Areas of Research

Our research covers a wide range of topics which are essential to the development of technology that can be used to build socially responsible systems. These are our main lines of research (see our publications page for more details)

Engineering privacy-preserving systems

The the users’ awareness of the invasive nature of many on-line services and mobile devices in our daily lives has put Privacy Technologies in the spotlight. While the need for privacy is undisputed, how to design and deploy privacy-preserving systems is not well understood yet, this prevents the finding of solutions that would enable society to enjoy technological progress but also avoid damaging our societal values.

At the SPRING Lab we work on the development of building blocks allowing engineers to build privacy-systems as well as on methodologies enabling them to think in a systematic way about both the design and the evaluation of privacy-preserving technologies.

At the SPRING Lab we work on developing building blocks that engineers can use to build privacy-preserving systems, and methodologies that allow them to reason in a systematic manner both about the design and the evaluation of privacy-preserving technologies.

Related publications:

• Decentralized Privacy-Preserving Proximity Tracing. Carmela Troncoso, Mathias Payer, Jean-Pierre Hubaux, Marcel Salathé, James Larus, Edouard Bugnion, Wouter Lueks, Theresa Stadler, et al. IEEE Data Eng. Bull. 43(2): 36-66 (2020)8.
  • This protocol has inspired the Google and Apple Exposure Notification API, and is used as the basis of many contact tracing applications.
  • Project Github
• CrowdNotifier: Decentralized Privacy-Preserving Presence Tracing. Wouter Lueks, Seda Gürses, Michael Veale, Edouard Bugnion, Marcel Salathé, Kenny G. Paterson, and Carmela Troncoso. PoPETs 2021 (4).
  • This protocol is the basis of the presence tracing feature of SwissCovid, the Swiss contact tracing app.
  • Project Github
• Datashare Network: A Decentralized Privacy-Preserving Search Engine for Investigative Journalists. Kasra EdalatNejad, Wouter Lueks, Julien Pierre Martin, Soline Ledésert, Anne L’Hôte, Bruno Thomas, Laurent Girod, Carmela Troncoso. USENIX Security 2020.
  • This system is currently under development in collaboration with the International Consortium of Investigative Journalists for deployment inside their journalist networks.

Impact of machine learning

At the SPRING Lab we try to understand the impact that machine learning has on society, and how it changes security and privacy problems. We research how machine learning could be used to help designers evaluate their systems design, and try to find principled ways to design defenses against attacks on privacy using machine-learning.

Related publications:

• Synthetic Data — Anonymisation Groundhog Day. Theresa Stadler, Bristena Oprisanu, Carmela Troncoso. USENIX Security 2022.
• Disparate Vulnerability: on the Unfairness of Privacy Attacks Against Machine Learning. Bogdan Kulynych, Mohammad Yaghini, Giovanni Cherubin, Carmela Troncoso. PoPETs 2022.
• POTs: Protective Optimization Technologies. Bogdan Kulynych, Rebekah Overdorf, Carmela Troncoso, Seda Gürses. FAT* 2020.
• Evading classifiers in discrete domains with provable optimality guarantees. Bogdan Kulynych, Jamie Hayes, Nikita Samarin, Carmela Troncoso. NeurIPS 2018 SecML Workshop.

Privacy evaluation

As systems become increasingly complex, they gather and expose increasing amounts of data. This information can be extracted from content or meta-data (timing patterns, locations, etc).

At the SPRING Lab we work on the development of tools that would enable users to better understand how much information they reveal. We also build tools to help app developers achieve their goals without putting at risk the privacy of the users who contribute to the projects in an altruistic way.

Related publications:

• Angel or Devil? A Privacy Study of Mobile Parental Control Apps. Álvaro Feal, Paolo Calciati, Narseo Vallina-Rodriguez, Carmela Troncoso, Alessandra Gorla. PoPETs 2020
  • This work received the 2020 Emilio Aced Award for Research on Data Protection from the Spanish Data Protection Authority
• Encrypted DNS –> Privacy? A Traffic Analysis Perspective. Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, Carmela Troncoso. NDSS 2020.
  • This work has been invited for a presentation at the IETF 105 Privacy Enhancements and Assessments Research Group session in July 2019
• On the (lack of) location privacy in crowdsourcing applications. Spyros Boukoros, Mathias Humbert, Stefan Katzenbeisser, Carmela Troncoso. USENIX Security 2019.
• Knock Knock, Who’s There? Membership Inference on Aggregate Location Data. Apostolos Pyrgelis, Carmela Troncoso, and Emiliano De Cristofaro. NDSS 2018.
  • This work received the best paper award at NDSS and was a runner-up for the 2019 CNIL Privacy Protection Award