ITEA3 PARFAIT (Personal dAta pRotection FrAmework for IoT: http://itea3-parfait.com/index.htm)
PARFAIT project’s main goal is to develop a platform for protecting personal data in the Internet of Things applications which will be tested with 2 use cases. Another goal of the project is to decrease the complexity of integrating and deploying services in today’s Internet of Things technology by providing interoperable software libraries, tools, and SDK elements.
It is also a strong ambition of the project to define interoperability and security/privacy methodologies, rules, and guidelines to make recommendations for the policymakers. Defined methodologies and policies will be used as the keystones to developing libraries, tools, and SDKs which will construct the foundation layer for domain-specific Internet of Things service frameworks and connected application ecosystems.
I’m involved in this project as responsible for innovation for the following research points:
Personal data protection approaches, standards, and regulations (GDPR) for privacy protection
Model for user data protection based on the semantics attached to data collected by connected objects and their cross-analysis
SPIRIT (Security and PrIvacy foR the Internet of Things: http://www.agence-nationale-recherche.fr/Project-ANR-16-CHR2-0004)
The end goal of the SPIRIT project is to address some security and privacy vulnerabilities in IoT applications by providing trustworthy application environments in which people can trust the applications they are using, and the applications are forbidden to abuse the users by placing them under surveillance and to take non-legitimate benefits from their personal data. The address of the project website is http://cui.unige.ch/spirit.
I’m involved in this project as responsible for innovation for the second technology, termed Semantic firewall. It consists of a highly flexible network security/privacy system, developed by La Rochelle University in France. The semantic firewall is able to allow or deny the transmission of data derived from an IoT device according to the information contained within the data and the information gathered about the requester, hence ensuring that access to such data is governed by access permissions commensurate with the requester.
The work during the first period has focused on the design of a user-centric approach for user privacy protection based on two main blocks, namely (i) a habit-based approach for an anomaly-based intrusion detection system, and (ii) a semantic-based firewall for access control and communication security. It introduces a generic algorithm for user habit learning as a pillar of the anomaly detection system, which is then instantiated by an intuitionistic fuzzy sets model (i.e. the rules for personal data protection are implemented using fuzzy sets) to illustrate how it operates in a real-world use-case.