Virus in a smart card: Myth or reality?

Authors:
Samiya Hamadouche;Jean-Louis Lanet
Affiliations:
University M'Hamed Bougara of Boumerdes, Faculty of Sciences, LIMOSE Laboratory, 5 Avenue de l'indépendance, 35000 Boumerdes, Algeria;University of Limoges, 123 rue Albert Thomas, 87000 Limoges, France
Venue:
Journal of Information Security and Applications
Year:
2013

Citing 12
Cited 0

Fault Injection and Dependability Evaluation of Fault-Tolerant Systems

IEEE Transactions on Computers
An Evaluation of the Error Detection Mechanisms in MARS Using Software-Implemented Fault Injection

EDCC-2 Proceedings of the Second European Dependable Computing Conference on Dependable Computing
Combining Software-Implemented and Simulation-Based Fault Injection into a Single Fault Injection Method

FTCS '95 Proceedings of the Twenty-Fifth International Symposium on Fault-Tolerant Computing
A new CRT-RSA algorithm secure against bellcore attacks

Proceedings of the 10th ACM conference on Computer and communications security
On the importance of checking cryptographic protocols for faults

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Developing a Trojan applets in a smart card

Journal in Computer Virology
Design and characterisation of an AES chip embedding countermeasures

International Journal of Intelligent Engineering Informatics
Practical Optical Fault Injection on Secure Microcontrollers

FDTC '11 Proceedings of the 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography
Combined attacks and countermeasures

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Attacks on java card 3.0 combining fault and logical attacks

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Combined software and hardware attacks on the java card control flow

CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
SmartCM a smart card fault injection simulator

WIFS '11 Proceedings of the 2011 IEEE International Workshop on Information Forensics and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Smart cards are often the target of software or hardware attacks. The most recent attacks are based on fault injection which modifies the behavior of the application. We demonstrate that it is possible to design applications in such a way that they become intentionally hostile while being hit by a laser. Later, a third party can deliver such an application to be deployed on SIM cards without being detected by a code review or a static analysis. We propose an evaluation of the propagation effect and the generation of hostile applications inside the card. To detect such a hostile application we introduce a mutation analysis that checks the ability of an application to be malicious. We implement this analysis in a SmartCM tool; thereafter evaluate its capacity to detect such a fault based mutant.