2023Activity reportProject-TeamPETRUS

5.1.1 PlugDB

• Keywords:
  Databases, Personal information, Privacy, Hardware and Software Platform
• Functional Description:

  PlugDB is a complete platform dedicated to a secure and ubiquitous management of personal data. It aims at providing an alternative to a systematic centralization of personal data. The PlugDB engine is a personal database server capable of storing data (tuples and documents) in tables and BLOBs, indexing them, querying them in SQL, sharing them through assertional access control policies and enforcing transactional properties (atomicity, integrity, durability).

  The prototype version of PlugDB engine is embedded in a tamper-resistant hardware device combining the security of smartcard with the storage capacity of NAND Flash. The personal database is hosted encrypted in NAND Flash and the PlugDB engine code runs in the tamper-resistant device. Complementary modules allow to pre-compile SQL queries for the applications, communicate with the DBMS from a remote Java program, synchronize local data with remote servers (typically used for recovering the database in the case of a broken or lost devices) and participate in distributed computation (e.g., global queries). Then, PlugDB was extended to run both on secure devices provided by Gemalto and on specific secure devices designed by PETRUS and assembled by electronic SMEs. Mastering the hardware platform opens up new research and experiment opportunities (e.g., support for wireless communication, secure authentication, sensing capabilities, battery powered ...).

  PlugDB engine has been registered first at APP (Agence de Protection des Programmes) in 2009 - a new version being registered every two years - and the hardware datasheets in 2015. PlugDB has been experimented in the field, notably in the healthcare domain. PlugDB was used in an educational platform that we set up : SIPD (Système d’Information Privacy- by-Design). SIPD was used at ENSIIE, INSA CVL and UVSQ through the Versailles Sciences Lab fablab, to raise students awareness of privacy protection problems and embedded programming.

  PlugDB combines several research contributions from the team, at the crossroads of flash data management, embedded data processing and secure distributed computations. It then strongly federates all members of our team (permanent members, PhD students and engineers). It is also a vector of visibility, technological transfer and dissemination and gives us the opportunity to collaborate with researchers from other disciplines around a concrete privacy-enhancing platform.

  PlugDB is currently industrialized in the context of the OwnCare Inria Innovation Lab (II-Lab). In OwnCare, PlugDB acts as a secure personal cloud to manage medical/social data for people receiving care at home. It is currently being deployed over 10.000 patient in the Yvelines district. The industrialization process covers the development of a complete testing environment, the writing of a detailed documentation and the development of additional features (e.g., embedded ODBC driver, TPM support, flexible access control model and embedded code upgrade notably). It has also required the design of a new hardware platform equipped with a battery power supply, introducing new energy consumption issues for the embedded software.

• URL:
  https://­project.­inria.­fr/­plugdb/
• Authors:
  Nicolas Anciaux, Luc Bouganim, Philippe Pucheral, Aydogan Ersoz, Laurent Schneider, Ludovic Javet
• Contact:
  Nicolas Anciaux

OwnCare-2 IILab (Jan 2022 - Dec 2025)

- Partners: PETRUS, Hippocad

Participants: Nicolas Anciaux, Luc Bouganim, Ludovic Javet, Philippe Pucheral [correspondent], Laurent Schneider.

The OwnCare IILab – Inria Innovation Lab - (Jan 2018-Dec 2021) aimed at conceiving a secured personal medical folder facilitating the organization of medical and social care provided at home to elderly people and at deploying it in the field. This IILab has been built in partnership with the Hippocad company which won, in association with Inria and UVSQ, a public call for tender launched by the Yvelines district to deploy this medical folder on the whole distinct (10.000 patients). This solution, named DomYcile in the Yvelines district, is based on a home box combining the PlugDB hardware/software technology developed by the Petrus team (to manage and secure the medical folder) and additional technology developed by Hippocad. The primary result of the OwnCare IILab has been to build a concrete industrial solution based on PlugDB and deploy it so far among 3000 patients in the Yvelines district, despite the Covid pandemia. In 2022, Hippocad has become a subsidiary of the La Poste group opening new opportunities in terms of deployment. Hence, Inria, UVSQ and Hippocad have launched a follow up of the OwnCare IILab for the period Jan 2022-Dec 2025. The goal of the OwnCare2 IILab is (1) to integrate our solution in the MaSanté 2022 national roadmap by making it interoperable with external services (without hurting the security provided by the box), (2) to handle, in a privacy-preserving way, new usages like actimetrics, teleassistance and global statistics based on IoT techniques, machine learning and decentralized computations and (3) try to deploy it at the national/international level. In 2023, a new district (Hauts de Seine) has decided to deploy the DomYcile solution on its own territory, leading to an extended partnership. The beginning of this second deployment is planned in the course of 2024.

Cozy Cloud CIFRE - Mirval contract (Nov 2020 - Oct 2023)

- Partners: Cozy Cloud, PETRUS

Participants: Luc Bouganim, Julien Mirval [correspondent], Iulian Sandu Popa.

A third CIFRE PhD thesis has been concluded between Cozy Cloud and Julien Mirval from PETRUS. Cozy Cloud is a French startup providing a personal Cloud platform. The Cozy product is a software stack that anyone can deploy to run his personal server in order to host his personal data and web services. The objective of this thesis is to propose appropriate solutions to effectively train an AI model (e.g., a deep neural network) in a fully distributed system while providing strong security guarantees to the participating nodes. The results, in the form of protocols and distributed and secure execution algorithms,were applied to practical cases provided by the Cozy Cloud company (see 18).

8.1.1 Visits of international scientists

8.2.1 iPoP, interdisciplinary Project on Privacy, PEPR Cybersécurité (July 2022 - June 2028)

Partners: Inria, CNRS, EDHEC, INSA CVL, INSA Lyon, UGA, Université de Lille, Université Rennes 1, UVSQ, CNIL

Digital technologies provide services that can greatly increase quality of life (e.g. connected e-health devices, location based services or personal assistants). However, these services can also raise major privacy risks, as they involve personal data, or even sensitive data. Indeed, this notion of personal data is the cornerstone of French and European regulations, since processing such data triggers a series of obligations that the data controller must abide by. This raises many multidisciplinary issues, as the challenges are not only technological, but also societal, judiciary, economic, political and ethical. The objectives of this project are thus to study the threats on privacy that have been introduced by these new services, and to conceive theoretical and technical privacy-preserving solutions that are compatible with French and European regulations, that preserve the quality of experience of the users. These solutions will be deployed and assessed, both on the technological and legal sides, and on their societal acceptability. In order to achieve these objectives, we adopt an interdisciplinary approach, bringing together many diverse fields: computer science, technology, engineering, social sciences, economy and law.

The project’s scientific program focuses on new forms of personal information collection, on the learning of Artificial Intelligence (AI) models that preserve the confidentiality of personal information used, on data anonymization techniques, on securing personal data management systems, on differential privacy, on personal data legal protection and compliance, and all the associated societal and ethical considerations. This unifying interdisciplinary research program brings together internationally recognized research teams (from universities, engineering schools and institutions) working on privacy, and the French Data Protection Authority (CNIL).

8.2.2 YPPOG, Youth Privacy Protection in Online Gaming, DATAIA project (Sept. 2021 - Sept. 2024)

Partners: CERDI (Université Paris Saclay), LITEM (IMT-BS), PETRUS (Inria-UVSQ).

Despite its somewhat seemingly light nature, Youth Privacy Protection in Online Gaming is a very important topic in the field of Privacy. Indeed, 94% of minor children (under 18 years old) play video games, and 60% of the 10-17 year olds play online. While 68% of parent declare “to feel concerned” by the games their children play online, 12% actively monitor their children’s activities. This topic leads to several multidisciplinary questions, which are studied in the context of the YPPOG project, which groups researcher in Law (CERDI), Economics (LITEM) and Computer Science (PETRUS). First of all, consent: what does it mean for (or how can) a minor to consent ? How can the GDPR be enforced online ? Do technical solutions exist, and are they sufficient. Secondly, data processing of minor’s data: how is the data collected, what are the purposes ? Can we accompany the stakeholders of the online gaming field to help them to apply the GDPR ? The french regulator (the CNIL) is very interested in the topic, and is monitoring the advance of our project.

As stated above, our approach is multi-disciplinary, mixing computer science, to propose privacy preserving algorithms and infrastructures to manage youth online data, economy in order to understand the constraints of the gaming industry and how to take them into account when it comes to legal aspects, and finally law in order to propose procedures to help the companies move to legally compliant processes.

One example of a technical prototype, developed by PETRUS in 2022 (see the git repository) is a wrapper for the publicly available data of one of the most played games online, League of Legends (LoL). In 2023, we have extended our wrappers to many different games and gaming platforms (Fortnite, Riot, Steam, ...) and are in the process of recruiting participants for a field study to see if it is possible to train AI algorithms to detect, based on this open data, if a player is under or over 18.

9.1.1 Scientific events: selection

9.1.2 Journal

9.1.3 Invited talks

• Nicolas Anciaux: "Third-party computations on trustworthy personal data management systems", Journées Nationales 2023 du GDR Sécurité Informatique, privacy working group (GT PVP), Campus Cyber de La Défense, June 2023.
• Iulian Sandu Popa: invited tutoriel at RESSI'23 (Rendez-vous de la Recherche et de l’Enseignement de la Sécurité des Systèmes d’Information). Neuvy-sur-Barangeon, France, 2023.

9.1.4 Scientific expertise

• Nicolas Anciaux: member of the jury of the 8th edition of CNIL-Inria Privacy Award 2023.
• Luc Bouganim: Member of the selection committee (COS) for the position of professor - ENSEA Cergy.
• Luc Bouganim: Evaluator for the program : STIC, MATH & CLIMAT AMSUD
• Philippe Pucheral: Member of the selection committee (COS) for the position of professor - ENSEA Cergy.

9.1.5 Research administration

• Nicolas Anciaux: deputy scientific director (DSA) at Inria Saclay research center.
• Nicolas Anciaux: member of Inria Commission d'Evaluation.
• Nicolas Anciaux: Inria representative at U. Paris-Saclay as member of the "Comité de Direction Recherche et Valorisation" (CoDiReV) and the Conseil Académique Commission Recherche (CR du CAC).
• Nicolas Anciaux: Member of the Bureau of David lab at UVSQ.
• Iulian Sandu Popa: Member of the Technological Development Commission (CDT) at Inria de Saclay (ADT funding and SED engineer requests).
• Iulian Sandu Popa: Member of the ATER committee at UVSQ.
• Iulian Sandu Popa: Member of the Bureau of David lab at UVSQ.
• Luc Bouganim: PhD thesis referent for the Doctoral School of University Paris-Saclay
• Luc Bouganim: Member of the Scientific Commission (CS) of Inria Saclay-IDF (Cordi-S,Post-Doc, Delegation) - up to September 2023.
• Philippe Pucheral: Member of the Scientific Commission (CS) of the ISN Graduate School of Paris-Saclay University.

9.2.1 Teaching

• Philippe Pucheral: head of the M1 and M2 DataScale master program at University Paris-Saclay.
• Master: Iulian Sandu Popa, Bases de données relationnelles (niveau M1), Gestion des données spatiotemporelles (niveau M2), Sécurité des bases de données (niveau M2), 96, UVSQ, France. Philippe Pucheral, courses in M1 and M2 in databases and in security, introductory courses for jurists,UVSQ, France.
• Licence: Iulian Sandu Popa, Bases de données (niveau L2), 96, UVSQ, France.
• Engineers school: Nicolas Anciaux, Databases (ENSTA, module IN206, M1), 32, and Advanced databases (ENSTA, module ASI13, level M2), 32. Luc Bouganim, Bases de données relationnelles (ENSTA, module IN207, M1), 32.
• MOOC: Défis technologiques des villes intelligentes participatives. Co-Auteurs: Nicolas Anciaux, Stéphane Grumbach, Valérie Issarny, Nathalie Mitton, Christine Morin, Animesh Pathak et Hervé Rivano. Sessions sur la plateforme FUN en 2022. In 2023, the Mooc was extended by 1 year due (at least in part) to the forum's interest in the TIPE 2022-2023, which focused on the Mooc's theme. The Mooc will go into "archived open for registration" mode from April 2024. To date, the Mooc has 21320 registered users, with a total of 2041 badges and certificates of achievement issued since April 2019.

9.2.2 Supervision

• Defended PhD (July 19, 2023), Ludovic Javet, Requêtes distribuées respectueuses de la vie privée dans un environnement partiellement connecté, Luc Bouganim, Nicolas Anciaux and Philippe Pucheral.
• PhD in progress: Julien Mirval, DISSEC-ML : DIStributed and SECure Machine Learning on Personal Clouds, CozyCloud, since November 2020, Luc Bouganim and Iulian Sandu Popa.
• PhD in progress: Ali Ncibi, Secure machine Learning on IOT traces for daily activity discovery, Inria, since March 2023, Luc Bouganim and Philippe Pucheral.
• PhD in progress: Xinqing Li, Securing Algorithms for Classification and Machine Learning on Personal Data using Trusted Execution Environments, Inria, since October 2023, Nicolas Anciaux and Iulian Sandu Popa.
• PhD in progress: Haoying Zhang, Privacy-Enhancing Technologies for telework data sharing: an approach based on informed user consent, INSA-CVL, since Sept 2023, Nicolas Anciaux and Benjamin Nguyen.

9.2.3 Juries

• Nicolas Anciaux: reviewer of the HDR (habilitation to supervise research) defended by Omar Hasan (Insa Lyon), June 2023.
• Philippe Pucheral: president of the PhD jury of Damien Wojtowicz (U. Toulouse III), April 2023.
• Philippe Pucheral: president of the PhD jury of Nathanael Denis (Télécom SUdParis), October 2023.

9.3.1 Articles and contents

• Nicolas Anciaux, Luc Bouganim : Extensive and Secure Personal Data Management Systems. ERCIM News (Apr 20, 2023)

9.3.2 Interventions

• "Data protection and privacy" Conference, by Nicolas Anciaux, "European Heritage Days", Inria Rocquencourt, 16 Sept 2023, Journées Européennes du Patrimoine.
• "Research on Privacy-Enhencing Technologies", by Nicolas Anciaux, CHICHE! program, 1 Scientifique 1 classe, with about fifty high school students from second-year classes, 2 June 2023.

International journals

• 11 articleL.Luc Bouganim, J.Julien Loudet and I.Iulian Sandu Popa. Highly distributed and privacy-preserving queries on personal data management systems.The VLDB Journal322March 2023, 415-445HALDOI

Invited conferences

• 12 inproceedingsA.Antoine Boutet and I.Iulian Sandu Popa. Tutorial: Trusted Execution Environments and Intel SGX - a few basic notions and usages.RESSI 2023 - Rendez-vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'InformationNeuvy-sur-Barangeon, France2023HAL

International peer-reviewed conferences

• 13 inproceedingsN.Nicolas Anciaux, S.Sabine Frittella, B.Baptiste Joffroy and B.Benjamin Nguyen. Demo : Data Minimization and Informed Consent in Administrative Forms.ACM CCS 2023 - Conference on Computer and Communications SecurityCopenhagen, DenmarkNovember 2023HALDOIback to text
• 14 inproceedingsN.Nicolas Anciaux, S.Sabine Frittella, B.Baptiste Joffroy, B.Benjamin Nguyen and G.Guillaume Scerri. A new PET for Data Collection via Forms with Data Minimization, Full Accuracy and Informed Consent.EDBT27th International Conference on Extending Database Technology, EDBT 2024Paestum, ItalyMarch 2024HAL
• 15 inproceedingsL.Ludovic Javet, N.Nicolas Anciaux, L.Luc Bouganim, L.Léo Lamoureux and P.Philippe Pucheral. Pushing Edge Computing one Step Further: Resilient and Privacy-Preserving Processing on Personal Devices.EDBT 2023 - 26th International Conference on Extending Database TechnologyIoannina, GreeceMarch 2023HALDOIback to text
• 16 inproceedingsL.Ludovic Javet, N.Nicolas Anciaux, L.Luc Bouganim, L.Léo Lamoureux and P.Philippe Pucheral. Secure Computations in Opportunistic Networks: An Edgelet Demonstration with a Medical Use-Case.PerCom 2023 - 21st IEEE International Conference on Pervasive Computing and CommunicationsAtlanta, United StatesIEEEMarch 2023, 331-333HALDOIback to text
• 17 inproceedingsJ.Julien Mirval, L.Luc Bouganim and I.Iulian Sandu Popa. Federated Learning on Personal Data Management Systems: Decentralized and Reliable Secure Aggregation Protocols.SSDBM 2023 - 35th International Conference on Scientific and Statistical Database ManagementLos Angeles CA, United StatesACMJuly 2023, 1-12HALDOIback to text
• 18 inproceedingsJ.Julien Mirval, I.Iulian Sandu Popa, L.Luc Bouganim and P.Paul Tran-Van. Enabling Privacy-Preserving Data Aggregation in Networks of Personal Data Management Systems.CoopIS 2023 - Proceedings of the Demonstration Track at International Conference on Cooperative Information Systems 2023Groningen, NetherlandsNovember 2023HALback to textback to text

National peer-reviewed Conferences

• 19 inproceedingsJ.Julien Mirval, L.Luc Bouganim and I.Iulian Sandu Popa. Federated Learning on Personal Data Management Systems: Decentralized and Reliable Secure Aggregation Protocols.BDA 2023 - 39ème Conférence sur la Gestion de Données – Principes, Technologies et ApplicationsMontpellier, FranceOctober 2023, 1-12HAL

Conferences without proceedings

• 20 inproceedingsL.Ludovic Javet, N.Nicolas Anciaux, L.Luc Bouganim, L.Léo Lamoureux and P.Philippe Pucheral. Pushing Edge Computing one Step Further: Resilient and Privacy-Preserving Processing on Personal Devices.APVP 2023 - 13ème Atelier sur la Protection de la Vie PrivéeArc-et-Senans, FranceJune 2023HAL

Scientific book chapters

• 21 inbookN.Nicolas Anciaux, L.Luc Bouganim and Y.Yanli Guo. Database Encryption.Encyclopedia of Cryptography, Security and PrivacyBusiness Media LLC2023HALDOI

Doctoral dissertations and habilitation theses

• 22 thesisL.Ludovic Javet. Privacy-preserving distributed queries compatible with opportunistic networks.Université Paris-SaclayJuly 2023HALback to text