Smart Card Applications

Tunstall, M., Markantonakis, K., Sauveron, D., Mayes, K.: Smart Cards. In: Bidgoli, H. Handbook of Technology Management. John Wiley & Sons (2009).
Kyrillidis, L., Mayes, K., Chazalet, B., Markantonakis, K.: Card-present Transactions On The Internet Using The Smart Card Web Server. 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-13). p. 611-619. IEEE Computer Society, Melbourne, Australia (2013).Abstract
Purchasing over the Internet is not limited to traditional computers, and nowadays a person is able to shop from her mobile equipment. However, identity theft and credit/debit card fraud deter some potential customers, or limit their activity. Customers' privacy is threatened in several ways, including malware that directly targets their computers/mobile equipment and from attacks that target merchant infrastructure and databases. In this paper we propose a new way for a user to pay for goods ordered online, which is based on the use of a Smart Card Web Server (SCWS), hosted either on a phone Subscriber Identity Module (SIM) or in a traditional credit/debit card. It would mean that a customer never submits card details via the Internet and is only required to remember a PIN, and for merchants the responsibility to store/protect customer card details is avoided. Overall the privacy for customer data is enhanced by this proposal.
Kyrillidis, L., Hili, G., Cobourne, S., Mayes, K., Markantonakis, K.: Virtual World Authentication Using the Smart Card Web Server. In: Thampi, S. Communications in Computer and Information Science, International Symposium on Security in Computing and Communications (ISSCC 2013). Springer-Verlag, Mysore, India (2013).Abstract
Virtual Worlds (VWs) are persistent, immersive digital environments, in which people utilise digital representation of themselves. Current management of VW identity is very limited, and security issues arise, such as identity theft. This paper proposes a two-factor user authentication scheme based on One Time Passwords (OTPs), exploiting a Smart Card Web Server (SCWS) hosted on the tamper-resistant Subscriber Identity Module (SIM) within the user's mobile phone. Additionally, geolocation attributes are used to compare phone and PC locations, introducing another obstacle for an attacker. A preliminary security analysis is done on the protocol, and future work is identified.
Cobourne, S., Kyrillidis, L., Mayes, K., Markantonakis, K.: Remote e-Voting using the Smart Card Web Server. Crisis 2012 special edition of International Journal of Secure Software Engineering (IJSSE). (2014).Abstract
Voting in elections is the basis of democracy, but voting at polling stations may not be possible for all citizens. Remote (Internet) e-voting uses the voter's own equipment to cast votes, but is potentially vulnerable to many common attacks, which affect the election's integrity. Security can be improved by distributing vote processing over many web servers installed in tamper-resistant, secure environments, using the Smart Card Web Server (SCWS) on a mobile phone Subscriber Identity Module (SIM). A generic voting model is proposed, using a SIM/SCWS voting application with standardised Mobile Network Operator (MNO) management procedures to process the votes cast. E-voting systems Pret a Voter and Estonian I-voting are used to illustrate the generic model. As the SCWS voting application is used in a distributed processing architecture, e-voting security is enhanced: to compromise an election, an attacker must target many individual mobile devices, rather than a centralised web server.
Cobourne, S., Hili, G., Mayes, K., Markantonakis, K.: Avatar Voting in Virtual Worlds. 5th International Conference on Information and Communication Systems (ICICS 2014). IEEE CS, Irbid, Jordan (2014).Abstract
Virtual Worlds (VWs) are persistent, immersive digital environments where users interact in online communities via avatars. Voting on VW issues is currently done outside the VW environment, as constant monitoring of avatar activities means the privacy of in-world voting cannot be guaranteed. This paper proposes a VW voting method using remote code voting processes situated in a Trusted Secure Layer external to the VW infrastructure, in conjunction with Vote Code Lists sent to a mobile phone application. This approach allows virtual votes to be cast privately and reliably even in a range of attack scenarios.