A privacy preserving application acquisition protocol

Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012

Volumn , Issue , 2012, Pages 383-392

  Akram, Raja Naeem ^a   Markantonakis, Konstantinos ^a   Mayes, Keith ^a  

^a UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

Application Installation Protocol; CasperFDR; Privacy Preservation; Smart Cards; User Centric Smart Card Ownership Model

Indexed keywords

ACQUISITION PROCESS; ACQUISITION PROTOCOLS; APPLICATION PROVIDERS; APPLICATION SCENARIO; CASPERFDR; CHANNEL PROTOCOLS; DYNAMIC ENVIRONMENTS; FORMAL ANALYSIS; OWNERSHIP MODEL; PRIVACY PRESERVATION; PRIVACY PRESERVING; SECURE CHANNELS; SERVICE MANAGERS; SMART CARD INDUSTRY; USER-CENTRIC;

MANAGERS; SMART CARDS; UBIQUITOUS COMPUTING;

NETWORK ARCHITECTURE;

EID: 84868107460     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/TrustCom.2012.47     Document Type: Conference Paper

References (45)

1. ISO/IEC 18092: Near Field Communication - Interface and Protocol (NFCIP-1), International Organization for Standardization (ISO) Std., April 2004.
2. "Co-Branded Multi-Application Contactless Cards for Transit and Financial Payment," Smart Card Alliance, USA, White Paper TC-08001, March 2008.
3. (2011) NFC Trials, Pilots, Tests and Live Services around the World. Online. NFC World.
4. D. Sauveron, "Multiapplication Smart Card: Towards an Open Smart Card?" Inf. Secur. Tech. Rep., vol. 14, no. 2, pp. 70-78, 2009.
5. "Mobile NFC Services," GSM Association, White Paper Version 1.0, 2007.
6. Anonymous.
7. "Smart Cards; Smart Card Platform Requirements Stage 1(Release 9)," ETSI, France, Tech. Rep. ETSI TS 102 412 (V9.1.0), June 2009.
8. Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, and N. Asokan, "Beyond Secure Channels," in STC '07: Proceedings of the 2007 ACM workshop on Scalable trusted computing. New York, NY, USA: ACM, 2007, pp. 30-40.
9. Trusted Module Specification 1.2, Trusted Computing Group Std., Rev. 103, July 2007.
10. L. Zhou and Z. Zhang, "Trusted Channels with Password-Based Authentication and TPM-Based Attestation," International Conference on Communications and Mobile Computing, pp. 223-227, 2010.
11. F. Armknecht, Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, G. Ramunno, and D. Vernizzi, "An efficient implementation of trusted channels based on openssl," in Proceedings of the 3rd ACM workshop on Scalable trusted computing, ser. STC '08. New York, NY, USA: ACM, 2008, pp. 41-50.
12. Remote Application Management over HTTP, Online, GlobalPlatform Specification, September 2006.
13. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. CRC, October 1996.
14. G. Horn, K. M. Martin, and C. J. Mitchell, "Authentication Protocols for Mobile Network Environment Value-Added Services," in IEEE Transactions on Vehicular Technology, vol. 51. IEEE, March 2002, pp. 383-392.
15. GlobalPlatform: GlobalPlatform Card Specification,Version 2.2,, Online, GlobalPlatform Specification, March 2006.
16. GlobalPlatform Card Technology: Secure Channel Protocol 03, Online, GlobalPlatform Public Release, September 2009. [Online]. Available: http://www.globalplatform.org/specificationscard.asp
17. "Smart Cards; Secured Packet Structure for UICC based Applications (Release 6)," ETSI, France, Tech. Rep. ETSI TS 102 225 (V6.8.0), April 2006.
18. "Multos: Guide to Loading and Deleting Applications," MAOSCO, Tech. Rep. MAO-DOC-TEC-008 v2.21, 2006. [Online]. Available: http://www.multos.com/downloads/technical/glda.pdf
19. T. Dierks and E. Rescorla, "RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2," Tech. Rep., August 2008.
20. W. Diffie, P. C. Van Oorschot, and M. J. Wiener, "Authentication and Authenticated Key Exchanges," Des. Codes Cryptography, vol. 2, pp. 107-125, June 1992.
21. A. Aziz and W. Diffie, "Privacy And Authentication For Wireless Local Area Networks," IEEE Personal Communications, vol. 1, pp. 25-31, First Quarter 1994.
22. G. Horn and B. Preneel, "Authentication and payment in future mobile systems," in Computer Security - ESORICS 98, ser. Lecture Notes in Computer Science, J.-J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, Eds. Springer Berlin / Heidelberg, 1998, vol. 1485, pp. 277-293, 10.1007/BFb0055870.
23. W. Aiello, S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. D. Keromytis, and O. Reingold, "Just fast keying: Key agreement in a hostile internet," ACM Trans. Inf. Syst. Secur., vol. 7, pp. 242-273, May 2004.
24. K. Markantonakis and K. Mayes, "A Secure Channel Protocol for Multi-application Smart Cards based on Public Key Cryptography," in CMS 2004 - Eight IFIP TC-6-11 Conference on Communications and Multimedia Security, D. Chadwick and B. Prennel, Eds. Springer, September 2004, pp. 79-96.
25. W. G. Sirett, J. A. MacDonald, K. Mayes, and C. Markantonakis, "Design, Installation and Execution of a Security Agent for Mobile Stations," in Smart Card Research and Advanced Applications, 7th IFIP WG 8.8/11.2 International Conference, CARDIS, ser. LNCS, J. Domingo-Ferrer, J. Posegga, and D. Schreckling, Eds., vol. 3928. Tarragona, Spain: Springer, April 2006, pp. 1-15.
26. S. Blake-Wilson, D. Johnson, and A. Menezes, "Key Agreement Protocols and Their Security Analysis," in Proceedings of the 6th IMA International Conference on Cryptography and Coding. London, UK: Springer-Verlag, 1997, pp. 30-45.
27. C. Mitchell, M. Ward, and P. Wilson, "Key control in key agreement protocols," Electronics Letters, vol. 34, no. 10, pp. 980-981, May 1998.
28. Common Criteria for Information Technology Security Evaluation, Online, Common Criteria Specification Version 3.1, August 2006.
29. D. Sauveron and P. Dusart, "Which Trust Can Be Expected of the Common Criteria Certification at End-User Level?" Future Generation Communication and Networking, vol. 2, pp. 423-428, 2007.
30. W. Rankl and W. Effing, Smart Card Handbook. New York, NY, USA: John Wiley & Sons, Inc., 2003.
31. FIPS 140-2: Security Requirements for Cryptographic Modules, Online, National Institute of Standards and Technology (NIST) Federal Information Processing Standards Publication, Rev. Supercedes FIPS PUB 140-1, May 2005. [Online]. Available: http://csrc.nist.gov/publications/fips/fips140-2/fips1402. pdf
32. R. Kennell and L. H. Jamieson, "Establishing the genuinity of remote computer systems," in Proceedings of the 12th conference on USENIX Security Symposium - Volume 12. Berkeley, CA, USA: USENIX Association, 2003, pp. 21-21. [Online]. Available: http://portal.acm.org/citation.cfm?id=1251353. 1251374
33. B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, "Silicon physical random functions," in Proceedings of the 9th ACM conference on Computer and communications security, ser. CCS '02. New York, NY, USA: ACM, 2002, pp. 148-160.
34. FIPS 186-3 : Digital Signature Standard (DSS), Online, National Institute of Standards and Technology (NIST) Std., June 2009.
35. D. A. Basin, S. Friedrich, J. Posegga, and H. Vogt, "Java Bytecode Verification by Model Checking," in CAV '99: Proceedings of the 11th International Conference on Computer Aided Verification. London, UK: Springer-Verlag, 1999, pp. 491-494.
36. G. Lowe, "Casper: a compiler for the analysis of security protocols," J. Comput. Secur., vol. 6, pp. 53-84, January 1998. [Online]. Available: http://dl.acm.org/citation.cfm?id=353677.353680
37. C. A. R. Hoare, Communicating sequential processes. New York, NY, USA: ACM, 1978, vol. 21, no. 8.
38. P. Ryan and S. Schneider, The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley Professional, 2000.
39. P. Urien, "Collaboration of SSL Smart Cards within the WEB2 Landscape," Collaborative Technologies and Systems, International Symposium on, vol. 0, pp. 187-194, 2009.
40. P. Urien and S. Elrharbi, "Tandem Smart Cards: Enforcing Trust for TLS-Based Network Services," Applications and Services in Wireless Networks, International Workshop on, pp. 96-104, 2008.
41. P. Urien, E. Marie, and C. Kiennert, "An Innovative Solution for Cloud Computing Authentication: Grids of EAP-TLS Smart Cards," Digital Telecommunications, International Conference on, pp. 22-27, 2010.
42. A. Harbitter and D. A. Menascé, "The performance of public keyenabled kerberos authentication in mobile computing applications," pp. 78-85, 2001.
43. Joan Daemen and Vincent Rijmen, The Design of Rijndael: AES - The Advanced Encryption Standard. Berlin, Heidelberg, New York: Springer Verlag, 2002.
44. FIPS 180-2: Secure Hash Standard (SHS), National Institute of Standards and Technology (NIST) Std., 2002.
45. M. Lepinski and S. Kent, "RFC 5114 - Additional Diffie-Hellman Groups for Use with IETF Standards," Tech. Rep.,