Dynamic fault injection countermeasure: a new conception of java card security

Authors:
Guillaume Barbu;Philippe Andouard;Christophe Giraud
Affiliations:
Security Group, Oberthur Technologies, Pessac, France;Security Group, Oberthur Technologies, Pessac, France;Security Group, Oberthur Technologies, Pessac, France
Venue:
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Year:
2012

Citing 8
Cited 0

Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Malicious Code on Java Card Smartcards: Attacks and Countermeasures

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Combined attacks and countermeasures

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Attacks on java card 3.0 combining fault and logical attacks

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Combined software and hardware attacks on the java card control flow

CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Java card operand stack: fault attacks, combined attacks and countermeasures

CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Fault Analysis in Cryptography

Fault Analysis in Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

Nowadays Fault Injection is the main threat for any sensitive applications being executed on embedded devices. Indeed, such an attack allows one to efficiently recover any secret or to gain unauthorized privileges if no appropriate countermeasure is implemented. In the context of Java Card applications, the main method to counteract Fault Injection consists in adding redundancy for sensitive operations and integrity verification for sensitive variables. While being efficient from a security point of view, such a method substantially impacts the performance of the application. In this article we introduce a new pragmatic approach to counteract Fault Injection by dynamically increasing the security level of the application. This methodology, based on upgrading the Java Card Virtual Machine, allows us to optimize the performance of sensitive applications in every day life while providing a strong security level as soon as an attacker tries to disturb their executions.