A user centric security model for tamper-resistant devices

• Main Author: Akram, Raja
• Published: Royal Holloway, University of London 2012
• Subjects: 006.246; users : security model : tamper-resistant devices : smart card : UCTD : ICOM : UCOM : CASC
• Online Access: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.586606

In this thesis, we propose a ubiquitous and interoperable device based on the smart card architecture to meet the challenges of privacy, trust, and security for traditional and emerging technologies like personal computers, smart phones and tablets. Such a device is referred as User Centric Tamper-Resistant Device (UCTD). To support the smart card architecture for the UCTD initiative, we propose the delegation of smart card ownership from a stringent centralised authority (i.e. the card issuer) to users. This delegation mandated the review of existing smart card mechanisms and their adequate modifications/improvements. Since the inception of smart card technology, the most prevalent ownership model in the smart card industry has been the Issuer Centric Smart Card Ownership Model (ICOM). The ICOM has no doubt played a pivotal role in the proliferation of the technology into various segments of modern life. However, it has been a barrier to the convergence of different services on a smart card. In addition, it might be considered as a hurdle to the adaption of smart card technology into a general-purpose security device. To avoid these issues, we propose citizen ownership of smart cards, referred as the User Centric Smart Card Ownership Model (UCOM). Contrary to the ICOM, it gives the power of decision to install or delete an application on a smart card to its user. The ownership of corresponding applications remains with their respective application providers along with the choice to lease their application to a card or not. In addition, based on the UCOM framework, we also proposed the Coopetitive Architecture for Smart Cards (CASC) that merges the centralised control of card issuers with the provision of application choice to the card user. In the core of the thesis, we analyse the suitability of the existing smart card architectures for the UCOM. This leads to the proposal of three major contributions spanning the smart card architecture, the application management framework, and the execution environment. Furthermore, we propose protocols for the application installation mechanism and the application sharing mechanism (i.e. smart card firewall). In addition to this, we propose a framework for backing-up, migrating, and restoring the smart card contents. Finally, we provide the test implementation results of the proposed protocols along with their performance measures. The protocols are then compared in terms of features and performance with existing smart cards and internet protocols. In order to provide a more detailed analysis of proposed protocols and for the sake of completeness, we performed mechanical formal analysis using the CasperFDR.