The next generation of mobile and smart phones will integrate NFC (Near Field Communication) chips. With the fast emergence of this contactless technology, mobile phones will soon be able to play the role of e-tickets, credit cards, transit pass, loyalty cards, access control badges, e-voting tokens, e cash wallets, etc. The economic growth of the near-field mobile market is expectedly overwhelming, and some industry analysts estimate that by 2014, one in every six mobile customers will own an NFC-enabled device. In such a context, protecting the privacy of an individual becomes a particularly challenging task, especially when this individual is engaged during her daily life in contactless services that may be associated with his identity. For instance, contactless services may involve a monthly subscription to a public transport system, an electronic ticket for a concert or some personal information stored aboard the mobile phone carried by that individual. If an unauthorized entity is technically able to follow all the digital traces left behind during these interactions then that third party could efficiently build a complete profile of this individual, thus causing a privacy breach. Most importantly, this entity can freely use this information for some undesired or fraudulent purposes ranging from targeted spam to identity theft. The objective of LYRICS is to enable end users to securely access and operate contactless services in a privacy-preserving manner that is, without having to disclose their identity or any other unnecessary information related to personal data. More specifically, we intend to design new innovative solutions that achieve the two fundamental privacy principles that are data minimization and data sovereignty. The data minimization (or minimal disclosure) principle states that only the information that is strictly necessary to complete a particular transaction should be disclosed (and nothing more). In practice, this means that the user should never have to give away more information than necessary for accessing and performing a specific contactless service. The data sovereignty principle states that the piece of information related to an individual totally belongs to her and that she should remain in full control of how these data are used, by whom and for which purpose. Cryptography-based technologies exist that partially respond to these requirements in some contexts. Yet none of these has been specifically designed for contactless transactions, where being offline, ensuring very low latency and being limited to constrained resources are major issues. LYRICS intends to overcome these deadlocks by providing an open, general-purpose architecture for privacy-preserving contactless services and a set of innovative cryptographic mechanisms for implementing and deploying these services on NFC-enabled mobile phones. This objective will be achieved in the context of the social appropriation of technological innovations and services.

Bilinear pairings are special kinds of functions that map pairs of points on groups to points in a third group. They make it possible to design cryptographic schemes with new properties that seem to be difficult to achieve in a more traditional public key cryptography setting, such as cryptography without Public Key Infrastructure (PKI), shorter signatures, cryptosystems with additional properties, or more secure systems. The aim of the SIMPATIC (SIM and PAiring Theory for Information and Communications security) project is first to provide the most possible efficient and secure hardware/software implementation of a bilinear pairing in a SIM card. This implementation will be next used to improve and develop new cryptographic efficient algorithms and protocols in the context of mobile phone and SIM cards. These pairing-based cryptographic tools will be finally used to develop or improve the security of several mobile phone based services. The project will more precisely focus on e-ticketing and e-cash, on cloud storage and on the security of contactless and of remote payment systems.