Neuroethics15June 2022
  HALDOI
• 8 articleP.Pierre Rougé, A.Ali Moukadem, A.Alain Dieterlen, A.Antoine Boutet and C.Carole Frindel. Generalizable Features for Anonymizing Motion Signals Based on the Zeros of the Short-Time Fourier Transform.Journal of Signal Processing SystemsJuly 2022, 1-14
  HALDOIback to text
• 9 articleM.Michael Toth, N.Nataliia Bielova and V.Vincent Roca. On dark patterns and manipulation of website publishers by CMPs.Proceedings on Privacy Enhancing Technologies (PoPETs)202232022, 478–497
  HALDOI

International peer-reviewed conferences

• 10 inproceedingsC.Carole Adam and C.Cédric Lauradoux. A serious game for debating about the use of Artificial Intelligence during the COVID-19 pandemic.19th International Conference on Information Systems for Crisis Response and Management, {ISCRAM} 2022Tarbes, FranceMay 2022
  HAL
• 11 inproceedingsS.Supriya Adhatarao and C.Cédric Lauradoux. Robust PDF Files Forensics Using Coding Style.ICT Systems Security and Privacy Protection - 37th IFIP TC 11 International Conference, SEC 2022648IFIP Advances in Information and Communication TechnologyCopenhagen, FranceSpringer International PublishingJune 2022, 179-195
  HALDOI
• 12 inproceedingsV.Vasisht Duddu and A.Antoine Boutet. Inferring Sensitive Attributes from Model Explanations.CIKM 2022 - 31st ACM International Conference on Information and Knowledge ManagementAtlanta / Hybrid, United StatesOctober 2022, 1-10
  HAL
• 13 inproceedingsV.Vasisht Duddu, A.Antoine Boutet and V.Virat Shejwalkar. Towards Privacy Aware Deep Learning for Embedded Systems.SAC 2022 - 37th ACM/SIGAPP Symposium on Applied ComputingVirtual, FranceACMApril 2022, 520-529
  HALback to text
• 14 inproceedingsI.Imane Fouad, C.Cristiana Santos, A.Arnaud Legout and N.Nataliia Bielova. My Cookie is a phoenix: detection, measurement, and lawfulness of cookie respawning with browser fingerprinting.PETS 2022 - 22nd Privacy Enhancing Technologies SymposiumSydney, AustraliaJuly 2022
  HAL
• 15 inproceedingsN.Nina Grgić-Hlača, C.Claude Castelluccia and K. P.Krishna P Gummadi. Taking Advice from (Dis)Similar Machines: The Impact of Human-Machine Similarity on Machine-Assisted Decision-Making.HCOMP 2022 - The Tenth AAAI Conference on Human Computation and CrowdsourcingVirtual, FranceNovember 2022
  HAL
• 16 inproceedingsC.Cédric Lauradoux. Can Authoritative Governments Abuse the Right to Access?Annual Privacy Forum 202213279Lecture Notes in Computer ScienceVarsovie (PL), PolandSpringer International PublishingMay 2022, 23-33
  HALDOIback to text
• 17 inproceedingsT.Thomas Lebrun, A.Antoine Boutet, J.Jan Aalmoes and A.Adrien Baud. MixNN: Protection of Federated Learning Against Inference Attacks by Mixing Neural Network Layers.MIDDLEWARE 2022 - 23rd ACM/IFIP International Middleware ConferenceQuebec, CanadaNovember 2022, 1-11
  HALDOI
• 18 inproceedingsT.Túlio Pascoal, J.Jérémie Decouchant, A.Antoine Boutet and M.Marcus Völp. I-GWAS: Privacy-Preserving Interdependent Genome-Wide Association Studies.PETS 2023 - 23rd Privacy Enhancing Technologies SymposiumLausanne, SwitzerlandJuly 2023
  HAL
• 19 inproceedingsS.Samuel Pélissier, M.Mathieu Cunche, V.Vincent Roca and D.Didier Donsez. Device re-identification in LoRaWAN through messages linkage.WiSec 2022 - 15th ACM Conference on Security and Privacy in Wireless and Mobile NetworksSan Antonio, TX, United StatesACMMay 2022, 1-6
  HAL

National peer-reviewed Conferences

• 20 inproceedingsA.Antoine Boutet and G.Gaëtan Derache. Simulation de crise -24h dans la tempête.RESSI 2022 - Rendez-vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'InformationChambon-sur-Lac, FranceMay 2022, 1-4
  HAL

Scientific book chapters

• 21 inbookV.Vincent Roca. TousAntiCovid : gros plan sur les deux protocoles de traçage numérique de l'application.Médecine et intelligence artificielleCNRS EditionsMarch 2022, 1-5
  HAL

Reports & preprints

• 22 reportT.Theodore Christakis, K.Karine Bannelier, C.Claude Castelluccia and D.Daniel Le Métayer. MAPPING THE USE OF FACIAL RECOGNITION IN PUBLIC SPACES IN EUROPE A QUEST FOR CLARITY: UNPICKING THE "CATCH-ALL" TERM.May 2022Université Grenoble Alpes (UGA); Centre d’Etudes sur la Sécurité Internationale et les Coopérations Européennes (CESICE)May 2022
  HALback to text
• 23 reportT.Theodore Christakis, K.Karine Bannelier-Christakis, C.Claude Castelluccia and D.Daniel Le Métayer. Facial recognition for authorisation purposes (part 3).Université Grenoble Alpes (UGA)May 2022
  HALback to text
• 24 miscG.Guillaume Kessibi, A. O.Aymen Ould Hamouda, C.Charly Poirier and A.Antoine Boutet. A complementary utility and privacy trade-off evaluation of Google's FloC API.May 2022
  HAL
• 25 miscV.Vincent Roca. Digital contact/presence tracing in FR/Europe: lessons learned after two years.March 2022
  HAL

Other scientific publications

• 26 inproceedingsJ.Johann Hugon, M.Mathieu Cunche and T.Thomas Begin. RoMA: Rotating MAC Address for privacy protection.SIGCOMM 2022 - 36th Conference of the ACM Special Interest Group on Data Communication -- Poster SessionAmsterdam, NetherlandsAugust 2022
  HALDOI
• 27 miscC.Cédric Lauradoux and C.Cristiana Santos. Feedbacks on Guidelines 01/2022 on data subject rights -Right of access.March 2022
  HAL

Scientific popularization

• 28 articleM.Mathieu Cunche. Le traçage cyberphysique des personnes et la vie privée.IntersticesJanuary 2022
  HAL