«

»

Trusted Cells Data Management Architecture

This research direction aims at designing a reference architecture for the management of personal data which incorporates Privacy-by-Design principles, and confronting it to existing use-cases. The primary objective is to gain a better understanding of architectural problems linked to privacy protection and to its enforcement along the data life (creation, capture, retention, distribution, deletion). The focus is therefore on architectural issues rather than on privacy models.

From Personal Data Server to Personal Cloud. Many personal data is automatically gathered and stored on servers by administrations, hospitals, insurance companies, etc. Citizen themselves often count on Internet companies to store their data and make them reliable and highly available through the Internet. However, these benefits must be weighed against privacy risks incurred by centralization. In a VLDB’10 paper, we proposed the design of a secure Personal Data Server building upon the emergence of new portable and secure devices. Since then, the acquisition of personal data has grown in volume and diversity quicker than ever (e.g., data captured by home sensors, GPS or quantified-self devices). Personal data is now considered as the new oil of the 21st century and is extensively exploited by few monopolistic Web majors, namely the GAFA, without informing the individuals. Besides ethical problems incurred by this situation, centralizing millions of personal records exposes the data to very sophisticated attacks, linked to a high potential benefit in case of success (millions of records being revealed). To face this situation, we proposed the vision of Trusted Cells: a global, decentralized data platform that provides security yet enables innovative applications by combining personal data servers running on secure personal devices (e.g., smart phones, set-top boxes, secure portable tokens). In this work, we argue that the advent of secure hardware in all personal IT devices, at the edges of the Internet, will trigger a sea change. Thanks to trusted cells, user’s control of how her sensitive data is shared by others (by whom, for how long, according to which rule, for which purpose) can be reestablished and convincingly enforced. Trusted cells can actually be seen as a prefiguration of a secure personal cloud platform. Indeed, the personal cloud paradigm is emerging today with the ambition to bring the control back to individuals about how their data is stored, shared and exploited but the question of how making such personal cloud secure remains largely open.

Infrastructureless data management for least developed countries. According to many studies, IT should become a key facilitator in establishing primary education, reducing mortality or supporting commercial initiatives in Least Developed Countries (LDCs). The main barrier to the development of IT services in these regions is not only the lack of communication facilities, but also the lack of consistent information systems, security procedures and economic support. To tackle this issue, we revisited the Trusted Cells vision to the context of LDCs. We proposed a new paradigm, that we call Folk-enabled Information System (Folk-IS), based on a fully decentralized and participatory approach, where each individual implements a small subset of a complete information system without the need for a shared networked infrastructure. As trusted cells, Folk-IS builds upon the emergence of highly secure, portable and low-cost storage and computing devices, called hereafter Smart Tokens. Here however, the focus is on low-cost of ownership, deployment and maintenance, and on the absence of a networked infrastructure. With Folk-IS and thanks to their smart tokens, people will transparently and opportunistically perform data management and networking tasks as they physically move, so that IT services are truly delivered by the crowd.

Confrontation to existing use-cases. An operational subset of the Trusted Cells architecture has been implemented. It is composed of a full-fledged Personal Data Server embedded in a secure hardware device and on distributed protocols allowing to communicate with external servers, to participate to distributed processing and to recover the personal data in case of failure. This prototyping work helped us to validate number of our research contributions and led to several demonstrations in major conferences like VLDB and ACM Sigmod. So far, this platform has been confronted to two real case applications, namely in the health care and the Personal Cloud context. Such confrontation provides us with a valuable feedback on our solutions and allows us to identify new research directions driven by concrete requirements.