Privacy-aware data dissemination
in the Internet-of-Things
Respect de la vie privée dans la diffusion des données
issues de l’Internet des Objets
CRIStAL - University of Lille 1
Bâtiment M3 - Cité Scientifique
59650 Villeneuve d'Ascq - FRANCE
The Internet-of-Things (IoT) fosters the continuous dissemination of data across the Internet by sharing cyber-physical events, such as activity reports, produced by a large diversity of devices. Indeed, IoT can be expected to contain huge numbers of sensors collecting and passing on data about environmental conditions, physiological measurements, and machine operational data. In addition to the computing devices that consumers use today, such as laptops, games consoles and smartphones, there will be many devices and appliances with embedded processors running applications (so called smart things) that people make use of. Many smart things will also be capable of actuation to take physical actions as a result of application control. Smart things are envisaged to provide health care, domestic functions, entertainment and many new uses not yet identified.
Beyond the added value for the end-users, these smart things can also discard highly sensitive data that can break their privacy. More importantly, such privacy leakages can lead to the malicious exploitations of personal information by third-party stakeholders or attackers. For example, the initiative PleaseRobMe (http://pleaserobme.com) has shown in the past that the tweets published on Twitter can discard sensitive information about your daily routines and encourage thieves to burgle your house by following your tweets and detecting when you leave home. Given that the IoT actually increases the diversity and the volume of information shared online
As part of this project, we plan to focus on privacy threats observed in mobile crowdsourcing systems . Such threats appear when continuously sharing data produced by hardware sensors (e.g., GPS), and can foster the inference of sensitive information, such as the home and work locations of a user  and possibly reversing-engineering her identity. While crowdsourcing intends to consider crowd-scale measurements, their design and implementation often relies on the retrieval individual contributions, which inevitably introduce privacy leaks.
The objective of this PhD thesis is therefore to adopt a privacy-by-design approach  to build a mobile crowdsourcing solution that can benefit from the crowd to build a privacy resilient solution. In particular, we intend to study the underlying principles of existing privacy-aware infrastructures deployed on the Internet, like Freenet, Tor or Darknet. While such solutions are acknowledged to improve the privacy of stationary nodes, they cannot apply to mobile nodes, such as smartphones and tablets, which are highly ubiquitous and can come and go autonomously.
The expected outcome is a middleware solution for the privacy-aware dissemination of sensitive data using mobile devices. In particular, the resulting middleware should support the development of privacy-preserving algorithms, such as k-anonymity, by performing in-network computations.
This PhD thesis topic builds on the outcome of the PhD thesis of Nicolas Haderer, defended in 2014 , which resulted in the deployment of a mobile crowdsourcing platform, named APISENSE® (http://apisense.io), that supports the continuous monitoring of human and environmental activities in the wild. The APISENSE® platform therefore provides a suitable environment to conduct the research plan within this PhD thesis. In particular, we plan to demonstrate our research contributions by extending this platform to leverage its evaluation.
Beyond the results we already obtained on APISENSE®, we also intend to benefit from the expertise we acquired on privacy issues in the domain of Internet browsers throught the AmIUnique experiment (https://amiunique.org) to adopt appropriate protocols and algorithms to improve the privacy of end-users .
Our work plan for this PhD thesis is organized along six periods of six months (cf. figure below). While the first 6 months will be devoted to bootstrap the research activities by considering the study of the state-of-the-art in the area privacy-preserving mobile systems, the next four periods will deliver contributions in the areas of mobile device fingerprinting, data anonymization techniques, privacy-aware dissemination protocols and decentralized algorithms, respectively. The last period will focus on the delivery of the PhD manuscript and the associated PhD defense.
Beyond the proof of concept developments that will be carried on as part of this PhD thesis and published as open source software, we intend to promote the transfer our research contributions within the civil society through our APISENSE® platform, and within the industrial ecosystem through transfer collaborations.
As part of this PhD thesis, we already foresee several collaborations :