data-privacy

The PROPOLIS Project

Cities are experiencing unprecedented growth and face significant challenges in creating healthy, sustainable and safe places for their citizens to live and work. Through a variety of devices equipped with sensors, meters and cameras, the Internet of Things (IoT) offers cities new new opportunities to use data for analytics based on Artificial Intelligence (AI) in areas such as traffic management, infrastructure, environmental monitoring and security. Collecting and processing vast amounts of data from and about citizens is a prerequisite for this, but it is also a source of serious privacy concerns.

The overarching goal of PROPOLIS is to address these privacy concerns throughout the AI lifecycle and to develop a comprehensive understanding of data privacy in context of smart city analytics. The project will provide privacy-friendly solutions for (i) the training phase, where an AI model is trained with the collected data, and for (ii) the subsequent inference phase, in which the trained models are used for future queries and inferences, and will be implement. The proposed project will consider a variety of potential adversaries and ensure the protection of the different data used, i.e., the protection of the training data (and thus the citizens who voluntarily provide it), the protection of the query, and finally the protection of the model. The solutions developed will advance the state of the art and rely on differential privacy, homomorphic encryption and secure multi-party computations.

The PROPOLIS consortium consists of two partners (one academic, one industrial) from France and two partners (one academic, one industrial) from Germany. All partners will contribute their expertise to solve the various analytical and specific data protection problems. The academic partners will work with the industrial partners to design and develop the proposed privacy-compliant analytical modules. While KIT and the Urban Institute will focus on the AI training phase and investigate differentiated privacy protection mechanisms for citizens, EURECOM and SAP will address the inference phase (query and model data protection) and develop privacy-friendly inference solutions based on homomorphic encryption and/or secure multi-party computation. The main synergistic effect of this international collaboration is an end-to-end data protection approach for smart city applications, where both intellectual property and citizen privacy are protected. The primary goal of PROPOLIS is to realize the full potential of smart-city applications through the IoT for the benefit of society, the economy, and more broadly, the quality of life of citizens exploit.

Prof. Dr. Antonio Faonio, Eurecom

EURECOM is a graduate school of engineering and research institute in telecommunications located in Sophia-Antipolis, France. It is a consortium of industrial and academic members. EURECOM is a founding member and strong supporter of the recently awarded 3IA center of the “Région Sud” (part of the National Program for Artificial Intelligence announced by the President of the French Republic) whose strategy is to harmonize and coordinate activities around artificial intelligence and machine learning. In PROPOLIS, EURECOM will contribute to the development of privacy preserving analytics based on advances cryptographic tools to ensure both query and AI-software privacy. EURECOM has provided various solutions processing over encrypted data including for NN classification.

Dr. Laurent Gomez, SAP

Maintaining security is a constantly shifting task, and we need to respond with continuous learning and research. The portfolio of SAP Security Research contains those topics that we believe are most important for SAP’s security future. SAP’s vision to secure business is built on 3 ideals: Zero-Vulnerability, to harden the software by eliminating vulnerabilities, Defensible Application, to enable the software to identify and prevent attacks, and Zero-Knowledge, to make any theft of data useless through encryption. Considering these aspects, SAP Security Research covers the following focal areas: Anonymization for Big Data, Security for Distributed Enterprise Systems, Software security analysis, Open-source analysis, Deceptive application, Applied cryptography, Quantum technology, and Machine Learning as enabler for the next generation of security.

Fernando Lyardet and Dr. Stefan Radomski, Urban Institute

The Urban Institute (UI) is a thought leader for “Smart City“ solutions and related disruptive business models. The core business is centered on the leading IoT platform UrbanPulse that represents the emerging business philosophy of a collaborative and shared economy leveraging real-time urban data from a wide variety of urban infrastructures. In Propolis, the Urban Institute brings the most extensive industrial experience in Smart Cities, digital transformation and standardization, with unparalleled experience in new technology integration. The research activities focus on IoT in Smart Cities as well as formal verification of organisational-wide processes.

Dr. Javier Parra-Arnau and Prof. Dr. Thorsten Strufe, KIT

The Karlsruhe Institute of Technology (KIT) was established by the merger of the Universität Karlsruhe and Forschungszentrum Karlsruhe in 2009 and combines the tasks of a university with those of a research center of the Helmholtz Association in the areas of research, teaching, and innovation. In PROPOLIS, KIT will contribute experience in anonymization and privacy-utility trade-off analyses. It will help design and prove privacy- preserving learning and the publication of differentially private datasets.

PROPOLIS will set the foundation for a strong long-term collaboration between the French and German partners within the context of the EU Cybersecurity Initiative. It is an artifact of SAP and UI getting invested into the venture of increasing cyber resilience and developing the technological resources for cybersecurity, thus advancing the EU Cybersecurity Strategy and the European Agenda on Security. With support by the competence of EURECOM/KIT, the success of PROPOLIS will not only advance the European digital future Policy on AI. Developing algorithms towards privacy-preserving AI, it does so according to the “European approach to excellence and trust”, and it will ensure that the European industry can develop an edge over the competition, especially with regards to trustworthy IT.

Research Use Cases

The PROPOLIS use cases extend both the fields of privacy preserving AI training (Use Cases 1 and 2), as well as privacy preserving AI inference. The first use case tackles privacy preserving traffic monitoring: using floating car data containing geo-localization, velocity, and heading the project develops privacy preserving traffic jam prediction and trajectory publication. The second use case tackles privacy preserving utility consumption anomaly detection: using data about water and electricity consumption, the project develops privacy preserving detection of anomalous situations, like pipe bursts or heat sinks. The third use case tackles privacy preserving AI-based insight extraction: implementing AI directly in CCTV cameras, detection capabilities can be embedded on cameras and privacy preserving insights transmitted instead of invasive video streams.

UC1: Privacy preserving traffic monitoring

Traffic engineering has been traditionally based on stationary sensor data such as vehicle counters, induction loops and more recently thermo-cameras to understand core traffic characteristic parameters including flow speed, street saturation and the distribution of cars, trucks, and pedestrian participants. Mobile communications opened new possibilities for gathering information at a vehicle and driver granularity, by collecting data from the car itself, or the driver's phone. This new kind of data is known as Floating Car Data (FCD), and is composed typically of a timestamped geo-localization, speed, heading and in some cases motion (accelerometer) data. This valuable information can significantly help understand traffic patterns and enable new kinds of analytics such as origin-destination flow, detecting critical traffic junctions, heavily frequented road segments, estimate street maintenance and parking needs, and many other applications. With this information, the city of Bad Hersfeld seeks to better understand the current traffic flow patterns and design an effective strategy for managing traffic and reduce associated pollution. Analyzing average speed on highways or origin and destination of commuters require complex statistical operations. A Random Forest approach has been developed for revealing insights pertaining to park traffic and parking events. Precise predictions of traffic light states have been realized using Recurrent Neural Networks, while prediction of traffic flow uses Gradient Boosting methods. Collecting FCD data poses a privacy challenge, in that this much finer-granularity data makes it possible to identify a driver's whereabouts first, and then infer the identity of the driver without much effort. Data collection is granted by individuals, very often, when installing a new app on their phone. The app then relays the FCD data at regular intervals to the provider who, for instance, sells this data to traffic engineering firms.

UC2: Privacy preserving energy consumption

The current popularity of low-power wide-area network (LPWAN) technologies such as LoRaWAN and SigFoX and the upcoming 5G NBIoT open new business opportunities through different IoT interventions in urban areas. Also known as Smart City enablers, they allow for public spaces scenarios, such as parking management and environmental sensing, as well as smart home applications, like monitoring water and electricity consumption, heating, humidity, opened windows, and dangerous cases. Home monitoring has become a new trend for many utility and consumer services companies. They gather data to help people identify their latent energy consumption, reduce heating cost, and increase living comfort. At the same time, energy providers can reduce expenses by accurately assessing future energy needs, and property developers can protect rented property, for instance from expensive humidity-associated damages. Analyzing and predicting energy behavior is applicable to the industry domain as well as to private households. Our models rely on Neuronal Networks and Autoregressive integrated moving average (ARIMA) methods. Regression models had been trained to estimate the potential energy demand peaks. For the detection of anomalies in energy consumption LSTM-based methods had been applied.

UC3: Privacy preserving risk prevention in public spaces

With the ever-increasing urban population and safety concerns (e.g. the risk of terrorist attacks), smart cities call for reliable and autonomous approaches for risk prevention in public spaces. Capitalizing on to its video surveillance infrastructure (~150 cameras), the city of Antibes aims to (i) enhance its situational awareness, with data ingestion (video stream) combined with insights extraction (e.g., anomaly detection, scouting vehicles close to critical infrastructures) at the Edge; empowering video cameras with AI-based capability; (ii) improve operational efficiency across municipality services with streaming analytics based on the extracted insights, triggering targeted alerts to Safety and Police forces. The city envisions secure intelligence at the Edge, extracting insights from video streams for optimized and efficient municipality services; while protecting the privacy of citizens and seasonal visitors. In this use case, the question of safeguarding IP of distributed AI-based software on cameras also arises. The Model Owner (e.g. solution provider, training dataset owner) wants to protect its investment, distributed on potential unsecure hardware or software platforms.