Using the Smart Card Web Server to Enhance the Security of Web Applications and the Web of Things

Lazaros Kyrillidis

Research output: ThesisDoctoral Thesis

583 Downloads (Pure)


The invention of the World Wide Web (Web) has changed forever the way society op-
erates. Communication, shopping, entertainment, have all transformed and nowadays
a large part of humanity depends on the Web for a number of everyday tasks.

In recent years, a new technology appeared. It is called the Internet of Things (IoT)
and assumes the participation in a worldwide network of any device, despite its size,
functionality or purpose. Both the Web and the IoT face a number of security concerns.
The security of the Web is undermined by threats that aim at disrupting its normal
operation, while for the IoT it is the use of proprietary protocols that weaken the inter-
operability between individual devices and the ease of tampering reduces its usefulness.
Fortunately, the industry has knowledge and experience in developing a strong, tamper
resistant device, the smart card. Smart cards are ubiquitous and strengthen a number
of functions (payments, mobile telephony) and are the most secure token in mass pro-
duction. Moreover, in recent years their interconnection capabilities have been further
enhanced and this enhancement made available the hosting of the Smart Card Web
Server (SCWS). The SCWS is a small web server running inside the smart/SIM card.

In this thesis we describe research that by using smart cards and the SCWS, over
standardised protocols, we can enjoy tamper resistant solutions and enhanced security
for the Web. In the same context, we consider a subcategory of the IoT, the Web of
Things (WoT), that is using web-enabled protocols for the IoT and enhance its secu-
rity by means of the combination of smart cards with the SCWS. The feasibility of the
solution is depicted through four use cases, for which architecture and protocols are de-
scribed and the necessary security analysis is conducted. Future work can demonstrate
in practice that the SCWS with smart cards can enhance the security of the Web and
the WoT.
Original languageEnglish
Awarding Institution
  • Royal Holloway, University of London
  • Mayes, Keith, Supervisor
Award date1 Jun 2018
Publication statusPublished - 2018


  • SCWS
  • Smart Card
  • Smart Card Web Server
  • Internet of Things
  • IoT
  • Web of Things
  • WoT

Cite this