{"title":"Simulator Problem in User Centric Smart Card Ownership Model","authors":"Raja Naeem Akram, K. Markantonakis, K. Mayes","doi":"10.1109/EUC.2010.108","DOIUrl":null,"url":null,"abstract":"The Issuer Centric Smart Card Ownership Model (ICOM) gives complete control of smart cards to their respective card issuers, enabling them to install, modify or delete applications remotely, in a secure manner. However, the User Centric Smart Card Ownership Model (UCOM) delegates the ownership of smart cards to their users, entitling them to install or delete any application according to their requirements. In the UCOM there might be no off-card relationship between a smart card and an application provider, referred to as a Service Provider, which is the cornerstone of the ICOM security framework. Therefore, this creates unique security issues like the simulator problem, in which a malicious user may simulate the smart card environment on a computing device and requests installation of an application. Following this, it might be possible to retrieve sensitive application data by reverse engineering. In this paper, we analyse the simulator problem, how it affects the UCOM and propose a possible solution.","PeriodicalId":265175,"journal":{"name":"2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EUC.2010.108","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
The Issuer Centric Smart Card Ownership Model (ICOM) gives complete control of smart cards to their respective card issuers, enabling them to install, modify or delete applications remotely, in a secure manner. However, the User Centric Smart Card Ownership Model (UCOM) delegates the ownership of smart cards to their users, entitling them to install or delete any application according to their requirements. In the UCOM there might be no off-card relationship between a smart card and an application provider, referred to as a Service Provider, which is the cornerstone of the ICOM security framework. Therefore, this creates unique security issues like the simulator problem, in which a malicious user may simulate the smart card environment on a computing device and requests installation of an application. Following this, it might be possible to retrieve sensitive application data by reverse engineering. In this paper, we analyse the simulator problem, how it affects the UCOM and propose a possible solution.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
