Combined software and hardware attacks on the java card control flow

Authors:
Guillaume Bouffard;Julien Iguchi-Cartigny;Jean-Louis Lanet
Affiliations:
Smart Secure Devices (SSD) Team --- XLIM Labs, Université de Limoges, Limoges, France;Smart Secure Devices (SSD) Team --- XLIM Labs, Université de Limoges, Limoges, France;Smart Secure Devices (SSD) Team --- XLIM Labs, Université de Limoges, Limoges, France
Venue:
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Year:
2011

Citing 4
Cited 9

Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Developing a Trojan applets in a smart card

Journal in Computer Virology
Attacks on java card 3.0 combining fault and logical attacks

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Evaluation of the ability to transform SIM applications into hostile applications

CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications

Application-Replay attack on java cards: when the garbage collector gets confused

ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Evaluation of the ability to transform SIM applications into hostile applications

CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
A friendly framework for hidding fault enabled virus for Java based smartcard

DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Towards the hardware accelerated defensive virtual machine: type and bound protection

CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Dynamic fault injection countermeasure: a new conception of java card security

CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Java card combined attacks with localization-agnostic fault injection

CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Countering type confusion and buffer overflow attacks on Java smart cards by data type sensitive obfuscation

Proceedings of the First Workshop on Cryptography and Security in Computing Systems
Load time code validation for mobile phone Java Cards

Journal of Information Security and Applications
Virus in a smart card: Myth or reality?

Journal of Information Security and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Java Card uses two components to ensure the security of its model. On the one hand, the byte code verifier (BCV) checks, during an applet installation, if the Java Card security model is ensured. This mechanism may not be present in the card. On the other hand, the firewall dynamically checks if there is no illegal access. This paper describes two attacks to modify the Java Card control flow and to execute our own malicious byte code. In the first attack, we use a card without embedded security verifier and we show how it is simple to change the return address of a current function. In the second attack, we consider the hypothesis that the card embeds a partial implementation of a BCV. With the help of a laser beam, we are able to change the execution flow.