Simulator Problem in User Centric Smart Card Ownership Model

Raja Naeem Akram; Konstantinos Markantonakis; Keith Mayes

doi:10.1109/EUC.2010.108

Simulator Problem in User Centric Smart Card Ownership Model

Raja Naeem Akram, Konstantinos Markantonakis, Keith Mayes

Computing Science

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

12 Citations (Scopus)

Abstract

The Issuer Centric Smart Card Ownership Model (ICOM) gives complete control of smart cards to their respective card issuers, enabling them to install, modify or delete applications remotely, in a secure manner. However, the User Centric Smart Card Ownership Model (UCOM) delegates the ownership of smart cards to their users, entitling them to install or delete any application according to their requirements. In the UCOM there might be no off-card relationship between a smart card and an application provider, referred to as a Service Provider, which is the cornerstone of the ICOM security framework. Therefore, this creates unique security issues like the simulator problem, in which a malicious user may simulate the smart card environment on a computing device and requests installation of an application. Following this, it might be possible to retrieve sensitive application data by reverse engineering. In this paper, we analyse the simulator problem, how it affects the UCOM and propose a possible solution.

Original language	English
Title of host publication	IEEE/IFIP International Conference on Embedded and Ubiquitous Computing
Place of Publication	HongKong, China
Publisher	IEEE Computer Society Press
DOIs	https://doi.org/10.1109/EUC.2010.108
Publication status	Published - 1 Dec 2010

Access to Document

10.1109/EUC.2010.108

Cite this

@inproceedings{b54ec5e090994de5b8e7c69b94423eaf,

title = "Simulator Problem in User Centric Smart Card Ownership Model",

abstract = "The Issuer Centric Smart Card Ownership Model (ICOM) gives complete control of smart cards to their respective card issuers, enabling them to install, modify or delete applications remotely, in a secure manner. However, the User Centric Smart Card Ownership Model (UCOM) delegates the ownership of smart cards to their users, entitling them to install or delete any application according to their requirements. In the UCOM there might be no off-card relationship between a smart card and an application provider, referred to as a Service Provider, which is the cornerstone of the ICOM security framework. Therefore, this creates unique security issues like the simulator problem, in which a malicious user may simulate the smart card environment on a computing device and requests installation of an application. Following this, it might be possible to retrieve sensitive application data by reverse engineering. In this paper, we analyse the simulator problem, how it affects the UCOM and propose a possible solution.",

author = "Akram, {Raja Naeem} and Konstantinos Markantonakis and Keith Mayes",

year = "2010",

month = dec,

day = "1",

doi = "10.1109/EUC.2010.108",

language = "English",

booktitle = "IEEE/IFIP International Conference on Embedded and Ubiquitous Computing",

publisher = "IEEE Computer Society Press",

}

TY - GEN

T1 - Simulator Problem in User Centric Smart Card Ownership Model

AU - Akram, Raja Naeem

AU - Markantonakis, Konstantinos

AU - Mayes, Keith

PY - 2010/12/1

Y1 - 2010/12/1

N2 - The Issuer Centric Smart Card Ownership Model (ICOM) gives complete control of smart cards to their respective card issuers, enabling them to install, modify or delete applications remotely, in a secure manner. However, the User Centric Smart Card Ownership Model (UCOM) delegates the ownership of smart cards to their users, entitling them to install or delete any application according to their requirements. In the UCOM there might be no off-card relationship between a smart card and an application provider, referred to as a Service Provider, which is the cornerstone of the ICOM security framework. Therefore, this creates unique security issues like the simulator problem, in which a malicious user may simulate the smart card environment on a computing device and requests installation of an application. Following this, it might be possible to retrieve sensitive application data by reverse engineering. In this paper, we analyse the simulator problem, how it affects the UCOM and propose a possible solution.

AB - The Issuer Centric Smart Card Ownership Model (ICOM) gives complete control of smart cards to their respective card issuers, enabling them to install, modify or delete applications remotely, in a secure manner. However, the User Centric Smart Card Ownership Model (UCOM) delegates the ownership of smart cards to their users, entitling them to install or delete any application according to their requirements. In the UCOM there might be no off-card relationship between a smart card and an application provider, referred to as a Service Provider, which is the cornerstone of the ICOM security framework. Therefore, this creates unique security issues like the simulator problem, in which a malicious user may simulate the smart card environment on a computing device and requests installation of an application. Following this, it might be possible to retrieve sensitive application data by reverse engineering. In this paper, we analyse the simulator problem, how it affects the UCOM and propose a possible solution.

U2 - 10.1109/EUC.2010.108

DO - 10.1109/EUC.2010.108

M3 - Published conference contribution

BT - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing

PB - IEEE Computer Society Press

CY - HongKong, China

ER -

Simulator Problem in User Centric Smart Card Ownership Model

Abstract

Access to Document

Fingerprint

Cite this