User Centric Devices

Akram, R.N., Markantonakis, K., Sauveron, D.: A novel consumer-centric card management architecture and potential security issues. Information Sciences. - (2015). WebsiteAbstract
Abstract Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. \{NFC\} has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the \{UCOM\} and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the \{UCOM\} and GP-CCM frameworks, along with ways of integrating the \{TSM\} model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture.
Akram, R.N., Markantonakis, K., Sauveron, D.: Collaborative and Ubiquitous Consumer Oriented Trusted Service Manager. In: Liu, Y. The 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-14). IEEE CS (2014).Abstract
Near Field Communication (NFC) enables a mobile phone to emulate a contactless smart card. This has reinvigorated the multiapplication smart card initiative. Trusted Service Manager (TSM) is an entity that is trusted by all stakeholders in the proposed and trialled NFC-based smart card ecosystem. However, TSM-based models have the potential to create market segregation that might lead to limited or slow adoption. In addition, all major stakeholders (e.g. Telecom and banks) are pushing for their own TSM models and this might hinder deployment. In this paper we present a Collaborative and Ubiquitous Consumer Oriented Trusted Service Manager (CO-TSM)-based model that combines different TSM models while providing scalability to the overall architecture. In addition, our proposal also provides flexibility to both consumers and application providers. To support our proposal, we present a core architecture based on two contrasting approaches: the Issuer Centric Smart Card Ownership Model (ICOM) and the User Centric Smart Card Ownership Model (UCOM). Based on the core architecture, we then describe our proposal for an application download framework and a secure channel protocol. Finally, the implementation experience and performance measurements for the secure channel protocol are discussed.
Akram, R.N., Markantonakis, K., Mayes, K.: Rethinking the Smart Card Technology, Invited Paper. In: Tryfonas, T. and Askoxylakis, I. 16th International Conference on Human-Computer Interaction. Springer (2014).Abstract
Creating security architectures and processes that directly interact with consumers, especially in consumer electronics, has to take into account usability, user-experience and skill level. Smart cards provide secure services, even in malicious environments, to end-users with a fairly straightforward limited usage pattern that even an ordinary user can easily deal with. The way the smart card industry achieves this is by limiting users' interactions and privileges on the smart cards they carry around and use to access different services. This centralised control has been the key to providing secure and reliable services through smart cards, while keeping the smart cards fairly useable for end-users. However, as smart cards have permeated into every aspect of modern life, users have ended up carrying multiple cards to perform mundane tasks, making smart card-based services a cumbersome experience. User Centric Smart Cards (UCSC) enable users to have all the services they might be accessing using traditional smart cards on a single device that is under their control. Giving "freedom of choice" to users increases their privileges, but the design requirement is to maintain the same level of security and reliability as traditional architectures while giving better user experience. In this paper, we will discuss the challenges faced by the UCSC proposal in balancing security with usability and "freedom of choice", and how it has resolved them.
Zhang, Q., Mayes, K., Markantonakis, K.: A user-centric m-payment solution. Mobile Technology, Applications and Systems, 2005 2nd International Conference on. p. 8. , Guangzhou, China (2005).Abstract
In this paper, we present a user-centric m-payment solution over Internet. The main contribution of the proposed solution includes; 1: ensuring fair-exchange, 2: ensuring the user's anonymity and privacy protection, 3: implementing an embedded biometric authentication framework for high security requirement
Akram, R.N., Markantonakis, K., Mayes, K.: A Secure and Trusted Channel Protocol for the User Centric Smart Card Ownership Model. 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-13). IEEE Computer Society, Melbourne, Australia (2013).Abstract
The User Centric Smart Card Ownership Model (UCOM) provides an open and dynamic smart card environment enabling cardholders to request installation/deletion of an application to which they are entitled. As in this model, smart cards are not under the control of a centralised authority; hence, it is difficult for an application provider to ascertain their trustworthiness. At present, proposed secure channel protocols for the smart card environment do not provide adequate assurance required by the UCOM. In this paper, we explore the reasons behind their failure to meet the UCOM requirements and then propose a secure and trusted channel protocol that meets them. In addition, the proposed protocol is also suitable to GlobalPlatform's consumer-centric smart cards. A comparison of the proposed protocol with existing smart card and selected Internet protocols is provided. Then we analyse the protocol with the CasperFDR tool. Finally, we detail the implementation and the performance measurement.
Akram, R.N., Markantonakis, K., Mayes, K.: Application Management Framework in User Centric Smart Card Ownership Model. In: YOUM, H.Y. and Yung, M. The 10th International Workshop on Information Security Applications (WISA'09). p. 20-35. Springer Berlin Heidelberg, Busan, Korea (2009).Abstract
The predominant smart card ownership model is the issuer centric, and it has played a vital role in the proliferation of the technology. However, recent developments of multi-application smart card technology lead to new potential ownership models. One of the possible models is the User Centric Smart Card Ownership Model. In this model, the ownership is with smart card users. To support user's ownership, we require a framework that can assist cardholders to manage applications on their smart cards. In this paper, we present such a framework for managing application securely on a smart card.
Akram, R.N., Markantonakis, K., Mayes, K.: A Paradigm Shift in Smart Card Ownership Model. In: Apduhan, B.O., Osvaldo Gervasi,, Andres Iglesias,, Taniar, D., and Gavrilova, M. Proceedings of the 2010 International Conference on Computational Science and Its Applications (ICCSA 2010). p. 191-200. IEEE Computer Society, Fukuoka Japan (2010).Abstract
Smart cards have been proliferated into many aspects of modern life. Historically the ownership of smart cards has remained with the smart card issuers. Although this ownership model is favoured by a wide range of industries and service providers it does not provide optimum convenience and flexibility to cardholders. One potential solution could be to shift the control of smart cards from the smart card issuers to the smart card users. In this paper we will analyse the feasibility of an ownership model that delegates the ownership of a smart card to its user. The operational and security requirements of the proposed ownership model will be provided. In addition principal research questions are identified that would merit further in-depth analysis to test the viability of this ownership model.
Akram, R.N., Markantonakis, K., Mayes, K.: Coopetitive Architecture to Support a Dynamic and Scalable NFC based Mobile Services Architecture. In: Chow, K.P. and Hui, L.C.K. The 2012 International Conference on Information and Communications Security (ICICS 2012). p. 214-227. Springer Berlin Heidelberg, Hong Kong, China (2012).Abstract
Near Field Communication (NFC) has reinvigorated the multi-application smart card initiative. The NFC trials are relying on an extension of Issuer Centric Smart Card Model (ICOM) referred as Trusted Service Manager (TSM) architecture, which may create market segregation. Where the User Centric Smart Card Ownership Model (UCOM) takes an opposite approach of delegating the smart card ownership to its users. Therefore, to reconcile these two approaches we proposed the Coopetitive Architecture for Smart Cards (CASC) that avoids market segregation, increase revenue generation, and provide flexibility, robustness, and scalability. To support the CASC framework in this paper, we propose an application installation protocol that provides entity authentication, trust assurance and validation, mutual key and contractual-agreement generation. The protocol is compared with existing protocols on its performance, stated security, and operational goals. Furthermore, CasperFDR is used to provide a mechanical formal analysis of the protocol.
Akram, R.N., Markantonakis, K., Mayes, K.: Remote Attestation Mechanism for User Centric Smart Cards using Pseudorandom Number Generators. In: Qing, S., Zhou, J., and Dongmei, L. 15th International Conference on Information and Communications Security (ICICS 2013). p. 151-166. Springer International Publishing, Beijing, China (2013).Abstract
User Centric Smart Card Ownership Model (UCOM) gives the "freedom of choice" of respective applications to the smart card users. The user-centric architecture requires a trusted entity to be present on the smart card to provide security assurance and validation to the requesting application providers. In this paper, we propose the inclusion of a trusted computing platform for smart cards that we refer as the Trusted Environment and Execution Manager (TEM). This is followed by the rationale behind the changes to the traditional smart card architecture to accommodate the remote security assurance and validation mechanism. We propose an attestation protocol that provides an on-demand security validation of a smart card by its respective manufacturer. Finally, the attestation protocol is informally analysed, and its test implementation and performance measurements are presented.