Secure personal data management for participatory sensing using trusted hardware

(this internship might lead to a PhD)

Supervision. Guillaume Scerri (, Nicolas Anciaux (, Iulian Sandu Popa ( Applications via email (CV and cover letter).                

Context. The PETRUS team designs and implements decentralized personal data management techniques aiming at allowing large user populations to collectively compute statistics with their personal data, while ensuring data confidentiality, integrity of the computations, and minimization of data exposure in the case of an attack. This is, in part, done in the spirit of the new European data protection reglementation (GDPR[1]). In 2019, the team proposed new architectures for secure decentralized computations [1-4]. These proposals rely on the hypothesis that personal cdevices (PC, smartphone, or even remote cloud virtual machine) are equipped with trusted hardware components (recent Intel CPUs equipped with « Software Guard Extensions[2] » (SGX), AMD CPUs with « Platform Security Processor[3] » (PSP), Trustzone enabled ARM CPUS, etc.). These components are typically present in most recent computing platforms. They offer data and code protection against the execution environment of the computing machine (including the operating system).               

Goal. The goal of this internship is the study of computations based on a specific type of personal data, namely “time series” produced by individuals in the context of participatory sensing[4] applications. These applications (e.g. APISENSE[5]) are typically centralized and based around a trusted server collecting data from all participating individuals, and computing statistics from these data. The objective is the design of a new participatory sensing architecture, in a way that would be respectful of data confidentiality as prescribed by the GDPR. In particular, individuals should be able to contribute to tasks while maintaining a strong guarantee that their data will not be observed nor used for anything other than the tasks they consented to. Additionally, participants should be able to withdraw its consent for any task and any time, and thus should be able to remove its contribution from the system.               

Methodology and expected results.  – Exploration of Secure Hardware (SGX in our case) as a tool for server side secure computation [5] and adaptation to time series.- Exploration of indexing techniques for querying, updating (deleting) time series produced by users contributing to participatory sensing applications [6].- Identification of expected properties of the system (usage and security), design of a storage schema and of secure indexing and querying methods, and experimental evaluation (based on SGX).               

Applicant’s expected background.– Knowledge of databases (storage schemas, indexing and query evaluation) and of cryptography/security would be greatly appreciated.- A taste for programming within secure/constrained environments would be appreciated.

References.[1] Nicolas Anciaux, Philippe Bonnet, Luc Bouganim, Benjamin Nguyen, Philippe Pucheral, Iulian Sandu Popa, Guillaume Scerri. « Personal Data Management Systems: The security and functionality standpoint ». Information Systems n°80, 2019.
[2] Nicolas Anciaux, Luc Bouganim, Philippe Pucheral, Iulian Sandu Popa, Guillaume Scerri. « Personal Database Security and Trusted Execution Environments: A Tutorial at the Crossroads ». Tutorial at PVLDB 12(12), 2019.
[3] Riad Ladjel, Nicolas Anciaux, Philippe Pucheral, Guillaume Scerri. « Trustworthy Distributed Computations on Personal Data Using Trusted Execution Environments ». TrustCom/BigDataSE, 2019.
[4] Julien Loudet, Iulian Sandu Popa, Luc Bouganim. « DISPERS: Securing Highly Distributed Queries on Personal Data Management Systems ». Demonstration at PVLDB 12(12), 2019.[5] Manuel Barbosa, Bernardo Portela, Guillaume Scerri, Bogdan Warinschi. « Foundations of Hardware-Based Attested Computation and Application to SGX », EuroS&P, 2016.
[6] Dai Hai Ton That, Iulian Sandu Popa, Karine Zeitouni, Cristian Borcea. « PAMPAS: Privacy-Aware Mobile Participatory Sensing Using Secure Probes ». SSDBM 2016.

[1] See

[2] See

[3] See

[4] See

[5] See

Comments are closed.