Thesis of Paul Lachat

Privacy protection and trust management in edge computing environments

Start date: 01/10/2019
End date: 01/10/2022

Advisor: Lionel Brunie
Coadvisor: Nadia Bennani
Cotutelle: Harald Kosch


Sensors and other connected objects have often insufficient storage capacitiy and processing capacitiy to process the data they produce. The paradigm currently used to address this problem is called Cloud Computing (CC), which allows these tasks to be delegated to a data center that will manage the allocation of resources to store and process the data.

But the data transmission to the CC is about 100 ms which is not compatible with real-time processing constraints specific to certain applications (e.g. industrial process control). Similarly, the geographical location or environment in which a sensor is located may limit access to the Internet and therefore to the services provided by the CC.

The paradigm called Edge Computing (EC) has recently emerged to overcome the constraints of the CC. It is the candidate technology that, today, seems best suited to address the issues of storage, processing, scalability, mobility and confidentiality related to the use of connected objects. In an EC infrastructure, servers called edge servers are placed as close as possible to the connected objects and have the ability to store certain data and perform certain processing. These servers can also interact with the CC to use more resources. In addition to reducing the latency between data sending and processing, these intermediate servers allow only essential information to be exchanged with the CC, thus reducing bandwidth usage.

But these edge servers are still third-party entities that can be malicious, either immediately after installation or after hacking, and can intercept data passing between connected objects and the CC or use this data to infer new ones. In Europe, in the context of personal data, the General Data Protection Regulations (GDPR) have been implemented since May 2018 and impose the possibility for a user to specify the degree of disclosure of his data and the obligation for the systems managing this data to respect and implement the user's choices.

A thesis developed within the MDPS doctoral college proposes a solution that allows, in a centralized context, the owner of a data to express his or her choices of confidentiality, which are then translated into rules and operations executed on the data (e.g. anonymization, obfuscation, etc.) in order to ensure that the user's expressed wishes are respected.

The first objective of this co-authored thesis is to study the extension of this solution within the EC paradigm where data can flow from the end of the network (e.g. connected object) to the center of the network (e.g. CC) through the edge servers. The second objective is to find a trust model adapted to the characteristics of EC infrastructures (for example: server hierarchization, inter-server collaboration, distributed calculations, etc.) and target applications (for example: mobility, sensitivity, data aggregation, etc.).