Advertisement

A Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism

  • Raja Naeem Akram
  • Konstantinos Markantonakis
  • Keith Mayes
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 330)

Abstract

Smart cards have been deployed as trusted components in a wide range of industries. The basis of the trust on a smart card platform and applications is static and evaluated before the card issuance to cardholders. A dynamic and post-issuance security assurance and validation mechanism can be useful, but it is not considered necessary in the Issuer Centric Smart Card Ownership Model. However, in an open and dynamic smart card environment like the User Centric Smart Card Ownership Model, it is essential to have a mechanism that on request could provide assurance and validation of the implemented and evaluated security mechanisms. Such a framework is the focus of this paper.

Keywords

Smart Card Security Policy Security Requirement Common Criterion Application Provider 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Markantonakis, K.: The case for a secure multi-application smart card operating system. In: Okamoto, E. (ed.) ISW 1997. LNCS, vol. 1396, pp. 188–197. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Sauveron, D.: Multiapplication Smart Card: Towards an Open Smart Card?. Inf. Secur. Tech. Rep. 14(2), 70–78 (2009)CrossRefGoogle Scholar
  3. 3.
    Common Criteria for Information Technology Security Evaluation; Part 1: Introduction and General Model, Part 2: Functional Security Components, Part 3: Assurance Security Components, Std. Version 3.1, Rev. 3 (July 2009), http://www.commoncriteriaportal.org/thecc.html
  4. 4.
    Akram, R.N., Markantonakis, K., Mayes, K.: A Paradigm Shift in Smart Card Ownership Model. In: Apduhan, B.O., Gervasi, O., Iglesias, A., Taniar, D., Gavrilova, M. (eds.) Proceedings of the 2010 International Conference on Computational Science and Its Applications (ICCSA 2010), March 2010, pp. 191–200. IEEE Computer Society Press, Fukuoka (2010)CrossRefGoogle Scholar
  5. 5.
    Akram, R.N., Markantonakis, K., Mayes, K.: Application Management Framework in User Centric Smart Card Ownership Model. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 20–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Karger, P.A., Austel, V.R., Toll, D.C.: A New Mandatory Secruity Policy Combining Secrecy and Integrity. IBM Thomas J. Watson Research Center, Yorktown Heights, NY, Tech. Rep. RC 21717(97406) (March 2000)Google Scholar
  7. 7.
    Toll, D.C., Karger, P.A., Palmer, E.R., McIntosh, S.K., Weber, S.: The Caernarvon Secure Embedded Operating System. SIGOPS Oper. Syst. Rev. 42(1), 32–39 (2008)CrossRefGoogle Scholar
  8. 8.
    Sauveron, D., Dusart, P.: Which Trust Can Be Expected of the Common Criteria Certification at End-User Level?. In: FGCN ’07: Proceedings of the Future Generation Communication and Networking, pp. 423–428. IEEE Computer Society Press, Washington (2007)CrossRefGoogle Scholar
  9. 9.
    ISO/IEC 15408 Standard. Common Criteria for Information Technology Security Evaluation, Std. Version 2.2, Rev. 256 (2004)Google Scholar
  10. 10.
    Akram, R.N., Markantonakis, K., Mayes, K.: Firewall Mechanism in a User Centric Smart Card Ownership Model. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 118–132. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Mayes, K., Markantonakis, K. (eds.): Smart Cards, Tokens, Security and Applications. Springer, Heidelberg (2008)Google Scholar
  12. 12.
    Common Methodology for Information Technology Security Evaluation; Evaluation Methodology. Tech. Rep. Version 3.1 (July 2009), http://www.commoncriteriaportal.org/thecc.html
  13. 13.
    Schneier, B.: Applied cryptography: protocols, algorithms, and source code in C, 2nd edn. John Wiley & Sons, Inc., New York (1995)zbMATHGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2010

Authors and Affiliations

  • Raja Naeem Akram
    • 1
  • Konstantinos Markantonakis
    • 1
  • Keith Mayes
    • 1
  1. 1.Information Security Group Smart card Centre, Royal HollowayUniversity of London EghamSurreyUnited Kingdom

Personalised recommendations