Raja Naeem Akram

A Paradigm Shift in Smart Card Ownership Model

Smart cards have been proliferated into many aspects of modern life. Historically, the ownership of smart cards has remained with the smart card issuers. Although this ownership model is favored by a wide range of industries and service providers, it does not provide optimum convenience and flexibility to cardholders. One potential solution could be to shift the control of smart cards from the smart card issuers to the smart card users. In this paper, we will analyze the feasibility of an ownership model that delegates the ownership of a smart card to its user. The operational and security requirements of the proposed ownership model will be provided. In addition, principal research questions are identified that would merit further in-depth analysis to test the viability of this ownership model.

Application Management Framework in User Centric Smart Card Ownership Model

The predominant smart card ownership model is the issuer centric, and it has played a vital role in the proliferation of the technology. However, recent developments of multi-application smart card technology lead to new potential ownership models. One of the possible models is the User Centric Smart Card Ownership Model. In this model, the ownership is with smart card users. To support users ownership, we require a framework that can assist cardholders to manage applications on their smart cards. In this paper, we present such a framework for managing application securely on a smart card.

A Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism

Smart cards have been deployed as trusted components in a wide range of industries. The basis of the trust on a smart card platform and applications is static and evaluated before the card issuance to cardholders. A dynamic and post-issuance security assurance and validation mechanism can be useful, but it is not considered necessary in the Issuer Centric Smart Card Ownership Model. However, in an open and dynamic smart card environment like the User Centric Smart Card Ownership Model, it is essential to have a mechanism that on request could provide assurance and validation of the implemented and evaluated security mechanisms. Such a framework is the focus of this paper.

Firewall mechanism in a user centric smart card ownership model

Multi-application smart card technology facilitates applications to securely share their data and functionality. The security enforcement and assurance in application sharing is provided by the smart card firewall. The firewall mechanism is well defined and studied in the Issuer Centric Smart Card Ownership Model (ICOM), in which a smart card is under total control of its issuer. However, it is not analysed in the User Centric Smart Card Ownership Model (UCOM) that delegates the smart card control to their users. In this paper, we present UCOMs security requirements for the firewall mechanism and propose a generic framework that satisfies them.

Trusted Platform Module for Smart Cards

Near Field Communication (NFC)-based mobile phone services offer a lifeline to the under-appreciated multiapplication smart card initiative. The initiative could effectively replace heavy wallets full of smart cards for mundane tasks. However, the issue of the deployment model still lingers on. Possible approaches include, but are not restricted to, the User Centric Smart card Ownership Model (UCOM), GlobalPlatform Consumer Centric Model, and Trusted Service Manager (TSM). In addition, multiapplication smart card architecture can be a GlobalPlatform Trusted Execution Environment (TEE) and/or User Centric Tamper-Resistant Device (UCTD), which provide cross-device security and privacy preservation platforms to their users. In the multiapplication smart card environment, there might not be a prior off-card trusted relationship between a smart card and an application provider. Therefore, as a possible solution to overcome the absence of prior trusted relationships, this paper proposes the concept of Trusted Platform Module (TPM) for smart cards (embedded devices) that can act as a point of reference for establishing the necessary trust between the device and an application provider, and among applications.

Simulator Problem in User Centric Smart Card Ownership Model

The Issuer Centric Smart Card Ownership Model (ICOM) gives complete control of smart cards to their respective card issuers, enabling them to install, modify or delete applications remotely, in a secure manner. However, the User Centric Smart Card Ownership Model (UCOM) delegates the ownership of smart cards to their users, entitling them to install or delete any application according to their requirements. In the UCOM there might be no off-card relationship between a smart card and an application provider, referred to as a Service Provider, which is the cornerstone of the ICOM security framework. Therefore, this creates unique security issues like the simulator problem, in which a malicious user may simulate the smart card environment on a computing device and requests installation of an application. Following this, it might be possible to retrieve sensitive application data by reverse engineering. In this paper, we analyse the simulator problem, how it affects the UCOM and propose a possible solution.

A Privacy Preserving Application Acquisition Protocol

In the smart card industry, the application acquisition process involves the card issuers and application providers. During this process, the respective card issuer reveals the identity of the smart card user to the individual application providers. In certain application scenarios it might be necessary (e.g. banking and identity applications). However, with introduction of the Trusted Service Manager (TSM) architecture there might be valid cases where revealing the card users identity is not necessary. At the moment, the secure channel protocols for traditional smart card architecture including the TSM does not preserve the privacy of the card users. In this paper, we propose a secure and trusted channel protocol that provide such feature along with satisfying the requirements of an open and dynamic environment referred as User Centric Smart Card Ownership Model (UCOM). A comparison is provided between the proposed protocol and selected smart card protocols. In addition, we provide an informal analysis along with mechanical formal analysis using CasperFDR. Finally, we provide the test implementation and performance results.

User Centric Security Model for Tamper-Resistant Devices

Tamper-resistant devices provide a secure, reliable, and trusted execution environment even in the possession of an adversary. With ever growing use of computing platforms (i.e. mobile phones, tablets and embedded devices, etc.) the potential for compromising the security and privacy of an individual is increased. The Trusted Platform Module is restricted to integrity measurement and cryptographic operations, which is crucial in its own right. On the contrary, smart cards provide a general-purpose execution environment, but traditionally they are under a centralised control, which if extended to the other computing platforms may not be appropriate. Therefore, in this paper we analyse the rationale for a general-purpose cross-platform user centric tamper-resistant device based on the smart card architecture, its applications in different computing environments, along with the ownership management framework.

A Secure and Trusted Channel Protocol for the User Centric Smart Card Ownership Model

The User Centric Smart Card Ownership Model (UCOM) provides an open and dynamic smart card environment enabling cardholders to request installation/deletion of an application to which they are entitled. As in this model, smart cards are not under the control of a centralised authority; hence, it is difficult for an application provider to ascertain their trustworthiness. At present, proposed secure channel protocols for the smart card environment do not provide adequate assurance required by the UCOM. In this paper, we explore the reasons behind their failure to meet the UCOM requirements and then propose a secure and trusted channel protocol that meets them. In addition, the proposed protocol is also suitable to GlobalPlatforms consumer-centric smart cards. A comparison of the proposed protocol with existing smart card and selected Internet protocols is provided. Then we analyse the protocol with the CasperFDR tool. Finally, we detail the implementation and the performance measurement.

Pseudorandom Number Generation in Smart Cards: An Implementation, Performance and Randomness Analysis

Smart cards rely on pseudorandom number generators to provide uniqueness and freshness in their cryptographic services i.e. encryption and digital signatures. Their implementations are kept proprietary by smart card manufacturers in order to remain competitive. In this paper we look at how these generators are implemented in general purpose computers. How architecture of such generators can be modified to suit the smart card environment. Six variations of this modified model were implemented in Java Card along with the analysis of their performance and randomness. To analyse the randomness of the implemented algorithms, the NIST statistical test suite is used. Finally, an overall analysis is provided, that is useful for smart card designers to make informed decisions when implementing pseudorandom number generators.