A personal data breach may, if left unaddressed in an adequate and timely manner, result in a substantial economy loss and social harm. A breach should be considered as adversely affecting the data or privacy of a subscriber or service user when it can result in, for example, a confidentiality breach, discrimination, unwanted exposure, loss of control, unauthorized commercial solicitations or damage to reputation. Innovative crypto can help.
Related research projects
The Smart Cloud approach: database-supporting smartcards securely operated through the Cloud.
The KISS research initiative introduces the concept of Smart Cloud, whereby end users carry secure tokens managing their personal data instead of relying on cloud storage. Through a variety of innovative cryptographic technologies, a Smart Cloud also supports data federation and aggregation such as statistics, but in a built-in, privacy-respecting way.
Towards trustworthy and privacy-respecting authentication.
ABC4Trust is an EU-funded research initiative that uses cryptographic technologies to provide better protection of privacy and identity on the Internet.
How (in)secure are mobile phones?
The main goal of the Tisphanie project is to propose a systematic and structured methodology, together with the related tools and evaluation process enabling the concerned users (MNOs, application developers, police laboratories, civil security operators) to efficiently assess the security of all major components embedded in personal devices (mobile handsets, PDAs, netbooks, PMR terminals) for critical or value-added applications.
The mission of the MATTHEW project is to enable new applications and services on mobile devices. It will overcome the limitation of current passive NFC transmission technologies by active modulation and offer new ways of exchanging roles from one mobile platform, like a smartphone or tablet, to another.
The next generation of mobile and smart phones will integrate NFC (Near Field Communication) chips. With the fast emergence of this contactless technology, mobile phones will soon be able to play the role of e-tickets, credit cards, transit pass, loyalty cards, access control badges, e-voting tokens, e cash wallets, etc. The economic growth of the near-field mobile market is expected to boom in the forthcoming years in Europe.
In such a context, protecting the privacy of an individual becomes a particularly challenging task, especially when this individual is engaged during her daily life in contactless services that may be associated with his identity. For instance, contactless services may involve a monthly subscription to a public transport system, an electronic ticket for a concert or some personal information stored aboard the mobile phone carried by that individual. If an unauthorized entity is technically able to follow all the digital traces left behind during these interactions then that third party could efficiently build a complete profile of this individual, thus causing a privacy breach. Most importantly, this entity can freely use this information for some undesired or fraudulent purposes ranging from targeted spam to identity theft.
The objective of LYRICS is to enable end users to securely access and operate contactless services in a privacy-preserving manner that is, without having to disclose their identity or any other unnecessary information related to personal data. More specifically, we intend to design new innovative solutions that achieve the two fundamental privacy principles that are data minimization and data sovereignty. The data minimization (or minimal disclosure) principle states that only the information that is strictly necessary to complete a particular transaction should be disclosed (and nothing more). In practice, this means that the user should never have to give away more information than necessary for accessing and performing a specific contactless service. The data sovereignty principle states that the piece of information related to an individual totally belongs to him and that he should remain in full control of how these data are used, by whom and for which purpose. Cryptography-based technologies exist that partially respond to these requirements in some contexts. Yet none of these has been specifically designed for contactless transactions, where being offline, ensuring very low latency and being limited to constrained resources are major issues.
LYRICS intends to overcome these deadlocks by providing an open, general-purpose architecture for privacy-preserving contactless services and a set of innovative cryptographic mechanisms for implementing and deploying these services on NFC-enabled mobile phones. This objective will be achieved in the context of the social appropriation of technological innovations and services.
OBJECTIVES AND EXPECTED OUTCOMES
The main goals of the LYRICS project are to
- Establish a high-level architecture for privacy-preserving services,
- Invent and specify low-cost cryptographic mechanisms that can be used to protect user privacy in the context of contactless mobile services,
- Securely implement these cryptographic tools on selected NFC-enabled mobile phones,
- Develop and experiment a pilot implementation of a privacy-preserving contactless mobile service (e.g. an m-ticketing application or a use case coming from the Japanese market, to be defined within the course of the project).
A critical part of the project resides in the conception of low-cost cryptographic mechanisms that can be assembled to support a higher-level privacy-preserving applicative architecture. We expect to specify a high-level applicative architecture for privacy-preserving contactless mobile services (CMS) which could serve as a basis for standardization and future market offerings in this area. The innovations expected from the project are the emergence of low-cost cryptographic primitives and protocols for the controlled disclosure of personal information in the context of contactless mobile services. We target, for typical contactless transactions, a running time on the NFC-enabled mobile phones of the order or less than 1 second. For transactions subject to stronger time constraints, such as those involved in transportation ticketing services, we expect to lower this bound to about 150 milliseconds.