Chapter

Building the Bridges -- A Proposal for Merging different Paradigms in Mobile NFC Ecosystem

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... In addition, the management architecture proposed in this paper deals with application issuance (lease), application domain pro-25 vision on the smart card, installation, deletion, and application/domain management. Furthermore, this paper an arhitecture for the proposed application download/installation protocols [8,7,9]. As the Consumer-Centric card management architecture brings forward conicting views smart card management architectures, it also highlights new security issues. ...
Article
Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture.
... The success story of Java Card can continue in the area of near field communication (NFC). In this NFC area, the vision of a multi-application Java Card that is controlled by the card user may constitute the next stage for these cards [1]. In this multi-application context, applications from different sources are installed and executed on the card. ...
Conference Paper
Full-text available
Java Cards, which are primarily used to store security-sensitive data, are employed in a wide range of applications, such as authentication and banking. Because these data must be protected against logical and fault attacks, static and runtime verification must be performed to assure the security of Java applets. Currently, this verification is performed in the software. Runtime verification for counteracting fault attacks is costly due to additional execution time and memory consumption. To circumvent the drawbacks of software verification, we propose incorporating a microarchitectural support of runtime verification directly into smart card hardware. These new hardware features enable a defensive virtual machine to counteract buffer overflow attacks, type confusion attacks, control flow attacks, and data integrity attacks. To measure the additional overhead of hardware and performance, the new microarchitectural security features are integrated into a smart card prototype on a field programmable gate array board.
Conference Paper
Embedded devices have permeated into our daily lives and significant day-to-day mundane tasks involve a number of embedded systems. These include smart cards, sensors in vehicles and industrial automation systems. Satisfying the requirements for trusted, reliable and secure embedded devices is more vital than ever before. This urgency is also strengthened further by the potential advent of the Internet of Things and Cyber-Physical Systems. As our reliance on these devices is increasing, the significance of potential threats should not be underestimated, especially as a number of embedded devices are built to operate in malicious environments, where they might be in the possession of an attacker. The challenge to build secure and trusted embedded devices is paramount. In this paper, we examine the security threats to embedded devices along with the associated prevention mechanisms. We also present a holistic approach to the security and trust of embedded devices, from the hardware design, reliability and trust of the runtime environment to the integrity and trustworthiness of the executing applications. The proposed protection mechanisms provide a high degree of security at a minimal computational cost. Such an agnostic view on the security and trust of the embedded devices can be pivotal in their adoption and trust acquisition from the general public and service providers.
Article
Multi-application smart cards enable a user to potentially have a diverse set of applications on her smart card. The growing trend of services convergence fuelled by Near Field Communication and smart phones has made multi-application smart cards a tangible reality. In such an environment, cardholders might have a number of applications on their smart cards and if a card is lost, all of the applications would be lost with it. In addition, consumers might decide to upgrade their smart cards and require a seamless and secure framework to migrate their applications from the old smart card to the new one. Currently, the recovery of a smart card-based service might take from a day to a week at best as each of the lost cards can only be replaced by the respective card issuer, during which time the card issuer might lose business from the user because she is not able to access the provisioned services. Similarly, there is at present no migration mechanism proposed for smart card applications. The proposed framework in this paper enables a user to acquire a new smart card as she desires and then migrate/restore all of her applications onto it — allowing her to recover from her lost digital wallet in a secure, efficient, seamless and ubiquitous manner.
Conference Paper
Full-text available
Since the 1990s, two technologies have reshaped how we see and experience the world around us. These technologies are the Internet and mobile communication, especially smartphones. The Internet pro-vides a cheap and convenient way to explore and communicate with dis-tant people. A multitude of services have converged on the smartphone platform, and potentially the most notable is social networking. With increased interconnectivity and use of online services, concerns about consumers' security and privacy are growing. In this paper, we evaluate the security-and privacy-preserving features provided by existing mo-bile chat services. This paper also puts forwards a basic framework for an End-to-End (E2E) security and privacy-preserving mobile chat service and associated requirements. We implemented the proposal to provide proof-of-concept and evaluate the technical diculty of satisfying the stipulated security and privacy requirements.
ResearchGate has not been able to resolve any references for this publication.