SIMPATIC (SIM and PAiring Theory for Information and Communications security)

SIMPATIC Project

SIMPATIC (SIM and PAiring Theory for Information and Communications security) is a cooperative project funded by ANR (French Research Agency) in the call “Ingénierie Numérique et Sécurité  (INS 2012).

Bilinear pairings are special kinds of functions that map pairs of points on groups to points in a third group. They make it possible to design cryptographic schemes with new properties that seem to be difficult to achieve in a more traditional public key cryptography setting, such as cryptography without Public Key Infrastructure (PKI), shorter signatures, cryptosystems with additional properties, or more secure systems.

The aim of the SIMPATIC (SIM and PAiring Theory for Information and Communications security) project is first to provide the most possible efficient and secure hardware/software implementation of a bilinear pairing in a SIM card.

This implementation will be next used to improve and develop new cryptographic efficient algorithms and protocols in the context of mobile phone and SIM cards. These pairing-­based cryptographic tools will be finally used to develop or improve the security of several mobile phone based services. The project will more precisely focus on e-­ticketing and e-­cash, on cloud storage and on the security of contactless and of remote payment systems.

The partners of the project are:

  • Orange Labs
  • ENS
  • INVIA
  • Oberthur Technologies
  • STMicroelectronics
  • Université Bordeaux 1
  • Université de Caen Basse-­Normandie
  • Université de Paris VII

Certified by the SCS world competitiveness cluster

Lyrics project is certified by E-Secure Transactions cluster (website).

The SCS world competitiveness cluster has a genuine ambition: to become the unavoidable and recognized player in the field of Secured Communicating Solutions by covering the entire value chain of ICT business lines, from silicon to usages:

  • Microelectronics
  • Telecommunications
  • Software

It will do this based on focused, differentiating Smart Areas Specialisation (SSAs): contactless technology; networks, M2M & mobile services; digital security & identities

For the benefit of high-growth markets: Health, Pharmaceuticals, Trade, Mass Retail, Transport & Logistics, Banking, Insurance, Financial Institutions, the Environment, Recycling, Consumer Electronics, Administration, Energy, Smart Grids, Smart Meters, and so on.

Description of the Lyrics project:  http://en.pole-scs.org/projet/lyrics?popup=1

Participation du projet Lyrics à la journée NFC/SSO au CNAM

Présentation d’un poster sur le projet coopératif Lyrics lors de la journée dédiée au montage de l’action CNRS SSO (Secure Smart Objects) au  CNAM le 29 Mars 2013 : poster-lyrics-fr

Organisateurs

Samia Bouzefrane et Pierre Paradinas (CNAM, Labo CEDRIC)

Maryline Laurent (Telecom SudParis, Labo SAMOVAR)

Pierre Métivier (Forum des services mobiles sans contact)

Sponsors :

ASF (ACM SIGOPS France), l’ASR GDR du CNRS et Télécom SudParis

lien vers la page « Journee-NFC-SSO »

Certified by the E-Secure Transactions cluster

Lyrics project is certified by E-Secure Transactions cluster (website).

The cluster’s aims :

The Lower Normandy Region offers unique advantages, reuniting the essential skills and expertise for the accomplishment of an ambitious secure electronic transactions programme.

In order to seize market opportunities and to guarantee the protection of key technologies, the cluster’s ambition is to shape the secure electronic transactions sector and to become:

  • Within five years, the European point of reference in terms of R&D, training and industrial development in the field of secure electronic transactions;
  • A pilot region, cradle of large scale product, service and usage experimentation;
  • A place of influence and convergence of knowledge and know-how based on the capacity to materialise innovative projects and to conclude cooperative partnerships on a national and international scale.

Description of the project in french : http://www.pole-tes.com/web/portal/website/content/modules/projet2/projet2.do?websiteId=1&navigableId=374&projet2Id=208

 

Related projects

Several national, European or international collaborative projects on specific aspects of « Privacy and Identity Management » have been launched in the past five years. PRIME[1], PrimeLife (PRIME’s follow-up project), PICOS (Privacy and Identity Management for Community Services)[2] COPRIM (Contactless Privacy Manager) and ABC4Trust (Attribute-Based Credentials for Trust) [3], are representative projects in this area. In contrast to all of those projects, LYRICS puts a strong emphasis on conceiving and implementing innovative cryptographic primitives, and specifically addresses the computational constraints faced by embedded applications.

Our project bears some similarities with the European FP6 project PRIME (PRivacy and Identity Management for Europe) whose goal was to develop a framework and a number of tools allowing a user to manage his identity and to protect his privacy in the cyberspace. The main difference however is that we are focusing on real-world near-field transactions using low resources devices (NFC-enabled mobile phones) whereas PRIME was focusing exclusively on the on-line setting (Internet transactions performed on powerful devices such as personal computers). Moreover the privacy-enhancing cryptographic tools developed during the course of this project are mainly based on those used in the Idemix system and therefore would not be suitable for resources constrained devices such as SIM cards and mobile phones.

The ANR

ANR- 11-INSE-013

The ANR (French National Research Agency) is a research funding organisation. The Agency was established by the French government in 2005 to fund research projects, based on competitive schemes giving researchers the best opportunities to realise their projects and paving the way for groundbreaking new knowledge. The role of the Agency is to bring more flexibility to the French research system, foster new dynamics and devise cutting edge-strategies for acquiring new knowledge. By identifying priority areas and fostering public-private collaborations, the ANR also aims at enhancing the general level of competitiveness of both the French research system and the French economy.

Digital Engineering & Security – INS

The objectives of the INS research programme are the emergence of new paradigms, technologies, methods and tools to design digital systems consisting in integrated hardware and software in which security, dependability and energy efficiency are essential concerns. This affects the engineering of complex digital systems based on components, building blocks and applications.

Security stresses the design of high-confidence digital systems, their implementation and monitoring. The uncontrolled proliferation of connected digital systems also uses concepts such as protection assurance: « security by design ». Key challenges are concerned by dependability of critical systems, fidelity (customers viewpoint on brand reputation for products and services), the problems of energy consumption, the economy of software and hardware, i.e., the rationalization of fabrication (costs, delays) without compromising the quality and by creating higher added value for products and services that differentiate from competitors.

http://www.agence-nationale-recherche.fr/en/research-programmes/aap-en/digital-engineering-security-ins-2012/

Standardisation

Global Platform: Global Platform (GP) is an important standard coping with the way applications are securely managed on the security element. Together with Java Card, it offers a good basis for industrial development and remote issuance of secure applications in the smartphone context, and consequently these environments will be the target of LYRICS.

GP is broadly used for SIMs which are typical multi-applicative secure elements (SE). Aspects dealt with by GP are secure download, activation, disable and removal of applications with their code, data and their secret material (keys, parameters, etc…) while preserving the right policy for doing these operations which can involve various entities: mobile network operators, the security element issuer, the application provider, and some trusted third party. There are clearly some concerns with privacy in tasks like secure code and keys downloading, since it could result for example in some problems of traceability.  These aspects will be addressed in LYRICS in order to provide an analysis of mechanisms provided by GP2.2 and the work being done on “remote application management” topic to verify adequacy with the goals of LYRICS regarding privacy, describe relevant measures concerning remote management & privacy, and eventually define and propose some technical adaptations of GP protocols, and if necessary contribute to the GP standardization body.

ISO/IEC: Several standardization bodies have been involved over the last ten years in attempts to develop an information privacy protection standard. ISO/IEC JTC1/SC27 has vested interests in standardizing “information technology-security techniques”. This includes standards for privacy-enhancing technologies and especially for credential-based solutions. The subject of anonymous authentication mechanisms intersects with standardization works in two SC27 working groups, WG2 and WG5. WG2 develops standards based on algorithms such as group signatures and WG5 elaborates on requirements and guidelines. An initiative is currently being undertaken by SC27 WG5:

-       The project ISO/IEC 29191 provides a model for partially anonymous unlinkable authentication mechanisms where a designated agent can revoke anonymity, and defines requirements thereof.

The WG5 is responsible for other privacy standards. The most advanced are ISO/IEC 29100 Privacy Framework and ISO/IEC 29101 Privacy Reference Architecture:

-       The Privacy Framework serves as a basis for a technical reference architecture, for the implementation and use of specific privacy technologies and overall privacy management, for privacy controls for outsourced data processes, for privacy risk assessment or for specific engineering specifications.

-       The Privacy Reference Architecture guides the implementation of controls associated with a privacy framework to ensure the proper handling of personally identifiable information within an information and communication technology environment.

NEC and France Telecom are actively involved in these two working groups WG2 and WG5. More precisely, NEC is the editor in charge of the ISO/IEC 29191 project. NEC, France Telecom as well as Microsoft also hold several patents on Privacy-Enhancing Cryptographic (PEC) mechanisms such as blind signatures, DAA and k-TAA and on applications making use of these anonymous signatures schemes such as e-cash, e-voting and e-auctions.