Talks of the Information Security Group

To enforce collaboration within the Information Security Group and with external groups, we regularly hold research talks.

 

Research Opportunities

Applications are invited for prospective PhD and MS candidates interested in conducting research on privacy in information systems, under the supervision of Prof. Jordi Forné and Dr. David Rebollo-Monedero, in collaboration with the Information Security Group, within the Department of Telematics Engineering, at the Technical University of Catalonia (Universitat Politècnica de Catalunya, UPC). Applicants must be citizens of the European Union.

The following proposal is outlined as follows:

  • Privacy in Information Systems (Motivation)
  • Research Objectives
  • Candidate's Profile & Learning Objectives
  • Contact & Additional Information 

Funding

IMPORTANT UPDATE: Unfortunately, we are currently unable to provide funding. 

Privacy in Information Systems

The right to privacy was recognized as early as 1948 by the United Nations in the Universal Declaration of Human Rights, Article 12. With the advent of the Internet of Things (IoT), according to which the Internet connectivity paradigm shifts towards almost every object of everyday life, privacy will undeniably become as crucial as ever. In this spirit we consider the particular example of location-based services (LBSs), for whose proper deployment privacy is of paramount importance.

Suppose that a trusted third party (TTP) is available as an intermediary between the user and the LBS provider, as depicted in Fig. 1.

Fig. 1. Trusted third party between user and LBS provider.

Then, the user ID may simply trust the TTP to hide the ID from the service provider, while the provider may trust the TTP to accept queries only from authorized users. In scenarios where a preexistent infrastructure is hardly feasible, an alternative solution to private LBSs consists in perturbing the location information, as shown in Fig. 2.

Fig. 2. Location perturbation in LBSs.

In this situation, there is a trade-off between privacy and data utility, and since the service provider knows the user ID, the query (and the reply) is still vulnerable to statistical analysis. Perturbative methods can in fact be applied to a wide variety of scenarios beyond LBSs where the user's privacy is at risk, such us databases, Internet search engines and collaborative networks.

Research Objectives

The general objective of our research proposal is to contribute to the development of perturbative methods for privacy in information systems, carrying out some of the tasks below:

  • Motivation. Show the applicability of the method within any of the scenarios described next.
  • Formulation. Establish mathematical criteria to measure privacy on the one hand, and on the other, data utility, distortion, or any measure of modification, suppression or forgery.
  • Theoretical analysis. Investigate the optimal privacy-utility trade-off.
  • Experimentation and discussion. Compare the methods proposed to other in the state-of-the-art literature, theoretically and experimentally.

Applications

The fields of application of our research include:

  • LBSs. Introduced above.
  • Private information retrieval (PIR). Commonly, PIR is understood as a set of cryptographic methods to enable a user to privately retrieve the contents of a database, indexed by a memory address sent by the user, in the sense that it is not feasible for the database provider to ascertain which of the entries was retrieved. We regard PIR more generally as an extension of LBS privacy to any sort of querying system, where there is a risk that users might be profiled on the basis of the content of their queries and their activity.
  • Statistical disclosure control (SDC). We consider microdata sets carrying information on individual responders. In general, the data sets contains key attributes or quasi-identifiers, namely attributes that may be linked with external information to identify the respondents to whom the records in the microdata set refer. Examples are job, address, age and gender. Additionally, the data set contains confidential attributes with sensitive information on the respondent, such as salary, religion, political affiliation or health condition. Perturbation of the key attributes enables us to preserve privacy to a certain extent, at the cost of losing some of the data utility with respect to the unperturbed version. An example is depicted in Fig. 3.

Fig. 3. Microaggregation of key attributes.
  •  Collaboration networks such as P2P networks.Users would like to exchange as little profile information as needed to know whether they share common interests or not.

Theory

The key theoretical aspects of the research to be conducted might draw upon any of the following concepts:

  • Application of information theory and statistics to the establishment of criteria and measures of privacy and data utility.
  • Consideration of deterministic and randomized quantization as main strategies for data perturbation, reusing ideas from information theory and source coding theory.
  • Investigation of the impact of data forgery and suppression.

Candidate's Profile & Learning Objectives

We seek a prospective PhD candidate with at least an upper BS degree (or equivalent), ideally in Electrical Engineering, Computer Science or Mathematics, with an outstanding academic record, perfectly comfortable with mathematics and statistics, and with an excellent command of English. Applicants must be citizens of the European Union.

Academic Background 

Although no particular prior academic knowledge is absolutely required, we assume the candidate's willingness and ability to develop a solid background on the subjects of probability and statistics, information theory, linear algebra and convex optimization.

Software Tools

Once more, no specific knowledge of a programming tool is required, only the willingness to learn. We commonly simulate and experiment with Matlab, Mathematica and, on occasion, C.

Contact & Additional Information

Enquiries can be made via email to Dr. David Rebollo-Monedero and Prof. Jordi Forné, in English, Catalan or Spanish, with the subject "Prospective PhD/MS Candidate", including the following information in your first message:

  • Cover letter. Please explain why you think you are the right person for the proposal in roughly half a page, possibly referring to your CV and your transcript. Mention for example if you're more theoretically or experimentally inclined, or simply which of your BS degree courses you enjoyed the most and why.
  • Curriculum vitae. If you have any publications, feel free to attach one or two you deem representative, or even your BS or MS project if you wish.
  • Transcript of your BS degree, and MS degree if available. If not available in any of the languages preferred, along with a scan of the official version, simply attach your own, unofficial translation, with course names and grades. Don't forget to explain in your cover letter what the grades mean in relation to the rest of your class, as different universities follow different grading guidelines.

Additional information on our research is available online, along with a number of publications and presentations. The brief, 2-page summary [PDF] is more accurate albeit somewhat more technical than the content on this page, and it is recommended if you are already familiar with the field.

If you are not viewing this document online, simply Google any of our names. You may find additional research project information in the website of the Information Security Group, or the Telematic Services Group of the Department of Telematics Engineering.