Embedded System Security

Trusted Platform Module for Smart Cards
Akram, R.N., Markantonakis, K., Mayes, K.: Trusted Platform Module for Smart Cards. In: Alfandi, O. 6th IFIP International Conference on New Technologies, Mobility and Security (NTMS). IEEE CS, Dubai, UAE (2014).Abstract
Near Field Communication (NFC)-based mobile phone services offer a lifeline to the under-appreciated multiapplication smart card initiative. The initiative could effectively replace heavy wallets full of smart cards for mundane tasks. However, the issue of the deployment model still lingers on. Possible approaches include, but are not restricted to, the User Centric Smart card Ownership Model (UCOM), GlobalPlatform Consumer Centric Model, and Trusted Service Manager (TSM). In addition, multiapplication smart card architecture can be a GlobalPlatform Trusted Execution Environment (TEE) and/or User Centric Tamper-Resistant Device (UCTD), which provide cross-device security and privacy preservation platforms to their users. In the multiapplication smart card environment, there might not be a prior off-card trusted relationship between a smart card and an application provider. Therefore, as a possible solution to overcome the absence of prior trusted relationships, this paper proposes the Trusted Platform Manager (TPM) concept for smart cards (embedded devices) that can act as a point of reference for establishing the necessary trust between the device and an application provider, and among applications.
Markantonakis, K., Tunstall, M., Hancke, G., Askoxylakis, I., Mayes, K.: Attacking smart card systems: Theory and practice. Information Security Technical Report. 14, 46-56 (2009). WebsiteAbstract
Smart card technology has evolved over the last few years following notable improvements in the underlying hardware and software platforms. Advanced smart card microprocessors, along with robust smart card operating systems and platforms, contribute towards a broader acceptance of the technology. These improvements have eliminated some of the traditional smart card security concerns. However, researchers and hackers are constantly looking for new issues and vulnerabilities. In this article we provide a brief overview of the main smart card attack categories and their corresponding countermeasures. We also provide examples of well-documented attacks on systems that use smart card technology (e.g. satellite TV, EMV, proximity identification) in an attempt to highlight the importance of the security of the overall system rather than just the smart card.
Akram, R.N., Markantonakis, K., Mayes, K.: Pseudorandom Number Generation in Smart Cards: An Implementation, Performance and Randomness Analysis. In: Antonio Mana, and Klonowski, M. 2012 5th International Conference on New Technologies, Mobility and Security (NTMS). IEEE Computer Science, Istanbul, Turkey (2012).Abstract
Smart cards rely on pseudorandom number generators to provide uniqueness and freshness in their cryptographic services i.e. encryption and digital signatures. Their implementations are kept proprietary by smart card manufacturers in order to remain competitive. In this paper we look at how these generators are implemented in general purpose computers. How architecture of such generators can be modified to suit the smart card environment. Six variations of this modified model were implemented in Java Card along with the analysis of their performance and randomness. To analyse the randomness of the implemented algorithms, the NIST statistical test suite is used. Finally, an overall analysis is provided, that is useful for smart card designers to make informed decisions when implementing pseudorandom number generators.