A personal data breach may, if left unaddressed in an adequate and timely manner, result in a substantial economy loss and social harm. A breach should be considered as adversely affecting the data or privacy of a subscriber or service user when it can result in, for example, a confidentiality breach, discrimination, unwanted exposure, loss of control, unauthorized commercial solicitations or damage to reputation. Innovative crypto can help.
The next generation of mobile and smart phones will integrate NFC (Near Field Communication) chips. With the fast emergence of this contactless technology, mobile phones will soon be able to play the role of e-tickets, credit cards, transit pass, loyalty cards, access control badges, e-voting tokens, e cash wallets, etc. The economic growth of the near-field mobile market is expected to boom in the forthcoming years in Europe.
In such a context, protecting the privacy of an individual becomes a particularly challenging task, especially when this individual is engaged during her daily life in contactless services that may be associated with his identity. For instance, contactless services may involve a monthly subscription to a public transport system, an electronic ticket for a concert or some personal information stored aboard the mobile phone carried by that individual. If an unauthorized entity is technically able to follow all the digital traces left behind during these interactions then that third party could efficiently build a complete profile of this individual, thus causing a privacy breach. Most importantly, this entity can freely use this information for some undesired or fraudulent purposes ranging from targeted spam to identity theft.
The objective of LYRICS is to enable end users to securely access and operate contactless services in a privacy-preserving manner that is, without having to disclose their identity or any other unnecessary information related to personal data. More specifically, we intend to design new innovative solutions that achieve the two fundamental privacy principles that are data minimization and data sovereignty. The data minimization (or minimal disclosure) principle states that only the information that is strictly necessary to complete a particular transaction should be disclosed (and nothing more). In practice, this means that the user should never have to give away more information than necessary for accessing and performing a specific contactless service. The data sovereignty principle states that the piece of information related to an individual totally belongs to him and that he should remain in full control of how these data are used, by whom and for which purpose. Cryptography-based technologies exist that partially respond to these requirements in some contexts. Yet none of these has been specifically designed for contactless transactions, where being offline, ensuring very low latency and being limited to constrained resources are major issues.
LYRICS intends to overcome these deadlocks by providing an open, general-purpose architecture for privacy-preserving contactless services and a set of innovative cryptographic mechanisms for implementing and deploying these services on NFC-enabled mobile phones. This objective will be achieved in the context of the social appropriation of technological innovations and services.
The main goals of the LYRICS project are to
1. Establish a high-level architecture for privacy-preserving services,
2. Invent and specify low-cost cryptographic mechanisms that can be used to protect user privacy in the context of contactless mobile services,
3. Securely implement these cryptographic tools on selected NFC-enabled mobile phones,
4. Develop and experiment a pilot implementation of a privacy-preserving contactless mobile service (e.g. an m-ticketing application or a use case coming from the Japanese market, to be defined within the course of the project).
A critical part of the project resides in the conception of low-cost cryptographic mechanisms that can be assembled to support a higher-level privacy-preserving applicative architecture. We expect to specify a high-level applicative architecture for privacy-preserving contactless mobile services (CMS) which could serve as a basis for standardization and future market offerings in this area. The innovations expected from the project are the emergence of low-cost cryptographic primitives and protocols for the controlled disclosure of personal information in the context of contactless mobile services. We target, for typical contactless transactions, a running time on the NFC-enabled mobile phones of the order or less than 1 second. For transactions subject to stronger time constraints, such as those involved in transportation ticketing services, we expect to lower this bound to about 150 milliseconds.