Abstract
Creating security architectures and processes that directly interact with consumers, especially in consumer electronics, has to take into account usability, user-experience and skill level. Smart cards provide secure services, even in malicious environments, to end-users with a fairly straightforward limited usage pattern that even an ordinary user can easily deal with. The way the smart card industry achieves this is by limiting users’ interactions and privileges on the smart cards they carry around and use to access different services. This centralised control has been the key to providing secure and reliable services through smart cards, while keeping the smart cards fairly useable for end-users. However, as smart cards have permeated into every aspect of modern life, users have ended up carrying multiple cards to perform mundane tasks, making smart card-based services a cumbersome experience. User Centric Smart Cards (UCSC) enable users to have all the services they might be accessing using traditional smart cards on a single device that is under their control. Giving ”freedom of choice” to users increases their privileges, but the design requirement is to maintain the same level of security and reliability as traditional architectures while giving better user experience. In this paper, we will discuss the challenges faced by the UCSC proposal in balancing security with usability and ”freedom of choice”, and how it has resolved them.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Dusart, P., Sauveron, D., Tai-Hoon, K.: Some Limits of Common Criteria Certification. International Journal of Security and its Applications 2(4), 11–20 (2008)
Sauveron, D., Dusart, P.: Which Trust Can Be Expected of the Common Criteria Certification at End-User Level? Future Generation Communication and Networking 2, 423–428 (2007)
Xenakis, C., Merakos, L.: Security in Third Generation Mobile Networks. Computer Communications 27(7), 638–650 (2004)
Schultz, E.E.: Research on Usability in Information Security. Computer Fraud & Security 2007(6), 8–10 (2007)
Anderson, R., Moore, T.: Information Security Economics – and Beyond. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 68–91. Springer, Heidelberg (2007)
Askoxylakis, I.G., Pramateftakis, M., Kastanis, D.D., Traganitis, A.P.: Integration of a Secure Mobile Payment System in a GSM/UMTS SIM Smart Card. In: Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security. CNIS 2007, pp. 40–50. ACTA Press, Anaheim (2007)
Whitten, A., Tygar, J.D.: Why Johnny Can’T Encrypt: A Usability Evaluation of PGP 5.0. In: Proceedings of the 8th Conference on USENIX Security Symposium. SSYM 1999, vol. 8, p. 14. USENIX Association, CA (1999)
EMV 4.2, Online, EMVCo Specification 4.2 (May 2008), http://www.emvco.com/specifications.aspx?id=155
Entity Authentication Assurance Framework, ITU-T, Geneva, Switzerland, Recommendation ITU-T X.1254 (September 2012), http://www.itu.int/rec/T-REC-X.1254-201209-I
Mitrokotsa, A., Sheng, Q.Z., Maamar, Z.: User-driven RFID applications and challenges. Personal and Ubiquitous Computing 16(3), 223–224 (2012)
Akram, R.N., Markantonakis, K., Mayes, K.: Application Management Framework in User Centric Smart Card Ownership Model. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 20–35. Springer, Heidelberg (2009)
Petroulakis, N.E., Askoxylakis, I.G., Tryfonas, T.: Life-logging in Smart Environments: Challenges and Security Threats. In: 2012 IEEE International Conference on Communications (ICC), pp. 5680–5684. IEEE (2012)
Laugesen, J., Yuan, Y.: What Factors Contributed to the Success of Apple’s iPhone? In: Proceedings of the 2010 Ninth International Conference on Mobile Business / 2010 Ninth Global Mobility Roundtable. ICMB-GMR 2010, pp. 91–99. IEEE Computer Society, Washington, DC (2010)
Near Field Communications (NFC). Simplifying and Expanding. Contactless Commerce, Connectivity, and Content, ABI Research, Oyster Bay, NY (2006), http://www.abiresearch.com/research/1000885-Near-Field_Communications_NFC
Sauveron, D.: Multiapplication Smart Card: Towards an Open Smart Card? Inf. Secur. Tech. Rep. 14(2), 70–78 (2009)
The GlobalPlatform Proposition for NFC Mobile: Secure Element Management and Messaging, GlobalPlatform, White Paper (April 2009)
Mobile NFC Services, GSM Association, White Paper Version 1.0 (2007), http://www.gsmworld.com/documents/nfc_services_0207.pdf
Akram, R.N., Markantonakis, K., Mayes, K.: A Paradigm Shift in Smart Card Ownership Model. In: Apduhan, B.O., Gervasi, O., Iglesias, A., Taniar, D., Gavrilova, M. (eds.) Proceedings of the 2010 International Conference on Computational Science and Its Applications (ICCSA 2010), pp. 191–200. IEEE Computer Society, Fukuoka (2010)
GlobalPlatform, A.: New Model: The Consumer-Centric Model and How It Applies to the Mobile Ecosystem, GlobalPlatform, Whitepaper (March 2013)
Girard, P.: Which Security Policy for Multiplication Smart Cards? In: Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, p. 3. USENIX Association, Berkeley (1999), http://portal.acm.org/citation.cfm?id=1267115.1267118
Chaumette, S., Sauveron, D.: New Security Problems Raised by Open Multiapplication Smart Cards. LaBRI, Université Bordeaux 1, pp. 1332–04 (2004)
Akram, R.N., Markantonakis, K., Mayes, K.: A Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 161–172. Springer, Heidelberg (2010)
London Underground: Oyster Card. London Underground. United Kingdom, https://oyster.tfl.gov.uk/oyster/entry.do (visited June 2010)
EnglishOctopus. Octopus Holdings Ltd. Hong Kong, China, http://www.octopus.com.hk/home/en/index.html (visited December 2010)
Akram, R.N., Markantonakis, K., Mayes, K.: Remote Attestation Mechanism based on Physical Unclonable Functions. In: Zhou, C.M.J., Weng, J. (eds.) The 2013 Workshop on RFID and IoT Security (RFIDsec 2013 Asia). IOS Press, Guangzhou (November 2013)
Akram, R.N., Markantonakis, K., Mayes, K.: Remote Attestation Mechanism for User Centric Smart Cards Using Pseudorandom Number Generators. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 151–166. Springer, Heidelberg (2013)
Bringer, J., Chabanne, H., Kevenaar, T.A.M., Kindarji, B.: Extending Match-On-Card to Local Biometric Identification. In: Fierrez, J., Ortega-Garcia, J., Esposito, A., Drygajlo, A., Faundez-Zanuy, M. (eds.) BioID MultiComm2009. LNCS, vol. 5707, pp. 178–186. Springer, Heidelberg (2009), http://www.springerlink.com/content/b16016708315549v/fulltext.pdf
Akram, R.N., Markantonakis, K., Mayes, K.: A Privacy Preserving Application Acquisition Protocol. In: Geyong Min, F.G.M. (ed.) 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2012). IEEE Computer Society, Liverpool (June 2012)
Akram, R.N., Markantonakis, K., Mayes, K.: A Secure and Trusted Channel Protocol for the User Centric Smart Card Ownership Model. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2013). IEEE Computer Society, Melbourne (2013)
Akram, R.N., Markantonakis, K., Mayes, K.: Coopetitive Architecture to Support a Dynamic and Scalable NFC Based Mobile Services Architecture. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 214–227. Springer, Heidelberg (2012)
Basin, D., Friedrich, S., Posegga, J., Vogt, H.: Java Bytecode Verification by Model Checking. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 491–494. Springer, Heidelberg (1999)
Java Card Platform Specification: Classic Edition; Application Programming Interface, Runtime Environment Specification, Virtual Machine Specification, Connected Edition; Runtime Environment Specification, Java Servlet Specification, Application Programming Interface, Virtual Machine Specification, Sample Structure of Application Modules, Sun Microsystem Inc Std. Version 3.0.1 (May 2009)
Basin, D., Friedrich, S., Gawkowski, M.: Verified Bytecode Model Checkers. In: Carreño, V.A., Muñoz, C.A., Tahar, S. (eds.) TPHOLs 2002. LNCS, vol. 2410, pp. 47–66. Springer, Heidelberg (2002)
Akram, R.N., Markantonakis, K., Mayes, K.: Firewall Mechanism in a User Centric Smart Card Ownership Model. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 118–132. Springer, Heidelberg (2010)
Akram, R.N., Markantonakis, K., Mayes, K.: Application-Binding Protocol in the User Centric Smart Card Ownership Model. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 208–225. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Akram, R.N., Markantonakis, K. (2014). Rethinking the Smart Card Technology. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_20
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)