A Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism

Akram, Raja Naeem; Markantonakis, Konstantinos; Mayes, Keith

doi:10.1007/978-3-642-15257-3_15

Cited by 16 publications

(10 citation statements)

References 8 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attestation handler implements the security-assurance and validation mechanism that certify to the requesting entity (e.g. Service Provider: SP) that the smart card's state is as it was at the time of a third party evaluation and stated by the evaluation certi cate [11]. An evaluation certi cate is a cryptographically signed certi cate issued by an evaluation body, and the respective card manufacturer places it on the platform.…”

Section: Trusted Environment and Execution Manager (Tem)mentioning

confidence: 99%

Coopetitive Architecture to Support a Dynamic and Scalable NFC Based Mobile Services Architecture

Akram

Markantonakis

Mayes

2012

Information and Communications Security

Self Cite

View full text Add to dashboard Cite

takes an opposite approach of delegating the smart card ownership to its users. Therefore, to reconcile these two approaches we proposed the Coopetitive Architecture for Smart Cards (CASC) that avoids market segregation, increase revenue generation, and provide exibility, robustness, and scalability. To support the CASC framework in this paper, we propose an application installation protocol that provides entity authentication, trust assurance and validation, mutual key and contractualagreement generation. The protocol is compared with existing protocols on its performance, stated security, and operational goals. Furthermore, CasperFDR is used to provide a mechanical formal analysis of the protocol.

show abstract

Section: Trusted Environment and Execution Manager (Tem)mentioning

confidence: 99%

Coopetitive Architecture to Support a Dynamic and Scalable NFC Based Mobile Services Architecture

Akram

Markantonakis

Mayes

2012

Information and Communications Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…limited scalability regarding the support for di erent application and platform scenarios, e) do not provide dynamic trust validation and assurance [56] and require an implicit trust, f ) do not require third party (security) evaluation, and g) do not provide user ownership/control (e.g. smart cards [32]).…”

Section: Aegis) C) Have Limited Application Execution Without User Cmentioning

confidence: 99%

“…It only gives the assurance that the smart card is secure against attacks as evaluated by the third party and stated in the issued certi cate [56], and that it is a state-of-the-art tamper-resistant device at the time of evaluation. Therefore, if the evaluation certi cate does not meet the SPs requirements or it out-dates the current attacker capability then the SP should decline the application lease.…”

Section: Simulator Attack Resiliencementioning

confidence: 99%

“…The applications have no in uence on the outcome of the hash generation; so they cannot fake their current state. If the current state is considered to have deviated from the stated secure state in the application certi cate [56], the recipient can then decide whether to continue the protocol or not.…”

Section: Informal Analysis Of the Proposed Protocolsmentioning

confidence: 99%

“…This assumption that centralised control guarantees security led to a realistic but simple approach to numerous smart card security mechanisms; such as the smart card rewall [82], application installation mechanism/protocol [83], virtual machine [84] and platform assurance [56,85,86]. Costly.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations