The French National Research Agency Projects for science

Voir cette page en français

ANR funded project

Ingénierie Numérique et Sécurité (INS) 2011
Projet LYRICS

Lightweight privacy-enhancing cryptography for mobile contactless services

The next generation of mobile and smart phones will integrate NFC (Near Field Communication) chips. With the fast emergence of this contactless technology, mobile phones will soon be able to play the role of e-tickets, credit cards, transit pass, loyalty cards, access control badges, e-voting tokens, e cash wallets, etc. The economic growth of the near-field mobile market is expectedly overwhelming, and some industry analysts estimate that by 2014, one in every six mobile customers will own an NFC-enabled device.

In such a context, protecting the privacy of an individual becomes a particularly challenging task, especially when this individual is engaged during her daily life in contactless services that may be associated with his identity. For instance, contactless services may involve a monthly subscription to a public transport system, an electronic ticket for a concert or some personal information stored aboard the mobile phone carried by that individual. If an unauthorized entity is technically able to follow all the digital traces left behind during these interactions then that third party could efficiently build a complete profile of this individual, thus causing a privacy breach. Most importantly, this entity can freely use this information for some undesired or fraudulent purposes ranging from targeted spam to identity theft.

The objective of LYRICS is to enable end users to securely access and operate contactless services in a privacy-preserving manner that is, without having to disclose their identity or any other unnecessary information related to personal data. More specifically, we intend to design new innovative solutions that achieve the two fundamental privacy principles that are data minimization and data sovereignty. The data minimization (or minimal disclosure) principle states that only the information that is strictly necessary to complete a particular transaction should be disclosed (and nothing more). In practice, this means that the user should never have to give away more information than necessary for accessing and performing a specific contactless service. The data sovereignty principle states that the piece of information related to an individual totally belongs to her and that she should remain in full control of how these data are used, by whom and for which purpose.

Cryptography-based technologies exist that partially respond to these requirements in some contexts. Yet none of these has been specifically designed for contactless transactions, where being offline, ensuring very low latency and being limited to constrained resources are major issues. LYRICS intends to overcome these deadlocks by providing an open, general-purpose architecture for privacy-preserving contactless services and a set of innovative cryptographic mechanisms for implementing and deploying these services on NFC-enabled mobile phones. This objective will be achieved in the context of the social appropriation of technological innovations and services.

Partners

AW ATOS WORLDLINE

MDC CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE - DELEGATION REGIONALE ILE-DE-FRANCE SECTEUR OUEST ET NORD

EB ECOLE NATIONALE SUPERIEURE D'INGENIEURS DE BOURGES

EC ECOLE NATIONALE SUPERIEURE D'INGENIEURS DE CAEN (ENSICAEN)

OL FRANCE TELECOM

OT OBERTHUR TECHNOLOGIES SA

IRISA / Université de Rennes 1 UNIVERSITE DE RENNES I

ANR grant: 913 794 euros
Beginning and duration: décembre 2011 - 36 mois

 

ANR Programme: Ingénierie Numérique et Sécurité (INS) 2011

Project ID: ANR-11-INSE-0013

Project coordinator:
Monsieur Jacques Traoré (FRANCE TELECOM)
jacques.traore@nullorange.com

 

Back to the previous page

 

The project coordinator is the author of this abstract and is therefore responsible for the content of the summary. The ANR disclaims all responsibility in connection with its content.