Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Developing a Trojan applets in a smart card
Journal in Computer Virology
Attacks on java card 3.0 combining fault and logical attacks
CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Evaluation of the ability to transform SIM applications into hostile applications
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Application-Replay attack on java cards: when the garbage collector gets confused
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Evaluation of the ability to transform SIM applications into hostile applications
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
A friendly framework for hidding fault enabled virus for Java based smartcard
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Towards the hardware accelerated defensive virtual machine: type and bound protection
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Dynamic fault injection countermeasure: a new conception of java card security
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Java card combined attacks with localization-agnostic fault injection
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Proceedings of the First Workshop on Cryptography and Security in Computing Systems
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
Virus in a smart card: Myth or reality?
Journal of Information Security and Applications
Hi-index | 0.00 |
The Java Card uses two components to ensure the security of its model. On the one hand, the byte code verifier (BCV) checks, during an applet installation, if the Java Card security model is ensured. This mechanism may not be present in the card. On the other hand, the firewall dynamically checks if there is no illegal access. This paper describes two attacks to modify the Java Card control flow and to execute our own malicious byte code. In the first attack, we use a card without embedded security verifier and we show how it is simple to change the return address of a current function. In the second attack, we consider the hypothesis that the card embeds a partial implementation of a BCV. With the help of a laser beam, we are able to change the execution flow.