Rethinking the Smart Card Technology

  • Raja Naeem Akram
  • Konstantinos Markantonakis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)

Abstract

Creating security architectures and processes that directly interact with consumers, especially in consumer electronics, has to take into account usability, user-experience and skill level. Smart cards provide secure services, even in malicious environments, to end-users with a fairly straightforward limited usage pattern that even an ordinary user can easily deal with. The way the smart card industry achieves this is by limiting users’ interactions and privileges on the smart cards they carry around and use to access different services. This centralised control has been the key to providing secure and reliable services through smart cards, while keeping the smart cards fairly useable for end-users. However, as smart cards have permeated into every aspect of modern life, users have ended up carrying multiple cards to perform mundane tasks, making smart card-based services a cumbersome experience. User Centric Smart Cards (UCSC) enable users to have all the services they might be accessing using traditional smart cards on a single device that is under their control. Giving ”freedom of choice” to users increases their privileges, but the design requirement is to maintain the same level of security and reliability as traditional architectures while giving better user experience. In this paper, we will discuss the challenges faced by the UCSC proposal in balancing security with usability and ”freedom of choice”, and how it has resolved them.

Keywords

Veri CARDIS Alloca 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Dusart, P., Sauveron, D., Tai-Hoon, K.: Some Limits of Common Criteria Certification. International Journal of Security and its Applications 2(4), 11–20 (2008)Google Scholar
  2. 2.
    Sauveron, D., Dusart, P.: Which Trust Can Be Expected of the Common Criteria Certification at End-User Level? Future Generation Communication and Networking 2, 423–428 (2007)CrossRefGoogle Scholar
  3. 3.
    Xenakis, C., Merakos, L.: Security in Third Generation Mobile Networks. Computer Communications 27(7), 638–650 (2004)CrossRefGoogle Scholar
  4. 4.
    Schultz, E.E.: Research on Usability in Information Security. Computer Fraud & Security 2007(6), 8–10 (2007)CrossRefGoogle Scholar
  5. 5.
    Anderson, R., Moore, T.: Information Security Economics – and Beyond. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 68–91. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Askoxylakis, I.G., Pramateftakis, M., Kastanis, D.D., Traganitis, A.P.: Integration of a Secure Mobile Payment System in a GSM/UMTS SIM Smart Card. In: Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security. CNIS 2007, pp. 40–50. ACTA Press, Anaheim (2007)Google Scholar
  7. 7.
    Whitten, A., Tygar, J.D.: Why Johnny Can’T Encrypt: A Usability Evaluation of PGP 5.0. In: Proceedings of the 8th Conference on USENIX Security Symposium. SSYM 1999, vol. 8, p. 14. USENIX Association, CA (1999)Google Scholar
  8. 8.
    EMV 4.2, Online, EMVCo Specification 4.2 (May 2008), http://www.emvco.com/specifications.aspx?id=155
  9. 9.
    Entity Authentication Assurance Framework, ITU-T, Geneva, Switzerland, Recommendation ITU-T X.1254 (September 2012), http://www.itu.int/rec/T-REC-X.1254-201209-I
  10. 10.
    Mitrokotsa, A., Sheng, Q.Z., Maamar, Z.: User-driven RFID applications and challenges. Personal and Ubiquitous Computing 16(3), 223–224 (2012)CrossRefGoogle Scholar
  11. 11.
    Akram, R.N., Markantonakis, K., Mayes, K.: Application Management Framework in User Centric Smart Card Ownership Model. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 20–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Petroulakis, N.E., Askoxylakis, I.G., Tryfonas, T.: Life-logging in Smart Environments: Challenges and Security Threats. In: 2012 IEEE International Conference on Communications (ICC), pp. 5680–5684. IEEE (2012)Google Scholar
  13. 13.
    Laugesen, J., Yuan, Y.: What Factors Contributed to the Success of Apple’s iPhone? In: Proceedings of the 2010 Ninth International Conference on Mobile Business / 2010 Ninth Global Mobility Roundtable. ICMB-GMR 2010, pp. 91–99. IEEE Computer Society, Washington, DC (2010)CrossRefGoogle Scholar
  14. 14.
    Near Field Communications (NFC). Simplifying and Expanding. Contactless Commerce, Connectivity, and Content, ABI Research, Oyster Bay, NY (2006), http://www.abiresearch.com/research/1000885-Near-Field_Communications_NFC
  15. 15.
    Sauveron, D.: Multiapplication Smart Card: Towards an Open Smart Card? Inf. Secur. Tech. Rep. 14(2), 70–78 (2009)CrossRefGoogle Scholar
  16. 16.
    The GlobalPlatform Proposition for NFC Mobile: Secure Element Management and Messaging, GlobalPlatform, White Paper (April 2009)Google Scholar
  17. 17.
    Mobile NFC Services, GSM Association, White Paper Version 1.0 (2007), http://www.gsmworld.com/documents/nfc_services_0207.pdf
  18. 18.
    Akram, R.N., Markantonakis, K., Mayes, K.: A Paradigm Shift in Smart Card Ownership Model. In: Apduhan, B.O., Gervasi, O., Iglesias, A., Taniar, D., Gavrilova, M. (eds.) Proceedings of the 2010 International Conference on Computational Science and Its Applications (ICCSA 2010), pp. 191–200. IEEE Computer Society, Fukuoka (2010)Google Scholar
  19. 19.
    GlobalPlatform, A.: New Model: The Consumer-Centric Model and How It Applies to the Mobile Ecosystem, GlobalPlatform, Whitepaper (March 2013)Google Scholar
  20. 20.
    Girard, P.: Which Security Policy for Multiplication Smart Cards? In: Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, p. 3. USENIX Association, Berkeley (1999), http://portal.acm.org/citation.cfm?id=1267115.1267118 Google Scholar
  21. 21.
    Chaumette, S., Sauveron, D.: New Security Problems Raised by Open Multiapplication Smart Cards. LaBRI, Université Bordeaux 1, pp. 1332–04 (2004)Google Scholar
  22. 22.
    Akram, R.N., Markantonakis, K., Mayes, K.: A Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 161–172. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    London Underground: Oyster Card. London Underground. United Kingdom, https://oyster.tfl.gov.uk/oyster/entry.do (visited June 2010)
  24. 24.
    EnglishOctopus. Octopus Holdings Ltd. Hong Kong, China, http://www.octopus.com.hk/home/en/index.html (visited December 2010)
  25. 25.
    Akram, R.N., Markantonakis, K., Mayes, K.: Remote Attestation Mechanism based on Physical Unclonable Functions. In: Zhou, C.M.J., Weng, J. (eds.) The 2013 Workshop on RFID and IoT Security (RFIDsec 2013 Asia). IOS Press, Guangzhou (November 2013)Google Scholar
  26. 26.
    Akram, R.N., Markantonakis, K., Mayes, K.: Remote Attestation Mechanism for User Centric Smart Cards Using Pseudorandom Number Generators. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 151–166. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  27. 27.
    Bringer, J., Chabanne, H., Kevenaar, T.A.M., Kindarji, B.: Extending Match-On-Card to Local Biometric Identification. In: Fierrez, J., Ortega-Garcia, J., Esposito, A., Drygajlo, A., Faundez-Zanuy, M. (eds.) BioID MultiComm2009. LNCS, vol. 5707, pp. 178–186. Springer, Heidelberg (2009), http://www.springerlink.com/content/b16016708315549v/fulltext.pdf CrossRefGoogle Scholar
  28. 28.
    Akram, R.N., Markantonakis, K., Mayes, K.: A Privacy Preserving Application Acquisition Protocol. In: Geyong Min, F.G.M. (ed.) 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2012). IEEE Computer Society, Liverpool (June 2012)Google Scholar
  29. 29.
    Akram, R.N., Markantonakis, K., Mayes, K.: A Secure and Trusted Channel Protocol for the User Centric Smart Card Ownership Model. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2013). IEEE Computer Society, Melbourne (2013)Google Scholar
  30. 30.
    Akram, R.N., Markantonakis, K., Mayes, K.: Coopetitive Architecture to Support a Dynamic and Scalable NFC Based Mobile Services Architecture. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 214–227. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  31. 31.
    Basin, D., Friedrich, S., Posegga, J., Vogt, H.: Java Bytecode Verification by Model Checking. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 491–494. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  32. 32.
    Java Card Platform Specification: Classic Edition; Application Programming Interface, Runtime Environment Specification, Virtual Machine Specification, Connected Edition; Runtime Environment Specification, Java Servlet Specification, Application Programming Interface, Virtual Machine Specification, Sample Structure of Application Modules, Sun Microsystem Inc Std. Version 3.0.1 (May 2009)Google Scholar
  33. 33.
    Basin, D., Friedrich, S., Gawkowski, M.: Verified Bytecode Model Checkers. In: Carreño, V.A., Muñoz, C.A., Tahar, S. (eds.) TPHOLs 2002. LNCS, vol. 2410, pp. 47–66. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  34. 34.
    Akram, R.N., Markantonakis, K., Mayes, K.: Firewall Mechanism in a User Centric Smart Card Ownership Model. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 118–132. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  35. 35.
    Akram, R.N., Markantonakis, K., Mayes, K.: Application-Binding Protocol in the User Centric Smart Card Ownership Model. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 208–225. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Raja Naeem Akram
    • 1
  • Konstantinos Markantonakis
    • 2
  1. 1.Department of Computer ScienceUniversity of WaikatoHamiltonNew Zealand
  2. 2.ISG Smart Card CentreUniversity of LondonUK

Personalised recommendations