Java Virtual Machine Specification
Java Virtual Machine Specification
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Using Memory Errors to Attack a Virtual Machine
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Malicious Code on Java Card Smartcards: Attacks and Countermeasures
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Automatic detection of fault attack and countermeasures
WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Developing a Trojan applets in a smart card
Journal in Computer Virology
Combined attacks and countermeasures
CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Attacks on java card 3.0 combining fault and logical attacks
CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Application-Replay attack on java cards: when the garbage collector gets confused
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Towards the hardware accelerated defensive virtual machine: type and bound protection
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Dynamic fault injection countermeasure: a new conception of java card security
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Proceedings of the First Workshop on Cryptography and Security in Computing Systems
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
| Hi-index | 0.00 |
Until 2009, Java Cards have been mainly threatened by Logical Attacks based on ill-formed applications. The publication of the Java Card 3.0 Connected Edition specifications and their mandatory on-card byte code verification may have then lead to the end of software-based attacks against such platforms. However, the introduction in the Java Card field of Fault Attacks, well-known from the cryptologist community, has proven this conclusion wrong. Actually, the idea of combining Fault Attacks and Logical Attacks to tamper with Java Cards appears as an even more dangerous threat. Although the operand stack is a fundamental element of all Java Card Virtual Machines, the potential consequences of a physical perturbation of this element has never been studied so far. In this article, we explore this path by presenting both Fault Attacks and Combined Attacks taking advantage of an alteration of the operand stack. In addition, we provide experimental results proving the practical feasibility of these attacks and illustrating their efficiency. Finally, we describe different approaches to protect the operand stack's integrity and compare their cost with a particular interest on the time factor.