Application-binding protocol in the user centric smart card ownership model

Authors:
Raja Naeem Akram;Konstantinos Markantonakis;Keith Mayes
Affiliations:
Information Security Group Smart card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom;Information Security Group Smart card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom;Information Security Group Smart card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom
Venue:
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Year:
2011

Citing 29
Cited 1

Casper: a compiler for the analysis of security protocols

Journal of Computer Security
Communicating sequential processes

Communications of the ACM
The performance of public key-enabled kerberos authentication in mobile computing applications

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Java Card Technology for Smart Cards: Architecture and Programmer's Guide

Java Card Technology for Smart Cards: Architecture and Programmer's Guide
Handbook of Applied Cryptography

Handbook of Applied Cryptography
The Design of Rijndael

The Design of Rijndael
Context Inference for Static Analysis of Java Card Object Sharing

E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
An Operational Semantics of the Java Card Firewall

E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Experimental Analysis of an SSL-Based AKA Mechanism in 3G-and-Beyond Wireless Networks

Wireless Personal Communications: An International Journal
Secure object sharing in java card

WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Beyond secure channels

Proceedings of the 2007 ACM workshop on Scalable trusted computing
Which Trust Can Be Expected of the Common Criteria Certification at End-User Level?

FGCN '07 Proceedings of the Future Generation Communication and Networking - Volume 02
Smart Cards, Tokens, Security and Applications

Smart Cards, Tokens, Security and Applications
The modelling and analysis of security protocols: the csp approach

The modelling and analysis of security protocols: the csp approach
Malicious Code on Java Card Smartcards: Attacks and Countermeasures

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Tandem Smart Cards: Enforcing Trust for TLS-Based Network Services

ASWN '08 Proceedings of the 2008 Eighth International Workshop on Applications and Services in Wireless Networks
Design and Implementation of Mobile Security Access System (MSAS) Based on SSL VPN

ETCS '09 Proceedings of the 2009 First International Workshop on Education Technology and Computer Science - Volume 03
Collaboration of SSL smart cards within the WEB2 landscape

CTS '09 Proceedings of the 2009 International Symposium on Collaborative Technologies and Systems
Multiapplication smart card: Towards an open smart card?

Information Security Tech. Report
KSSL: experiments in wireless internet security

KSSL: experiments in wireless internet security
Application Management Framework in User Centric Smart Card Ownership Model

Information Security Applications
A Paradigm Shift in Smart Card Ownership Model

ICCSA '10 Proceedings of the 2010 International Conference on Computational Science and Its Applications
An Innovative Solution for Cloud Computing Authentication: Grids of EAP-TLS Smart Cards

ICDT '10 Proceedings of the 2010 Fifth International Conference on Digital Telecommunications
Developing a Trojan applets in a smart card

Journal in Computer Virology
Design, installation and execution of a security agent for mobile stations

CARDIS'06 Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Firewall mechanism in a user centric smart card ownership model

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Combined attacks and countermeasures

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Attacks on java card 3.0 combining fault and logical attacks

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Securing the wireless internet

IEEE Communications Magazine

Load time code validation for mobile phone Java Cards

Journal of Information Security and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

The control of the application choice is delegated to the smart card users in the User Centric Smart Card Ownership Model (UCOM). There is no centralised authority that controls the card environment, and it is difficult to have implicit trust on applications installed on a smart card. The application sharing mechanism in smart cards facilitates corroborative and interrelated applications to co-exist and augment each other's functionality. The already established application sharing mechanisms (e.g. in Java Card and Multos) do not fully satisfy the security requirements of the UCOM that require a security framework that provides runtime authentication, and verification of an application. Such a framework is the focus of this paper. To support the framework, we propose a protocol that is verified using CasperFDR. In addition, we implemented the protocol and provide a performance comparison with existing protocols.