Skip to main content
Log in

Trust can be misplaced

  • Special Section on Proofs 2015
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the non-volatile memory area. Most of the researches try to obtain cryptographic keys through side-channel attacks or fault-injection attacks. Such cryptographic objects are stored into secure containers. We demonstrate in this paper how one can use some characteristics of the Java Card platform to gain access to these assets. Such a smart card embeds a Firewall that provides isolation between applets from different clients (using the notion of security contexts). We exploit the client/server architecture of the intra-platform communication to lure a client application to execute within its security context, a hostile code written and called from another security context: the server security context. This attack shows the possibility for a trusted application to execute within its security context some hostile code uploaded previously by the server.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. The function buildkey requires three parameters: keyType, keyLength and keyEncryption. The keyType parameter defines the type of key to generate, keyLength the key length in bits and keyEncryption is a boolean which requests to encrypt the key value.

  2. This information can be disclosed via a characterization step as introduced in [1, 6].

  3. The type T must be either a for a type reference field, b for a type byte or type boolean field, s for a type short field or i for a type integer field.

  4. The export file contains information to translate the Java Class’s classes, methods and fields names (encoded as a UTF16 string) to CAP file token value by the Java Card converter.

References

  1. Barbu, G.: On the security of Java Card platforms against hardware attacks. Ph.D. thesis, Télécom ParisTech (2012)

  2. Barbu, G., Duc, G., Hoogvorst, P.: Java Card operand stack: fault attacks, combined attacks and countermeasures. In: Prouff [23], pp. 297–313 (2011)

  3. Barbu, G., Giraud, C., Guerin, V.: Embedded eavesdropping on Java Card. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC. IFIP Advances in Information and Communication Technology, vol. 376, pp. 37–48. Springer, New York (2012)

  4. Barbu, G., Hoogvorst, P., Duc, G.: Application-replay attack on Java Cards: when the garbage collector gets confused. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS. Lecture Notes in Computer Science, vol. 7159, pp. 1–13. Springer (2012)

  5. Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 combining fault and logical attacks. In: Gollmann et al. [14], pp. 148–163

  6. Bouffard, G.: A generic approach for protecting Java Card smart card against software attacks. Ph.D. thesis, University of Limoges, 123 Avenue Albert Thomas, 87060 Limoges Cedex (2014)

  7. Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the Java Card control flow. In: Prouff [23], pp. 283–296

  8. Bouffard, G., Khefif, T., Lanet, J., Kane, I., Salvia, S.C.: Accessing secure information using export file fraudulence. In: Crispo, B., Sandhu, R.S., Cuppens-Boulahia, N., Conti, M., Lanet, J. (eds.) 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS), La Rochelle, France, October 23–25, 2013, pp. 1–5. IEEE (2013)

  9. Bouffard, G., Lanet, J.: Reversing the operating system of a Java based smart card. J. Comput. Virol. Hacking Tech. 10(4), 239–253 (2014)

    Article  Google Scholar 

  10. Farhadi, M., Lanet, J.-L.: Chronicle of a Java Card death. J. Comput. Virol. Hacking Tech. 1–15 (2016). doi:10.1007/s11416-016-0276-0

  11. Faugeron, E.: Manipulating the frame information with an underflow attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS. Lecture Notes in Computer Science, vol. 8419. Springer (2013)

  12. Faugeron, E., Valette, S.: How to hoax an off-card verifier. e-smart, France (2010)

  13. GlobalPlatform. Card Specification, 2.2.1 edn. GlobalPlatform Inc., Redwood City, CA (2011)

  14. Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) In: Proceedings of Smart Card Research and Advanced Application, CARDIS, Passau, Germany, April 14–16, 2010. Lecture Notes in Computer Science, vol. 6035. Springer (2010)

  15. Hamadouche, S., Bouffard, G., Lanet, J.-L., Dorsemaine, B., Nouhant, B., Magloire, A., Reygnaud, A.: Subverting byte code linker service to characterize Java Card API. In: Seventh conference on network and information systems security (SAR-SSI), pp. 75–81, May 22–25 (2012)

  16. Hamadouche, S., Lanet, J.L.: Virus in a smart card: myth or reality? J. Inf. Secur. Appl. 18(2–3), 130–137 (2013)

    Google Scholar 

  17. Iguchi-Cartigny, J., Lanet, J.-L.: Developing a Trojan applets in a smart card. J. Comput. Virol. 6(4), 343–351 (2010)

    Article  Google Scholar 

  18. Lancia, J., Bouffard, G.: Java Card virtual machine compromising from a bytecode verified applet. In: Homma, N., Medwed, M.(eds.) Smart Card Research and Advanced Applications. CARDIS, Bochum (2015)

  19. Lancia, J., Bouffard, G.: Fuzzing and overflows in Java Card smart cards. In: Symposium sur la sécurité des technologies de l’information et des communications (SSTIC), June (2016)

  20. Lanet, J.-L., Bouffard, G., Lamrani, R., Chakra, R., Mestiri, A., Monsif, M., Fandi, A.: Memory forensics of a Java Card dump. In: Joye, M., Moradi, A. (eds.) Smart Card Research and Advanced Applications, CARDIS, Paris, France, Nov. 5–7, 2014. Lecture Notes in Computer Science, vol. 8968, pp. 3–17. Springer (2014)

  21. Mostowski, W., Poll, E.: Malicious Code on Java Card smartcards: attacks and countermeasures. In: Grimaud, G., Standaert, F. (eds.) Proceedings of Smart Card Research and Advanced Applications, CARDIS, London, UK, September 8–11, 2008. Lecture Notes in Computer Science, vol. 5189, pp. 1–16. Springer (2008)

  22. Oracle. Java Card 3 Platform, Virtual Machine Specification, Classic Edition. Number Version 3.0.4. Oracle, Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065 (2011)

  23. Prouff, E. (ed.) Smart Card Research and Advanced Applications, CARDIS, Leuven, Belgium, September 14–16, 2011. Lecture Notes in Computer Science, vol. 7079. Springer (2011)

  24. Razafindralambo, T., Bouffard, G., Lanet, J.-L.: A Friendly Framework for Hidding fault enabled virus for Java Based Smartcard. In: Cuppens-Boulahia, N., Cuppens, F., García-Alfaro, J. (eds.) DBSec. Lecture Notes in Computer Science, vol. 7371, pp. 122–128. Springer (2012)

  25. Vetillard E., Ferrari A. Combined attacks and coun- termeasures. In: Gollmann et al. [14], pp. 133–147

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Guillaume Bouffard.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Idrissi, N.E.J.E., Bouffard, G., Lanet, JL. et al. Trust can be misplaced. J Cryptogr Eng 7, 21–34 (2017). https://doi.org/10.1007/s13389-016-0142-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-016-0142-5

Keywords

Navigation