Dynamic Fault Injection Countermeasure

Barbu, Guillaume; Andouard, Philippe; Giraud, Christophe

doi:10.1007/978-3-642-37288-9_2

Dynamic Fault Injection Countermeasure

A New Conception of Java Card Security

Guillaume Barbu¹⁷,
Philippe Andouard¹⁷ &
Christophe Giraud¹⁷

Conference paper

1106 Accesses
5 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7771))

Abstract

Nowadays Fault Injection is the main threat for any sensitive applications being executed on embedded devices. Indeed, such an attack allows one to efficiently recover any secret or to gain unauthorized privileges if no appropriate countermeasure is implemented. In the context of Java Card applications, the main method to counteract Fault Injection consists in adding redundancy for sensitive operations and integrity verification for sensitive variables. While being efficient from a security point of view, such a method substantially impacts the performance of the application. In this article we introduce a new pragmatic approach to counteract Fault Injection by dynamically increasing the security level of the application. This methodology, based on upgrading the Java Card Virtual Machine, allows us to optimize the performance of sensitive applications in every day life while providing a strong security level as soon as an attacker tries to disturb their executions.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Google Scholar
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Chapter Google Scholar
Quisquater, J.J., Samyde, D.: A New Tool for Non-intrusive Analysis of Smart Cards Based on Electro-magnetic Emissions, the SEMA and DEMA Methods. Presented during EUROCRYPT 2000 Rump Session (2000)
Google Scholar
Bellcore: New Threat Model Breaks Crypto Codes. Press Release (1996)
Google Scholar
du Castel, B.: Personal History of the Java Card (2012), French version originally published in MISC magazine, HS-2 (November 2008)
Google Scholar
Joye, M., Tunstall, M.: Fault Analysis in Cryptography. Information Security and Cryptography. Springer (2012)
Google Scholar
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks. IEEE 94, 370–382 (2006)
Article Google Scholar
Giraud, C., Thiebeauld, H.: A Survey on Fault Attacks. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., Kalam, A.E. (eds.) Smart Card Research and Advanced Applications VI – CARDIS 2004, pp. 159–176. Kluwer Academic Publishers (2004)
Google Scholar
Mostowski, W., Poll, E.: Malicious Code on Java Card Smartcards: Attacks and Countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)
Chapter Google Scholar
Barbu, G., Duc, G., Hoogvorst, P.: Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 297–313. Springer, Heidelberg (2011)
Chapter Google Scholar
Common Criteria: Application of Attack Potential to Smartcards (2009)
Google Scholar
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)
Chapter Google Scholar
Vetillard, E., Ferrari, A.: Combined Attacks and Countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)
Chapter Google Scholar
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)
Chapter Google Scholar
Sun Microsystems Inc.: Virtual Machine Specification – Java Card Plateform, Version 3.0.1 (2009)
Google Scholar
The Apache Software Foundation: (Apache Commons BCEL, The Byte Code Engineering Library), http://commons.apache.org/bcel/
Smart Secure Devices (SSD) Team – XLIM, Université de Limoges: CapMap – The CAP file manipulator, http://secinfo.msi.unilim.fr

Download references

Author information

Authors and Affiliations

Security Group, Oberthur Technologies, 4, allée du Doyen Georges Brus, 33 600, Pessac, France
Guillaume Barbu, Philippe Andouard & Christophe Giraud

Authors

Guillaume Barbu
View author publications
You can also search for this author in PubMed Google Scholar
Philippe Andouard
View author publications
You can also search for this author in PubMed Google Scholar
Christophe Giraud
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Infineon Technologies AG, Am Campeon 1-12, 85579, Neubiberg, Germany
Stefan Mangard

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Barbu, G., Andouard, P., Giraud, C. (2013). Dynamic Fault Injection Countermeasure. In: Mangard, S. (eds) Smart Card Research and Advanced Applications. CARDIS 2012. Lecture Notes in Computer Science, vol 7771. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37288-9_2

Download citation

DOI: https://doi.org/10.1007/978-3-642-37288-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37287-2
Online ISBN: 978-3-642-37288-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics