GDPR-compliant consumer oriented IOT

"The security of the IoT keeps me awake at night” Adi Shamir

The Internet's basic security and privacy protocols cannot be easily and directly applied to an IoT system for the following reasons.

  • The number of interconnected devices continues to grow in a very complex environment, with heterogeneous operating systems and devices with computational and/or power constraints.
  • IoT devices consume and generate very large amounts of data, often highly sensitive Personally Identifiable Information.
  • The evolution of networks from a closed environment with workstations protected in their server rooms, to open and collaborative networks composed by devices and sensors that are located everywhere exposed to theft and malicious intrusions.

Goals

CONSENT aims to provide cost-effective security and privacy technologies to guarantee the data protection levels established by the GDPR

On the one hand, the ambition of CONSENT is to reconcile the privacy protection for individuals enshrined in the GPDR with the mass deployment of the IoT in consumer environments. To this end, we will research, develop and demonstrate technologies for:

Efficient gathering of consumer consent for PII collection and processing, based on smart contracts

Anonymization of big data resulting from PII

On the other hand, CONSENT will develop security infrastructures that can ensure a reliable interchange and processing of data in IoT consumer environments. To this end it will:

Evolve cybersecurity technologies to detect attacks and anomalies in an heterogeneous and resource-constrained context using artificial intelligence algorithms

Define protocols for the secure interchange of data based on collaborative peer-to-peer networks and lightweight cryptographic schemes

Partners

The CRISES/URV group contribute their experience in security and privacy in mobility (with substantial research on vehicular network security); anonymization technologies (where they are world-class experts); cryptographic protocol design (they have an outstanding publication record on cryptography); internationalization (they have international PhD students and several international projects); and technology transfer (they have worked with national and international companies, including SEAT, LEAR, Huawei, Google, Yahoo!, etc.). They also have a significant size and a long experience in coordinating large research projects. This enables them to: co-ordinate the overall project, take care of the mobile IoT scenario, cover big data anonymization and provide the cryptography needed by the overall project.

The KISON/UOC group specialize in security and privacy in sensors and smart homes. Therefore, KISON/UOC are best-suited to take care of the home IoT scenario. Transversally, they contribute their expertise in monitoring and detecting cyberattacks to IoT and their experience in practical deployment of IoT platforms (they worked in Barcelona’s CityOS project). In fact, the KISON/UOC group has a long experience in developing security protocols in highly decentralized networks, including Mobile Ad-hoc Networks, Sensor Networks, Peer-to-Peer Networks, On-line Social Networks and Smart City Networks, among others. Hence, this expertise in security protocols will be focused on home IoT platforms in this proposal.

Main researchers

Josep Domingo-Ferrer

Universitat Rovira i Virgili josep.domingo (at ) urv.cat

Jordi Castellà-Roca

Universitat Rovira i Virgili jordi.castella (at ) urv.cat

David Megías

Universitat Oberta de Catalunya dmegias (at ) uoc.edu

Helena Rifà

Universitat Oberta de Catalunya hrifa (at ) uoc.edu

Publications

Indexed journals

  1. C. Anglés-Tafalla, A. Viejo, J. Castellà-Roca, M. Mut-Puigserver and M. M. Payeras-Capellà, "Security and Privacy in a Blockchain-Powered Access Control System for Low Emission Zones", IEEE Transactions on Intelligent Transportation Systems. To appear.
  2. M. Bamiloshin, A. Ben-Efraim, O. Farràs and C. Padró, "Common Information, Matroid Representation, and Secret Sharing for Matroid Ports", Designs, Codes and Cryptography, Vol. 89, pp. 143-166, Jan 2021, ISSN: 0925-1022
  3. M. Bras-Amorós, A. S. Castellanos and L. Quoos, "The Isometry-Dual Property in Flags of Two-Point Algebraic Geometry Codes", IEEE Transactions on Information Theory, Vol. 68, no. 2, pp. 828-838, Feb 2022, ISSN: 0018-9448.
  4. A. Blanco-Justicia, J. Domingo-Ferrer, S. Martínez and D. Sánchez, "Machine learning explainability via microaggregation and shallow decision trees", Knowledge-Based Systems, Vol. 194, no. 105532, Apr 2020, ISSN: 0950-7051.
  5. A. Blanco-Justicia, J. Domingo-Ferrer, S. Martínez, D. Sánchez, A. Flanagan and K. E. Tan, "Achieving security and privacy in federated learning systems: survey, research challenges and future directions", Engineering Applications of Artificial Intelligence, Vol. 106, 104468, Nov 2021, ISSN: 0952-1976. [1er decil]
  6. A. Beimel, O. Farràs, Y. Mintz and N. Peter, "Linear Secret-Sharing Schemes for Forbidden Graph Access Structures", IEEE Transactions on Information Theory, Vol. 68, no. 3, pp. 2083-2100, Mar 2022, ISSN: 0018-9448.
  7. A. Blanco-Justicia, D. Sánchez, J. Domingo-Ferrer and K. Muralidhar, "A critical review on the use (and misuse) of differential privacy in machine learning", ACM Computing Surveys. To Appear. [1er decil]
  8. J. Domingo-Ferrer and A. Blanco-Justicia, "Ethical Value-Centric Cybersecurity: A Methodology Based on a Value Graph", Science and Engineering Ethics, Vol. 11713, no. 11, pp. 1267-1285, Jun 2020, ISSN: 1353-3452. [1er decil]
  9. J. Domingo-Ferrer, A. Blanco-Justicia, J. Manjón and D. Sánchez, "Secure and privacy-preserving federated learning via co-utility", IEEE Internet of Things Journal, Vol. 9, no. 5, pp. 3988-4000, Mar 2022, ISSN: 2327-4662. [1er decil]
  10. J. Domingo-Ferrer and J. A. Manjón, "Circuit-Free General-Purpose Multi-Party Computation via Co-Utile Unlinkable Outsourcing", IEEE Transactions on Dependable and Secure Computing. To Appear. [1er decil]
  11. J. Domingo-Ferrer, K. Muralidhar and M. Bras-Amorós, "General confidentiality and utility metrics for privacy-preserving data publishing based on the permutation model'", IEEE Transactions on Dependable and Secure Computing, Vol. 18, no. 5, pp. 2506-2517, Sep 2021, ISSN: 1545-5971. [1er decil]
  12. J. Domingo-Ferrer, S. Martínez and D. Sánchez, "Decentralized k-anonymization of trajectories via privacy-preserving tit-for-tat", Computer Communications, Vol. 190, pp. 57-68, Jun 2022, ISSN: 0140-3664.
  13. J. Domingo-Ferrer and J. Soria-Comas, "Multi-dimensional randomized response", IEEE Transactions on Knowledge and Data Engineering, Vol. 34, no. 10, pp. 4933-4946, Oct 2022, ISSN: 1041-4347. [1er decil]
  14. J. Domingo-Ferrer, D. Sánchez and A. Blanco-Justicia, "The limits of differential privacy (and its misuse in data release and machine learning)", Communications of the ACM, Vol. 64, no. 7, pp. 33-35, Jul 2021, ISSN: 0001-0782. [1er decil]
  15. J. Domingo-Ferrer, J. Soria-Comas and R. Mulero-Vellido, "Steered microaggregation as a unified primitive to anonymize data sets and data streams", IEEE Transactions on Information Forensics and Security, Vol. 14, no. 12, pp. 3298-3311, Oct 2019, ISSN: 1556-6013. [1er decil]
  16. J. Domingo-Ferrer, D. Sánchez, S. Ricci and M. Muñoz-Batista, "Outsourcing Analyses on Privacy-Protected Multivariate Categorical Data Stored in Untrusted Clouds", Knowledge and Information Systems, Vol. 62, pp. 2301-2326, Feb 2020, ISSN: 0219-1377.
  17. O. Farràs, "Secret Sharing Schemes for Ports of Matroids of Rank 3", Kybernetika, Vol. 56, no. 5, pp. 903-915, Sep 2020, ISSN: 0023-5954.
  18. O. Farràs, T. Kaced, S. Martín Molleví and C. Padró, "Improving the Linear Programming Technique in the Search for Lower Bounds in Secret Sharing", IEEE Transactions on Information Theory, Vol. 66, no. 11, pp. 7088-7100, Jun 2020, ISSN: 0018-9448.
  19. O. Farràs and J. Ribes-González, "Provably secure public-key encryption with conjunctive and subset keyword search", International Journal of Information Security, Vol. 18, no. 5, pp. 533-548, Oct 2019, ISSN: 1615-5262.
  20. O. Farràs, J. Ribes-González and S. Ricci, "Privacy-preserving data splitting: a combinatorial approach", Designs, Codes and Cryptography, Vol. 89, pp. 1735-1756, May 2021, ISSN: 0925-1022.
  21. F. Hassan, D. Sánchez and J. Domingo-Ferrer, "Utility-Preserving Privacy Protection of Textual Documents via Word Embeddings", IEEE Transactions on Knowledge and Data Engineering. To Appear. [1er decil]
  22. R. Haffar, D. Sánchez and J. Domingo-Ferrer, "Explaining predictions and attacks in federated learning via random forests", Applied Intelligence. To Appear.
  23. N.Jebreel, J. Domingo-Ferrer, A. Blanco-Justicia and D. Sánchez, "Enhanced Security and Privacy via Fragmented Federated Learning", IEEE Transactions on Neural Networks and Learning Systems. To Appear. [1er decil]
  24. N. Jebreel, J. Domingo-Ferrer, D. Sánchez and A. Blanco-Justicia, "KeyNet: An Asymmetric Key-Style Framework for Watermarking Deep Learning Models", Applied Sciences, Vol. 11, no. 3, Apr 2021, ISSN: 2076-3417.
  25. M. Nanni, G. Andrienko, A. Barabási, C. Boldrini, F. Bonchi, C. Cattuto, F. Chiaromonte, G. Commandé, M. Conti, M. Coté, F. Dignum, V. Dignum, J. Domingo-Ferrer et al, "Give more data, awareness and control to individual citizens, and they will help COVID-19 containment", Ethics and Information Technology, Vol. 23, pp. 1-6, Feb 2021, ISSN: 1388-1957.
  26. M. Núñez del Prado, Y. Maehara Aliaga, J. Salas, H. Alatrista Salas, D. Megías, "A Graph-Based Differentially Private Algorithm for Mining Frequent Sequential Patterns". Applied Sciences, vol. 12, no. 4, pp. 1-13. 2022.
  27. D. Pàmies-Estrems, J. Castellà-Roca and J. Garcia-Alfaro, "A Real-Time Query Log Protection Method for Web Search Engines", IEEE Access, Vol. 8, pp. 87393-87413, May 2020, ISSN: 2169-3536.
  28. J. Parra-Arnau, J. Domingo-Ferrer and J. Soria-Comas, "Differentially Private Data Publishing via Cross-Moment Microaggregation", Information Fusion, Vol. 53, pp. 269-288, Jan 2020, ISSN: 1566-2535. [1er decil]
  29. M. Rodríguez-García, M. Batet, D. Sánchez and A. Viejo, "Privacy protection of user profiles in online search via semantic randomization", Knowledge and Information Systems, Vol. 63, pp. 2455-2477, Jul 2021, ISSN: 0219-1377.
  30. D. Sánchez, S. Martínez, J. Domingo-Ferrer, J. Soria-Comas and M. Batet, "µ-ANT: semantic microaggregation-based anonymization tool", Bioinformatics, Vol. 36, no. 5, pp. 1652-1653, Mar 2020, ISSN: 1367-4803. [1er decil]
  31. D. Sánchez, A. Viejo and M. Batet, "Automatic Assessment of Privacy Policies under the GDPR", Applied Sciences, Vol. 11, pp. 1762-1773, Feb 2021, ISSN: 2076-3417.
  32. A. Viejo and D. Sánchez, "Secure monitoring in IoT-based services via fog orchestration", Future Generation Computer Systems, Vol. 107, pp. 443-457, Feb 2020, ISSN: 0167-739X. [1er decil]

Conference papers

  1. B. Applebaum, A. Beimel, O. Farràs, O. Nir and N. Peter, "Secret-Sharing Schemes for General and Uniform Access Structures", Lecture Notes in Computer Science, Vol. 11478 (Advances in Cryptology – EUROCRYPT 2019), pp. 441-471, Apr 2019, ISSN: 0302-9743. [CORE A*]
  2. C. Angles-Tafalla. J. Castellà-Roca and A. Viejo, "Privacy-Preserving and Secure Decentralized Access Control System for Low Emission Zones", IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, Paris, France, In IEEE INFOCOM 2019 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), ISBN: 978-1-7281-1879-6, May 2019.
  3. C. Anglès-Tafalla, S. Ricci, P. Dzurenda, J. Hajny, J. Castellà-Roca, and A. Viejo, "Decentralized privacy-preserving access for low emission zones", SECRYPT 2019, Prague, Czech Republic, In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT, pp. 485-491, ISBN: 978-989-758-378-0, Jul 2019.
  4. A. Blanco-Justicia and J. Domingo-Ferrer, "Privacy-preserving computation of the earth mover's distance", Information Security Conference-ISC 2020, Bali (Indonesia), In Lecture Notes in Computer Science, vol. 12472, pp. 406-423, ISBN: 978-3-030-62973-1, Dec 2020.
  5. A. Beimel and O. Farràs, "The Share Size of Secret-Sharing Schemes for Almost All Access Structures and Graphs", Theory of Cryptography Conference - TCC2020, In Lecture Notes in Computer Science, vol. 12552, pp. 499-529, ISBN: 978-3-030-64380-5, Nov 2020. [CORE A]
  6. A. Blanco-Justicia, N. Jebreel, J. A. Manjón and J. Domingo-Ferrer, "Generation of Synthetic Trajectory Microdata from Language Models", Privacy in Statistical Databases-PSD 2022, Paris, France, In Lecture Notes in Computer Science vol. 13463, pp. 172-187, ISBN: 0302-9743, Sep 2022.
  7. M. Bras-Amorós, “On the seeds and the great-grandchildren of a numerical semigroup, INdAM workshop: International meeting on numerical semigroups - Roma 2022. Jun 2022.
  8. J. Domingo-Ferrer and A. Blanco-Justicia, "Towards output checking assisted by machine learning for statistical disclosure control", Modeling Decisions for Artificial Intelligence-MDAI2021, Umea, Sweden, In Lecture Notes in Computer Science vol. 12898, pp. 323-334, ISBN: 978-3-030-85528-4, Sep 2021.
  9. J. Domingo-Ferrer and A. Blanco-Justicia, “Using machine learning to assist output checking”, in 2021 Joint UNECE/Eurostat Expert Meeting on Statistical Data Confidentiality, Poznan, Poland, Dec. 1-3, 2021.
  10. J. Domingo-Ferrer, A. Blanco-Justicia, D. Sánchez and N. Jebreel, "Co-utile peer-to-peer decentralized computing", 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing - CCGrid 2020, Melbourne, Australia, In Proceedings of 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing - CCGrid 2020, pp. 31-40, ISBN: 978-1-7281-6095-5, Jun 2020. [CORE A]
  11. C. Daudén-Esmel, J. Castellà-Roca, A.Viejo and J. Domingo-Ferrer, "Lightweight blockchain-based platform for GDPR-compliance personal data", CSP 2021, Zhuhai, China, In 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP), pp. 68-73, ISBN: 978-1-7281-8621-4, Jan 2021.
  12. C. Daudén-Esmel, J.Castellà-Roca and A. Viejo, "Sistema para la gestión automática de las políticas de privacidad y uso de las cookies", XVII Reunión Española sobre Criptología y Seguridad de la Información - RECSI 2022, Santander, Spain, Oct 2022.
  13. J. Domingo-Ferrer, "Personal big data, GDPR and anonymization", Lecture Notes in Computer Science, Vol. 11529 (Flexible Query Answering Systems-FQAS 2019), pp. 7-10, Jul 2019, ISSN: 0302-9743.
  14. J. Domingo-Ferrer, "Tit-for-Tat Disclosure of a Binding Sequence of User Analyses in Safe Data Access Centers", Privacy in Statistical Databases-PSD 2022, Paris, France, In Lecture Notes in Computer Science vol. 13463, pp. 133-141, ISBN: 0302-9743, Sep 2022.
  15. J. Domingo-Ferrer, "Ethics by design in decentralized computing", European Interdisciplinary Cybersecurity Conference - EICC 2022, Barcelona, Spain, In EICC 2022: Proccedings of the European Interdisciplinary Cybersecurity Conference, pp. 111-113, ISBN: 978-1-4503-9603-5, Jun 2022.
  16. Josep Domingo-Ferrer and Jordi Soria-Comas, “Randomized response for big data: dimensionality mitigation with minimum accuracy loss”, in Euro 2019, Dublin, Ireland, June 24-27, 2019.
  17. J. Domingo-Ferrer and J. Soria-Comas, "Multi-dimensional randomized response", 38th IEEE International Conference on Data Engineering-ICDE 2022, Kuala Lumpur, Malaysia, In 2022 IEEE 38th International Conference on Data Engineering (ICDE), pp. 1517-1518, ISBN: 978-1-6654-0883-7, May 2022. [CORE A*]
  18. O. Farràs, "Improving the Linear Programming Technique in the Search for Lower Bounds in Secret Sharing", Congreso Bienal de la Real Sociedad Matemática Española, Santander, Spain, Feb 2019
  19. O. Farràs, "Secret-Sharing Schemes for General Access Structures", V congreso de jóvenes investigadores RSME, Castelló, Spain, Jan 2020.
  20. O. Farràs, "Linear Programming Technique in the Search for Lower Bounds in Secret Sharing" at Algorithmic Aspects of Information Theory, Dagstuhl, July 24, 2022.
  21. R. Haffar, J. Domingo-Ferrer and D. Sánchez, "Explaining misclassification and attacks in deep learning via random forests", Modeling Decisions for Artificial Intelligence-MDAI 2020, Sant Cugat del Vallès (Catalonia), In Lecture Notes in Computer Science vol. 12256, pp. 273-285, ISBN: 0302-9743, Sep 2020.
  22. R. Haffar, N. Jebreel, J. Domingo-Ferrer and D. Sánchez, "Explaining Image Misclassification in Deep Learning via Adversarial Examples", Modeling Decisions for Artificial Intelligence-MDAI2021, Umea, Sweden, In Lecture Notes in Computer Science vol. 12898, pp. 323-334, ISBN: 978-3-030-85528-4, Sep 2021.
  23. R. Haffar, A. Khandpur Singh, J. Domingo-Ferrer and N. Jebreel, "Measuring fairness in machine learning models via counterfactual examples", Modeling Decisions for Artificial Intelligence-MDAI2022, Sant Cugat, Espanya, In Lecture Notes in Computer Science vol. 13408, pp. 119-131, ISBN: 978-3-031-13447-0, Sep 2022.
  24. F. Hassan, D. Sánchez, J. Soria-Comas and J. Domingo-Ferrer, "Automatic Anonymization of Textual Documents: Detecting Sensitive Information via Word Embeddings", 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom2019), Roturoa, New Zealand, Aug 2019. [CORE A]
  25. N. Jebreel, A. Blanco-Justicia, D. Sánchez and J. Domingo-Ferrer, "Efficient detection of Byzantine attacks in federated learning using last layer biases", Modeling Decisions for Artificial Intelligence-MDAI 2020, Sant Cugat del Vallès, Catalonia, In Lecture Notes in Computer Science vol. 12256, pp. 154-165, ISBN: 0302-9743, Sep 2020.
  26. N. Jebreel, R. Haffar, A. Khandpur Singh, D. Sánchez, J. Domingo-Ferrer and A.Blanco-Justicia, "Detecting bad answers in survey data through unsupervised machine learning", Privacy in Statistical Databases-PSD 2020, Tarragona, Spain, In Lecture Notes in Computer Science vol. 12276, pp. 309-320, ISBN: 0302-9743, Sep 2020.
  27. A. Khandpur Singh, A. Blanco-Justicia, J. Domingo-Ferrer, D. Sánchez and D. Rebollo-Monedero, "Fair detection of poisoning attacks in federated learning", ICTAI 2020, Baltimore (USA), In 2020 IEEE 32nd International Conference on Tools with Artificial Intelligence (ICTAI), pp. 224-229, ISBN: 978-1-7281-9228-4, Nov 2020
  28. V. Kostalabros, J. Ribes-González, O. Farràs, M. Moreto and C. Hernandez, "HLS-Based HW/SW Co-Design of the Post-Quantum Classic McEliece Cryptosystem", FPL2021: Internacional Conference on field-programmable logic and applications, Sep 2021.
  29. K. Muralidhar and J. Domingo-Ferrer, “Database reconstruction is very difficult in practice!”, in 2021 Joint UNECE/Eurostat Expert Meeting on Statistical Data Confidentiality, Poznan, Poland, Dec. 1-3, 2021.
  30. K. Muralidhar, J. Domingo-Ferrer and S. Martínez, "ε-Differential privacy for microdata releases does not guarantee confidentiality (let alone utility)", Privacy in Statistical Databases-PSD 2020, Tarragona, Spain, In Lecture Notes in Computer Science vol. 12276, pp. 21-31, ISBN: 0302-9743, Sep 2020.
  31. B. Manzanares-Salor, D. Sánchez and P. Lison, "Automatic Evaluation of Disclosure Risks of Text Anonymization Methods", Privacy in Statistical Databases-PSD 2022, Paris, France, In Lecture Notes in Computer Science vol. 13463, pp. 157-171, ISBN: 0302-9743, Sep 2022.
  32. M. Núñez del Prado, J. Salas, H. Alatrista Salas, Y. Maehara Aliaga, D. Megías, “Are Sequential Patterns Shareable? Ensuring Individuals’ Privacy”, Modeling Decisions for Artificial Intelligence-MDAI2021, Umea, Sweden, In Lecture Notes in Computer Science vol. 12898, pp. 28-39, ISBN: 978-3-030-85528-4, Sep 2021. [intergroups]
  33. M. M. Payeras, M. A. Cabot-Nadal, M. Mut Puigserver and J. Castellà-Roca, "Protocolo Basado en Blockchain para la Gestión de Canales para Microcompras Equitativas", XV Jornadas de Ingeniería Telemática (JITEL 2021), A Coruña, Oct 2021.
  34. Nicolas Ruiz and J. Domingo-Ferrer, “Bistochastic anonymization: a unifying approach to anonymization”, in 2019 Joint UNECE/Eurostat Work Session on Statistical Data Confidentiality, The Hague, The Netherlands, Oct. 29-31, 2019.
  35. N. Ruiz and J. Domingo-Ferrer, "Bistochastic privacy", Modeling Decisions for Artificial Intelligence-MDAI2022, Sant Cugat, Espanya, In Lecture Notes in Computer Science vol. 13408, pp. 53-67, ISBN: 978-3-031-13447-0, Sep 2022.
  36. J. Ribes-González, O. Farràs, C. Hernández, V. Kostalabros and M. Moretó, "A Security Model for Randomization-based Protected Caches", Conference on Cryptographic Hardware and Embedded Systems - CHES2022, Leuven, Belgium, In IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(3), pp. 1-25, ISBN: ISSN 2569-2925, Sep 2022. [CORE A]
  37. Bastian Stölb and J. Domingo-Ferrer, “Protecting consumer privacy in smart metering by randomized response”, in 2019 Joint UNECE/Eurostat Work Session on Statistical Data Confidentiality, The Hague, The Netherlands, Oct. 29-31, 2019.
  38. J. Soria-Comas and J. Domingo-Ferrer, "Mitigating the curse of dimensionality in data anonymization", Lecture Notes in Computer Science, Vol. 11676 (Modeling Decisions for Artificial Intelligence-MDAI 2019), pp. 346-355, Sep 2019, ISSN: 0302-9743.
  39. J. Soria-Comas, J. Domingo-Ferrer and R. Mulero, "Efficient near-optimal variable-size microaggregation", Lecture Notes in Computer Science, Vol. 11676 (Modeling Decisions for Artificial Intelligence-MDAI 2019), pp. 333-345, Sep 2019, ISSN: 0302-9743.