Coopetitive Architecture to Support a Dynamic and Scalable NFC Based Mobile Services Architecture

  • Raja Naeem Akram
  • Konstantinos Markantonakis
  • Keith Mayes
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7618)


Near Field Communication (NFC) has reinvigorated the multi-application smart card initiative. The NFC trials are relying on an extension of Issuer Centric Smart Card Model (ICOM) referred as Trusted Service Manager (TSM) architecture, which may create market segregation. Where the User Centric Smart Card Ownership Model (UCOM) takes an opposite approach of delegating the smart card ownership to its users. Therefore, to reconcile these two approaches we proposed the Coopetitive Architecture for Smart Cards (CASC) that avoids market segregation, increase revenue generation, and provide flexibility, robustness, and scalability. To support the CASC framework in this paper, we propose an application installation protocol that provides entity authentication, trust assurance and validation, mutual key and contractual-agreement generation. The protocol is compared with existing protocols on its performance, stated security, and operational goals. Furthermore, CasperFDR is used to provide a mechanical formal analysis of the protocol.


Smart Card Advance Encryption Standard Near Field Communication Trust Platform Module Cryptographic Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Rankl, W., Effing, W.: Smart Card Handbook. John Wiley & Sons, Inc., NY (2003)CrossRefGoogle Scholar
  2. 2.
    Girard, P.: Which Security Policy for Multiplication Smart Cards? In: Proceedings of the USENIX Workshop on Smartcard Technology, Berkeley, CA, USA, p. 3 (1999)Google Scholar
  3. 3.
    Akram, R.N., Markantonakis, K., Mayes, K.: A Paradigm Shift in Smart Card Ownership Model. In: Apduhan, B.O., Gervasi, O., Iglesias, A., Taniar, D., Gavrilova, M. (eds.): Proceedings of the 2010 International Conference on Computational Science and Its Applications (ICCSA 2010), pp. 191–200. IEEE CS, Fukuoka (2010)Google Scholar
  4. 4.
    Framework for Smart Card use in Government, Foundation for Information Policy Research, Consultation Response (1999)Google Scholar
  5. 5.
    Near Field Communication: The Keys to Truly Interoperable Communications, NFC Forum, White Paper (November 2006)Google Scholar
  6. 6.
    NFC Trials, Pilots, Tests and Live Services around the World. Online. NFC WorldGoogle Scholar
  7. 7.
    Pay-Buy-Mobile: Business Opportunity Analysis, GSM Association, White Paper 1.0 (November 2007)Google Scholar
  8. 8.
    Java Card Platform Specification, Sun Microsystem Inc. Std. Version 3.0.1 (May 2009)Google Scholar
  9. 9.
    Multos: The Multos Specification, OnlineGoogle Scholar
  10. 10.
    Trusted Module Specification 1.2, Trusted Computing Group Std., Rev. 103 (July 2007)Google Scholar
  11. 11.
    Akram, R.N., Markantonakis, K., Mayes, K.: A Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 161–172. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Common Criteria for Information Technology Security Evaluation, Common Criteria Std. Version 3.1 (August 2006)Google Scholar
  13. 13.
    Sauveron, D., Dusart, P.: Which Trust Can Be Expected of the Common Criteria Certification at End-User Level? Future Generation Communication and Networking (2007)Google Scholar
  14. 14.
    Akram, R.N., Markantonakis, K., Mayes, K.: A privacy preserving application acquisition protocol. In: Geyong Min, F.G.M. (ed.) 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2012). IEEE Computer Society, Liverpool (2012)Google Scholar
  15. 15.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC (October 1996)Google Scholar
  16. 16.
    Akram, R.N., Markantonakis, K., Mayes, K.: Application Management Framework in User Centric Smart Card Ownership Model. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 20–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Furlani, C.: FIPS 186-3 : Digital Signature Standard (DSS), Online, National Institute of Standards and Technology (NIST) Std. (June 2009)Google Scholar
  18. 18.
    Lepinski, M., Kent, S.: RFC 5114 - Additional Diffie-Hellman Groups for Use with IETF Standards (January 2008)Google Scholar
  19. 19.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  20. 20.
    GlobalPlatform: GlobalPlatform Card Specification, Version 2.2, GlobalPlatform Std. (March 2006)Google Scholar
  21. 21.
    Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and Authenticated Key Exchanges. Des. Codes Cryptography 2, 107–125 (1992)CrossRefGoogle Scholar
  22. 22.
    Aziz, A., Diffie, W.: Privacy And Authentication For Wireless Local Area Networks. IEEE Personal Communications 1, 25–31 (1994)CrossRefGoogle Scholar
  23. 23.
    Horn, G., Martin, K.M., Mitchell, C.J.: Authentication Protocols for Mobile Network Environment Value-Added Services. IEEE Transactions on Vehicular Technology 51 (March 2002)Google Scholar
  24. 24.
    Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ioannidis, J., Keromytis, A.D., Reingold, O.: Just Fast Keying: Key Agreement in a Hostile Internet. ACM Trans. Inf. Syst. Secur. 7 (May 2004)Google Scholar
  25. 25.
    Remote Application Management over HTTP, Card Specification v 2.2 - Amendment B, Online, GlobalPlatform Specification (September 2006)Google Scholar
  26. 26.
    Markantonakis, K., Mayes, K.: A Secure Channel Protocol for Multi-application Smart Cards based on Public Key Cryptography. In: Chadwick, D., Prennel, B. (eds.) Eight IFIP TC-6-11 Conference on Communications and Multimedia Security, pp. 79–96. Springer (September 2004)Google Scholar
  27. 27.
    Sirett, W.G., MacDonald, J.A., Mayes, K., Markantonakis, C.: Design, Installation and Execution of a Security Agent for Mobile Stations. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 1–15. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Dierks, T., Rescorla, E.: RFC 5246 - The Transport Layer Security (TLS) Protocol (August 2008)Google Scholar
  29. 29.
    Ryan, P., Schneider, S.: The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley (2000)Google Scholar
  30. 30.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)MATHGoogle Scholar
  31. 31.
    FIPS 180-2: Secure Hash Standard (SHS), National Institute of Standards and Technology Std. (2002)Google Scholar
  32. 32.
    Urien, P.: Collaboration of SSL Smart Cards within the WEB2 Landscape. In: International Symposium on Collaborative Technologies and Systems, pp. 187–194 (2009)Google Scholar
  33. 33.
    Urien, P., Elrharbi, S.: Tandem Smart Cards: Enforcing Trust for TLS-Based Network Services. In: International Workshop on Applications and Services in Wireless Networks, pp. 96–104 (2008)Google Scholar
  34. 34.
    Harbitter, A., Menascé, D.A.: The Performance of Public Key-Enabled Kerberos Authentication in Mobile Computing Applications, pp. 78–85 (2001)Google Scholar
  35. 35.
    Multos: Guide to Loading and Deleting Applications, MAOSCO, Tech. Rep. (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Raja Naeem Akram
    • 1
    • 2
  • Konstantinos Markantonakis
    • 1
  • Keith Mayes
    • 1
  1. 1.ISG Smart Card CentreRoyal Holloway, University of London EghamUnited Kingdom
  2. 2.School of ComputingEdinburgh Napier UniversityEdinburghUnited Kingdom

Personalised recommendations