Java Virtual Machine Specification
Java Virtual Machine Specification
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Using Memory Errors to Attack a Virtual Machine
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Malicious Code on Java Card Smartcards: Attacks and Countermeasures
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Reverse engineering java card applets using power analysis
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Application-binding protocol in the user centric smart card ownership model
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Cryptography and Security
Application-Replay attack on java cards: when the garbage collector gets confused
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Evaluation of the ability to transform SIM applications into hostile applications
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Synchronized attacks on multithreaded systems - application to java card 3.0 -
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Combined software and hardware attacks on the java card control flow
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Java card operand stack: fault attacks, combined attacks and countermeasures
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
A friendly framework for hidding fault enabled virus for Java based smartcard
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Towards the hardware accelerated defensive virtual machine: type and bound protection
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Dynamic fault injection countermeasure: a new conception of java card security
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Java card combined attacks with localization-agnostic fault injection
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Proceedings of the First Workshop on Cryptography and Security in Computing Systems
Virus in a smart card: Myth or reality?
Journal of Information Security and Applications
Hi-index | 0.00 |
Java Cards have been threatened so far by attacks using ill-formed applications which assume that the application bytecode is not verified. This assumption remained realistic as long as the bytecode verifier was commonly executed off-card and could thus be bypassed. Nevertheless it can no longer be applied to the Java Card 3 Connected Edition context where the bytecode verification is necessarily performed on-card. Therefore Java Card 3 Connected Edition seems to be immune against this kind of attacks. In this paper, we demonstrate that running ill-formed application does not necessarily mean loading and installing ill-formed application. For that purpose, we introduce a brand new kind of attack which combines fault injection and logical tampering. By these means, we describe two case studies taking place in the new Java Card 3 context. The first one shows how ill-formed applications can still be introduced and executed despite the on-card bytecode verifier. The second example leads to the modification of any method already installed on the card into any malicious bytecode. Finally we successfully mount these attacks on a recent device, emphasizing the necessity of taking into account these new threats when implementing Java Card 3 features.