Attack model for verification of interval security properties for smart card C codes

  • Authors:

  • P. Berthomé;K. Heydemann;X. Kauffmann-Tourkestansky;J.-F. Lalande

  • Affiliations:

  • Centre-Val de Loire Université, Bourges, France;UPMC/LIP6, Paris Cedex, France;Oberthur Technologies, Nanterre, France;Centre-Val de Loire Université, Bourges, France

  • Venue:
  • PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

Smart card programs are subject to physical attacks that disturb the execution of the embedded code. These attacks enable attackers to steal valuable information or to force a malicious behavior upon the attacked code. This paper proposes a methodology to check interval security properties on smart card source codes. The goal is to identify critical attacks that violate these security properties. The verification takes place at source-level and considers all possible attacks thanks to a proposed source-level model of physical attacks. The paper defines an equivalence relation between attacks and shows that a code can be divided into areas where attacks are equivalent. Thus, verifying an interval security property considering all the possible attacks requires to verify as many codes as the number of equivalence classes. This paper provides a reduction algorithm to define the classes i.e. the minimal number of attacked codes that covers all possible attacks. The paper also proposes a solution to make the property verification possible for large codes or codes having unknown source parts.