Here the list of our actives projects, past projects can be found here.
SIDES 3.0
- Application of privacy by design to biometric access control
- ANR – 2017-2020
- Common project between Inria Privatics, Uness, UGA,, ENS, Theia, and Viseo.
- Since 2013, faculties of medicine have used a shared national platform that enables
them to carry out all of their validating exams on tablets with automatic correction. This web
platform entitled SIDES allowed the preparation of the medical students to the Computerized
National Classing Events (ECN) which were successfully launched in June 2016 (8000 candidates
simultaneously throughout France). SIDES 3.0 proposes to upgrade the existing platform. Privatics
goals in this project is to ensure that privacy is respected and correctly assessed.
DAPCODS/IOTics
- Application of privacy by design to biometric access control
- ANR – 2017-2020
- Common project between Inria Privatics, Inria DIANA, EURECOM, University of Paris Sud, and CNIL.
- The DAPCODS project gathers four renowned research teams, experts in security, privacy and digital
economy. They are seconded by CNIL, the French data protection agency. The project aims at
contributing along several axes:
• by analyzing the inner working of a significant set of connected devices in terms of
personal information leaks. This will be made possible by analyzing their data flows (and
associated smartphone application if applicable) from outside (smartphone and/or Wifi
network) or inside, through ondevice static and dynamic analyses. New analysis methods
and tools will be needed, some of them leveraging on previous works when applicable;
• by studying the device manufacturers’ privacy policies along several criteria (e.g., acces-
sibility, precision, focus, privacy risks). In a second step, their claims will be compared
to the actual device behavior, as observed during the test campaigns. This will enable an
accurate and unique ranking of connected devices;
• by understanding the underlying ecosystem, from the economical viewpoint. Data col-
lected will make it possible to define the blurred boundaries of personal information mar-
ket, a key aspect to set up an efficient regulation;
• and finally, by proposing a public website that will rank those connected devices and will
inform citizens. We will then test the impact of this information on the potential change of
behavior of stakeholders.
By giving transparent information of hidden behaviors, by highlighting good and bad practices, this
project will contribute to reduce the information asymmetry of the system, to give back some control
to the endusers, and hopefully to encourage certain stakeholders to change practices.
LEELCO
- Low End-to-End Latency COmmunications
- Inria Innovation Laboratory – 2015-2018
- Common project between Inria Privatics, and Expway.
- This Inria Innovation Lab aims at strengthening Expway commercial
offer with technologies suited to real-time data transmissions, typically audio/video flows. In
this context, the end-to-end latency must be reduced to a minimum in order to enable a high quality interaction between users, while keeping the ability to recover from packet losses that are
unavoidable with wireless communications in harsh environments. In this collaboration we focus on
new types of Forward Erasure Correction (FEC) codes based on a sliding encoding windows, and
on the associated communication protocols, in particular an extension to FECFRAME (RFC6363)
to such FEC codes. The outcomes of this work are proposed to both IETF and 3GPP standardisation
organisations, in particular in the context of 3GPP mission critical communication services activity.
The idea of this 3GPP activity is to leverage on the 3GPP Evolved Multimedia Broadcast Multicast
Services (eMBMS) and on the existing Long Term Evolution (LTE) infrastructure for critical
communications and such services as group voice transmissions, live high-definition video streams
and large data transmissions. In this context, the advanced FEC codes studied in LEELCO offer
a significant improvement both from the reduced latency and increased loss recovery viewpoints
compared to the Raptor codes included in the existing standard.
COPES
- COnsumer-centric Privacy in smart Energy gridS
- CHISTERA – 2015-2018
- Common project between Inria Privatics, and KTH Royal Institute of Technology.
- Smart meters have the capability to measure and record consumption data at a high time resolution
and communicate such data to the energy provider. This provides the opportunity to better monitor
and control the power grid and to enable demand response at the residential level. This not only
improves the reliability of grid operations but also constitutes a key enabler to integrate variable
renewable generation, such as wind or solar. However, the communication of high resolution
consumption data also poses privacy risks as such data allows the utility, or a third party, to derive
detailed information about consumer behavior. Hence, the main research objective of COPES is
to develop new technologies to protect consumer privacy, while not sacrificing the ”smartness”, i.e.,
advanced control and monitoring functionalities. The core idea is to overlay the original consumption
pattern with additional physical consumption or generation, thereby hiding the consumer privacy
sensitive consumption. The means to achieve this include the usage of storage, small scale distributed
generation and/or elastic energy consumptions. Hence, COPES proposes and develops a radically
new approach to alter the physical energy flow, instead of purely relying on encryption of meter
readings, which provides protection against third party intruders but does not prevent the use of this
data by the energy provider.
UPRISE-IoT
- User-centric PRIvacy & Security in IoT
- CHISTERA – 2016-2019
- Common project between Inria Privatics, and SUPSI.
- The call states that “Traditional protection techniques are insufficient to guarantee users’ security and
privacy within the future unlimited interconnection”: UPRISE-IoT will firstly identify the threats and
model the behaviours in IoT world, and further will build new privacy mechanisms centred around
the user. Further, as identified by the call “all aspects of security and privacy of the user data must
be under the control of their original owner by means of as simple and efficient technical solutions
as possible”, UPRISE-IoT will rise the awareness of data privacy to the users. Finally, it will deeply
develop transparency mechanisms to “guarantee both technically and regulatory the neutrality of
the future internet.” as requested by the call. The U-HIDE solution developed inn UPRISE-IoT
will “empower them to understand and make their own decisions regarding their data, which is
essential in gaining informed consent and in ensuring the take-up of IoT technologies”, using a
methodology that includes “co-design with users to address the key, fundamental, but inter-related
and interdisciplinary aspects of privacy, security and trust.”
- Alpine Multidisciplinary Network on Cyber-security Studies
- 2015-
- Common project between Inria Privatics, and LIG/Moais, Gipsa-lab, LJK, Institut Fourier, TIMA, Vérimag, LISTIC (Pole MSTIC), CESICE, and UPMF.
- Privatics participates to the creation of an Alpine Multidisciplinary NEtwork on CYberse-curity Studies (AMNECYS). The academic teams and laboratories participating in this project have
already developed great expertise on encryption technologies, vulnerabilities analysis, software engi-
neering, protection of privacy and personal data, international & European aspects of cybersecurity.
The first project proposal (ALPEPIC ALPs-Embedded security: Protecting Iot & Critical infrastruc-
ture) focuses on the protection of the Internet of Things (IoT) and Critical Infrastructure (CI).
Data Institute
- Data Institute UGA
- 2017-
- Common project between Inria Privatics, and TIMC-IMAG, AGEIS, BIG, CESICE, GIN, GIPSA-lab, IAB, IGE, IPAG, LAPP, LARHRA, LIDILEM, LIG, LISTIC, LITT&ArTS, LJK, LUHCIE, LECA, OSUG, and PACTE.
- Privatics is leading the WP5 (Data Governance, Data Protection and Privacy). This action
(WP5) aims to analyze, in a multi-disciplinary perspective, why and how specific forms of data
governance emerge as well as the consequences on the interaction between the state, the market and
society. The focus will be on the challenges raised by the collection and use of data for privacy, on the
data subjects’ rights and on the obligations of data controllers and processors. A Privacy Impact/Risk
assessments methodology and software will be proposed. A case study will focus on medical and
health data and make recommendations on how they should be collected and processed.
Past projects
ADAGE
- Anonymous Mobile Traffic Data Generation
- FUI – 2016-2018
- Common project between Inria Privatics (Mathieu Cunche), CNRS LAAS, and Orange.
- The project ADAGE aims at developing solutions for the anonymization of mobility traces produced by mobile operators.
- Application of privacy by design to biometric access control
- ANR – 2013-2017
- Common project between Inria Privatics (Mathieu Cunche), Morpho, and Trusted Labs.
- The objective of BIOPRIV is the definition of a framework for privacy by design suitable
for the use of biometric technologies. The case study of the project is biometric access control. The
project will follow a multidisciplinary approach considering the theoretical and technical aspects of
privacy by design but also the legal framework for the use of biometrics and the evaluation of the
privacy of the solutions.
ACDC
- ACDC
- AGIR 2016 Pole MSTIC – 2016-2017
- Common project between Inria Privatics, and UGA.
- The objective of this project is to evaluate the security and privacy impacts of drone.
The project targets 2 milestones: the evaluation of the possibility to tamper with the drone con-
trol/command systems and the capacity of drone to collect private information (for instance text
recognition).
- Cloudy Team is a common projet between Inria (Claude Castelluccia), UC Berkeley (Dawn Song) and UC Irvine (Gene Tsudik).
- Cloud computing is a form of computing where general purpose clients are used to access resources and applications managed and stored on a remote server. Cloud applications are increasingly relied upon to provide basic services like e-mail clients, instant messaging and office applications. The customers of cloud applications benefit from outsourcing the management of their computing infrastructure to a third-party cloud provider. However, this places the customers in a situation of blind trust towards the cloud provider. The customer has to assume that the “cloud” always remains confidential, available, fault-tolerant, well managed, properly backed-up and protected from natural accidents as well as intentional attacks. An inherent reason for today’s limitations of commercial cloud solutions is that end users cannot verify that servers in the cloud and the network in between are hosting and disseminating tasks and content without deleting, disclosing or modifying any content. The main goal of the Cloudy project is to study various aspects of Cloud Computing Security and Privacy.
- The Inria-CNIL mobilitics project aims at assessing the privacy risks associated to the use of smartphones and tablets, in particular in light of personal information leakage to remote third parties. Both applications and the base OS services are considered as potential source of information leakage. More precisely, the goals are to define a platform and a methodology to identify, measure, and forecast the evolution over the time of privacy risks.
- Initiated in 2012, the INRIA Joined Research Lab Cappris (Collaborative Action on the Protetcion of Privacy Rights in the Information Society). Cappris involves 14 individual participants spread over seven
10 different sites (four Inria research centers, CNRS-LAAS, Eurecom and the university of Namur). The general goal of Cappris is to foster collaboration between the main research groups involved in privacy in France and the interaction between the computer science, law and social sciences communities in this area. In order to reach its goals, Cappris will carry out two kinds of actions :
- Joint Research Actions to investigate specific research topics following a collaborative and interdisciplinary approach. Three Joint Research Actions have been launched: the first one is dedicated to the notion of consent, the second one aims to devise a privacy reference architecture and the third one focuses on privacy assessment.
- Networking actions to favour the emergence of a research community on privacy and enhance the interest of researchers in this emerging field.
The outputs of the first line of actions are research results whereas the networking actions will take the form of joint events (meetings, visits, workshops, conference, summer school).