Abstract
Smart cards have been considered for a long time as a secure container for storing secret data and executing programs that manipulate them without leaking any information. In the last decade, a new form of attack that uses the hardware has been intensively studied. We have proposed in the past to pay attention also to easier attacks that use only software. We demonstrated through several proof of concepts that such an approach should be a threat under some hypotheses. We have been able to execute self-modifying code, return address programming and so on. More recently we have been able to retrieve secret keys belonging to another application. Then all the already published attacks should have been a threat but the industry increased the counter measures to mitigate for each of the published attack. In such a sensitive domain, we always submit the attacks to the industrial partners but also national agencies before publishing any attack. Within such an approach, they have been able to patch their system before any vulnerabilities should be exploited.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aumller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.P.: Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)
Bouffard, G.: A Generic Approach for Protecting Java Card Smart Card Against Software Attacks. Ph.D. thesis, University of Limoges, 123 Avenue Albert Thomas, 87060 LIMOGES CEDEX (October 2014)
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)
Bouffard, G., Lanet, J.L.: Reversing the operating system of a java based smart card. Journal of Computer Virology and Hacking Techniques 10(4), 239–253 (2014), http://dx.doi.org/10.1007/s11416-014-0218-7
Card, J.: 2.1. 1 virtual machine specification. SUN Microsystems Inc. (2000)
Faugeron, E.: Manipulating the Frame Information With an Underflow Attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 140–151. Springer, Heidelberg (2014)
GlobalPlatform: Card Specification. GlobalPlatform Inc., 2.2.1 edn. (January 2011)
Hamadouche, S., Bouffard, G., Lanet, J.L., Dorsemaine, B., Nouhant, B., Magloire, A., Reygnaud, A.: Subverting byte code linker service to characterize java card api. In: Seventh Conference on Network and Information Systems Security (SAR-SSI), May 22-25, pp. 75–81 (2012)
Hemme, L.: A differential fault attack against early rounds of (triple-) DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 254–267. Springer, Heidelberg (2004)
Hubbers, E., Poll, E.: Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours. Tech. rep., University of Nijmegen (2004)
Iguchi-Cartigny, J., Lanet, J.L.: Developing a Trojan applets in a Smart Card. Journal in Computer Virology 6, 343–351 (2010)
Oracle: Java Card 3 Platform, Virtual Machine Specification, Classic Edition. No. Version 3.0.4, Oracle, Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065 (2011)
Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)
Razafindralambo, T., Bouffard, G., Lanet, J.-L.: A friendly framework for hidding fault enabled virus for Java based smartcard. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 122–128. Springer, Heidelberg (2012)
Schneier, B.: Attack trees: Modeling security threat. Dr. Dobbs Journal (1999)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Lanet, JL. (2015). Beyond Cryptanalysis Is Software Security the Next Threat for Smart Cards. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E. (eds) Codes, Cryptology, and Information Security. C2SI 2015. Lecture Notes in Computer Science(), vol 9084. Springer, Cham. https://doi.org/10.1007/978-3-319-18681-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-18681-8_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18680-1
Online ISBN: 978-3-319-18681-8
eBook Packages: Computer ScienceComputer Science (R0)