Here the list of our actives projects, past projects can be found here.




  • Application of privacy by design to biometric access control
  • ANR – 2017-2020
  • Common project between Inria Privatics, Uness, UGA,, ENS, Theia, and Viseo.
  • Since 2013, faculties of medicine have used a shared national platform that enables
    them to carry out all of their validating exams on tablets with automatic correction. This web
    platform entitled SIDES allowed the preparation of the medical students to the Computerized
    National Classing Events (ECN) which were successfully launched in June 2016 (8000 candidates
    simultaneously throughout France). SIDES 3.0 proposes to upgrade the existing platform. Privatics
    goals in this project is to ensure that privacy is respected and correctly assessed.



  • Application of privacy by design to biometric access control
  • ANR – 2017-2020
  • Common project between Inria Privatics, Inria DIANA, EURECOM, University of Paris Sud, and CNIL.
  • The DAPCODS project gathers four renowned research teams, experts in security, privacy and digital
    economy. They are seconded by CNIL, the French data protection agency. The project aims at
    contributing along several axes:
    • by analyzing the inner working of a significant set of connected devices in terms of
    personal information leaks. This will be made possible by analyzing their data flows (and
    associated smartphone application if applicable) from outside (smartphone and/or Wifi
    network) or inside, through ondevice static and dynamic analyses. New analysis methods
    and tools will be needed, some of them leveraging on previous works when applicable;
    • by studying the device manufacturers’ privacy policies along several criteria (e.g., acces-
    sibility, precision, focus, privacy risks). In a second step, their claims will be compared
    to the actual device behavior, as observed during the test campaigns. This will enable an
    accurate and unique ranking of connected devices;
    • by understanding the underlying ecosystem, from the economical viewpoint. Data col-
    lected will make it possible to define the blurred boundaries of personal information mar-
    ket, a key aspect to set up an efficient regulation;
    • and finally, by proposing a public website that will rank those connected devices and will
    inform citizens. We will then test the impact of this information on the potential change of
    behavior of stakeholders.
    By giving transparent information of hidden behaviors, by highlighting good and bad practices, this
    project will contribute to reduce the information asymmetry of the system, to give back some control
    to the endusers, and hopefully to encourage certain stakeholders to change practices.



  • Low End-to-End Latency COmmunications
  • Inria Innovation Laboratory – 2015-2018
  • Common project between Inria Privatics, and Expway.
  • This Inria Innovation Lab aims at strengthening Expway commercial
    offer with technologies suited to real-time data transmissions, typically audio/video flows. In
    this context, the end-to-end latency must be reduced to a minimum in order to enable a high quality interaction between users, while keeping the ability to recover from packet losses that are
    unavoidable with wireless communications in harsh environments. In this collaboration we focus on
    new types of Forward Erasure Correction (FEC) codes based on a sliding encoding windows, and
    on the associated communication protocols, in particular an extension to FECFRAME (RFC6363)
    to such FEC codes. The outcomes of this work are proposed to both IETF and 3GPP standardisation
    organisations, in particular in the context of 3GPP mission critical communication services activity.
    The idea of this 3GPP activity is to leverage on the 3GPP Evolved Multimedia Broadcast Multicast
    Services (eMBMS) and on the existing Long Term Evolution (LTE) infrastructure for critical
    communications and such services as group voice transmissions, live high-definition video streams
    and large data transmissions. In this context, the advanced FEC codes studied in LEELCO offer
    a significant improvement both from the reduced latency and increased loss recovery viewpoints
    compared to the Raptor codes included in the existing standard.



  • COnsumer-centric Privacy in smart Energy gridS
  • CHISTERA – 2015-2018
  • Common project between Inria Privatics, and KTH Royal Institute of Technology.
  • Smart meters have the capability to measure and record consumption data at a high time resolution
    and communicate such data to the energy provider. This provides the opportunity to better monitor
    and control the power grid and to enable demand response at the residential level. This not only
    improves the reliability of grid operations but also constitutes a key enabler to integrate variable
    renewable generation, such as wind or solar. However, the communication of high resolution
    consumption data also poses privacy risks as such data allows the utility, or a third party, to derive
    detailed information about consumer behavior. Hence, the main research objective of COPES is
    to develop new technologies to protect consumer privacy, while not sacrificing the ”smartness”, i.e.,
    advanced control and monitoring functionalities. The core idea is to overlay the original consumption
    pattern with additional physical consumption or generation, thereby hiding the consumer privacy
    sensitive consumption. The means to achieve this include the usage of storage, small scale distributed
    generation and/or elastic energy consumptions. Hence, COPES proposes and develops a radically
    new approach to alter the physical energy flow, instead of purely relying on encryption of meter
    readings, which provides protection against third party intruders but does not prevent the use of this
    data by the energy provider.



  • User-centric PRIvacy & Security in IoT
  • CHISTERA – 2016-2019
  • Common project between Inria Privatics, and SUPSI.
  • The call states that “Traditional protection techniques are insufficient to guarantee users’ security and
    privacy within the future unlimited interconnection”: UPRISE-IoT will firstly identify the threats and
    model the behaviours in IoT world, and further will build new privacy mechanisms centred around
    the user. Further, as identified by the call “all aspects of security and privacy of the user data must
    be under the control of their original owner by means of as simple and efficient technical solutions
    as possible”, UPRISE-IoT will rise the awareness of data privacy to the users. Finally, it will deeply
    develop transparency mechanisms to “guarantee both technically and regulatory the neutrality of
    the future internet.” as requested by the call. The U-HIDE solution developed inn UPRISE-IoT
    will “empower them to understand and make their own decisions regarding their data, which is
    essential in gaining informed consent and in ensuring the take-up of IoT technologies”, using a
    methodology that includes “co-design with users to address the key, fundamental, but inter-related
    and interdisciplinary aspects of privacy, security and trust.”



  • Alpine Multidisciplinary Network on Cyber-security Studies
  • 2015-
  • Common project between Inria Privatics, and LIG/Moais, Gipsa-lab, LJK, Institut Fourier, TIMA, Vérimag, LISTIC (Pole MSTIC), CESICE, and UPMF.
  • Privatics participates to the creation of an Alpine Multidisciplinary NEtwork on CYberse-curity Studies (AMNECYS). The academic teams and laboratories participating in this project have
    already developed great expertise on encryption technologies, vulnerabilities analysis, software engi-
    neering, protection of privacy and personal data, international & European aspects of cybersecurity.
    The first project proposal (ALPEPIC ALPs-Embedded security: Protecting Iot & Critical infrastruc-
    ture) focuses on the protection of the Internet of Things (IoT) and Critical Infrastructure (CI).


Data Institute

  • Data Institute UGA
  • 2017-
  • Privatics is leading the WP5 (Data Governance, Data Protection and Privacy). This action
    (WP5) aims to analyze, in a multi-disciplinary perspective, why and how specific forms of data
    governance emerge as well as the consequences on the interaction between the state, the market and
    society. The focus will be on the challenges raised by the collection and use of data for privacy, on the
    data subjects’ rights and on the obligations of data controllers and processors. A Privacy Impact/Risk
    assessments methodology and software will be proposed. A case study will focus on medical and
    health data and make recommendations on how they should be collected and processed.


Past projects


  • Anonymous Mobile Traffic Data Generation
  • FUI – 2016-2018
  • Common project between Inria Privatics (Mathieu Cunche), CNRS LAAS, and Orange.
  • The project ADAGE aims at developing solutions for the anonymization of mobility traces produced by mobile operators.


  • Application of privacy by design to biometric access control
  • ANR – 2013-2017
  • Common project between Inria Privatics (Mathieu Cunche), Morpho, and Trusted Labs.
  • The objective of BIOPRIV is the definition of a framework for privacy by design suitable
    for the use of biometric technologies. The case study of the project is biometric access control. The
    project will follow a multidisciplinary approach considering the theoretical and technical aspects of
    privacy by design but also the legal framework for the use of biometrics and the evaluation of the
    privacy of the solutions.


  • ACDC
  • AGIR 2016 Pole MSTIC – 2016-2017
  • Common project between Inria Privatics, and UGA.
  • The objective of this project is to evaluate the security and privacy impacts of drone.
    The project targets 2 milestones: the evaluation of the possibility to tamper with the drone con-
    trol/command systems and the capacity of drone to collect private information (for instance text

Cloudy Team

  • Cloudy Team is a common projet between Inria (Claude Castelluccia), UC Berkeley (Dawn Song) and UC Irvine (Gene Tsudik).
  • Cloud computing is a form of computing where general purpose clients are used to access resources and applications managed and stored on a remote server. Cloud applications are increasingly relied upon to provide basic services like e-mail clients, instant messaging and office applications. The customers of cloud applications benefit from outsourcing the management of their computing infrastructure to a third-party cloud provider. However, this places the customers in a situation of blind trust towards the cloud provider. The customer has to assume that the “cloud” always remains confidential, available, fault-tolerant, well managed, properly backed-up and protected from natural accidents as well as intentional attacks. An inherent reason for today’s limitations of commercial cloud solutions is that end users cannot verify that servers in the cloud and the network in between are hosting and disseminating tasks and content without deleting, disclosing or modifying any content. The main goal of the Cloudy project is to study various aspects of Cloud Computing Security and Privacy.


  • The Inria-CNIL mobilitics project aims at assessing the privacy risks associated to the use of smartphones and tablets, in particular in light of personal information leakage to remote third parties. Both applications and the base OS services are considered as potential source of information leakage. More precisely, the goals are to define a platform and a methodology to identify, measure, and forecast the evolution over the time of privacy risks.


  • Initiated in 2012, the INRIA Joined Research Lab Cappris (Collaborative Action on the Protetcion of Privacy Rights in the Information Society). Cappris involves 14 individual participants spread over seven
    10 different sites (four Inria research centers, CNRS-LAAS, Eurecom and the university of Namur). The general goal of Cappris is to foster collaboration between the main research groups involved in privacy in France and the interaction between the computer science, law and social sciences communities in this area. In order to reach its goals, Cappris will carry out two kinds of actions :
  1. Joint Research Actions to investigate specific research topics following a collaborative and interdisciplinary approach. Three Joint Research Actions have been launched: the first one is dedicated to the notion of consent, the second one aims to devise a privacy reference architecture and the third one focuses on privacy assessment.
  2. Networking actions to favour the emergence of a research community on privacy and enhance the interest of researchers in this emerging field.

The outputs of the first line of actions are research results whereas the networking actions will take the form of joint events (meetings, visits, workshops, conference, summer school).

Leave a Reply