A User Centric Security Model for Tamper-Resistant Devices

10.1 Summary and Conclusions
10.1 Summary and Conclusions
The main goal of this thesis was to explore the viability of user ownership for a security
sensitive device whose architecture is based on smart card technology. The introduction
of this user ownership aects all stages of the smart card and application lifecycle, which
we analysed during the course of this thesis.
We began the discussion by mapping the security and privacy landscape from three dierent
computing elds: smart cards, mobiles and traditional computing environments. These
computing devices are used by individual users with an ever growing reliance on them, so
there needs to be a unied security and privacy-preserving architecture that can be easily
integrated to any of these computing devices. We consider that the User Centric Tamper-
Resistant Device (UCTD) has the potential to deliver such a unied (services) architecture.
We provided the rationale for the UCTD framework. To explain how we selected an
appropriate base architecture for the UCTDs, we provided a comparison between dierent
proposals that included TPM, AEGIS, ARM TrustZone, M-Shield, and GlobalPlatform's
TEE and the smart card architecture. This comparison gave us a clear indication that
the smart card architecture is the one most suited to be a UCTD that supports unied
security, trust, and privacy architecture for dierent computing devices. However, the
issue with smart card technology is its ownership architecture that is stringently under
a centralised authority. A possible solution is to delegate smart card ownership from a
centralised authority to its users.
Before we delved into the core of the thesis, we provided a detailed coverage of dierent ownership
models that exist in the smart card ecosystem. We began with the centralised control
of smart cards provided by the Issuer Centric Smart Card Ownership Model (ICOM), and
discussed its advantages and drawbacks. We then briey examined dierent proposals
that support the ICOM framework, including Java Card, Multos and GlobalPlatform. We
referred to these prominent ICOM frameworks throughout the thesis, comparing and contrasting
our proposal with them. This short introduction to the ICOM frameworks was
provided to set the scenery and to help the reader understand the present characteristics
of dierent frameworks that support the ICOM.
Subsequently, we discussed the frameworks in the smart card industry that come close to
providing the user ownership. Unfortunately, the concept of ownership as described in our
proposal of the User Centric Smart Card Ownership Model (UCOM) is not close to any
of the existing proposals. The concept of ownership in UCOM has to do with freedom
of choice and not complete control of the smart card device as the card issuers have in
the ICOM. Therefore, the concept of freedom of choice can be considered a novel idea in
the context of the smart card technology. We identied dierent stakeholders and their
security and operational requirements. This discussion served as an introduction to the
225