Journal of Cryptographic Engineering

, Volume 7, Issue 1, pp 21–34 | Cite as

Trust can be misplaced

  • Noreddine El Janati El Idrissi
  • Guillaume BouffardEmail author
  • Jean-Louis Lanet
  • Said El Hajji
Special Section on Proofs 2015


Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the non-volatile memory area. Most of the researches try to obtain cryptographic keys through side-channel attacks or fault-injection attacks. Such cryptographic objects are stored into secure containers. We demonstrate in this paper how one can use some characteristics of the Java Card platform to gain access to these assets. Such a smart card embeds a Firewall that provides isolation between applets from different clients (using the notion of security contexts). We exploit the client/server architecture of the intra-platform communication to lure a client application to execute within its security context, a hostile code written and called from another security context: the server security context. This attack shows the possibility for a trusted application to execute within its security context some hostile code uploaded previously by the server.


Smart card Java Card Software attack Shareable interface Key extraction Self-modifying code 


  1. 1.
    Barbu, G.: On the security of Java Card platforms against hardware attacks. Ph.D. thesis, Télécom ParisTech (2012)Google Scholar
  2. 2.
    Barbu, G., Duc, G., Hoogvorst, P.: Java Card operand stack: fault attacks, combined attacks and countermeasures. In: Prouff [23], pp. 297–313 (2011)Google Scholar
  3. 3.
    Barbu, G., Giraud, C., Guerin, V.: Embedded eavesdropping on Java Card. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC. IFIP Advances in Information and Communication Technology, vol. 376, pp. 37–48. Springer, New York (2012)Google Scholar
  4. 4.
    Barbu, G., Hoogvorst, P., Duc, G.: Application-replay attack on Java Cards: when the garbage collector gets confused. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS. Lecture Notes in Computer Science, vol. 7159, pp. 1–13. Springer (2012)Google Scholar
  5. 5.
    Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 combining fault and logical attacks. In: Gollmann et al. [14], pp. 148–163Google Scholar
  6. 6.
    Bouffard, G.: A generic approach for protecting Java Card smart card against software attacks. Ph.D. thesis, University of Limoges, 123 Avenue Albert Thomas, 87060 Limoges Cedex (2014)Google Scholar
  7. 7.
    Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the Java Card control flow. In: Prouff [23], pp. 283–296Google Scholar
  8. 8.
    Bouffard, G., Khefif, T., Lanet, J., Kane, I., Salvia, S.C.: Accessing secure information using export file fraudulence. In: Crispo, B., Sandhu, R.S., Cuppens-Boulahia, N., Conti, M., Lanet, J. (eds.) 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS), La Rochelle, France, October 23–25, 2013, pp. 1–5. IEEE (2013)Google Scholar
  9. 9.
    Bouffard, G., Lanet, J.: Reversing the operating system of a Java based smart card. J. Comput. Virol. Hacking Tech. 10(4), 239–253 (2014)CrossRefGoogle Scholar
  10. 10.
    Farhadi, M., Lanet, J.-L.: Chronicle of a Java Card death. J. Comput. Virol. Hacking Tech. 1–15 (2016). doi: 10.1007/s11416-016-0276-0
  11. 11.
    Faugeron, E.: Manipulating the frame information with an underflow attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS. Lecture Notes in Computer Science, vol. 8419. Springer (2013)Google Scholar
  12. 12.
    Faugeron, E., Valette, S.: How to hoax an off-card verifier. e-smart, France (2010)Google Scholar
  13. 13.
    GlobalPlatform. Card Specification, 2.2.1 edn. GlobalPlatform Inc., Redwood City, CA (2011)Google Scholar
  14. 14.
    Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) In: Proceedings of Smart Card Research and Advanced Application, CARDIS, Passau, Germany, April 14–16, 2010. Lecture Notes in Computer Science, vol. 6035. Springer (2010)Google Scholar
  15. 15.
    Hamadouche, S., Bouffard, G., Lanet, J.-L., Dorsemaine, B., Nouhant, B., Magloire, A., Reygnaud, A.: Subverting byte code linker service to characterize Java Card API. In: Seventh conference on network and information systems security (SAR-SSI), pp. 75–81, May 22–25 (2012)Google Scholar
  16. 16.
    Hamadouche, S., Lanet, J.L.: Virus in a smart card: myth or reality? J. Inf. Secur. Appl. 18(2–3), 130–137 (2013)Google Scholar
  17. 17.
    Iguchi-Cartigny, J., Lanet, J.-L.: Developing a Trojan applets in a smart card. J. Comput. Virol. 6(4), 343–351 (2010)CrossRefGoogle Scholar
  18. 18.
    Lancia, J., Bouffard, G.: Java Card virtual machine compromising from a bytecode verified applet. In: Homma, N., Medwed, M.(eds.) Smart Card Research and Advanced Applications. CARDIS, Bochum (2015)Google Scholar
  19. 19.
    Lancia, J., Bouffard, G.: Fuzzing and overflows in Java Card smart cards. In: Symposium sur la sécurité des technologies de l’information et des communications (SSTIC), June (2016)Google Scholar
  20. 20.
    Lanet, J.-L., Bouffard, G., Lamrani, R., Chakra, R., Mestiri, A., Monsif, M., Fandi, A.: Memory forensics of a Java Card dump. In: Joye, M., Moradi, A. (eds.) Smart Card Research and Advanced Applications, CARDIS, Paris, France, Nov. 5–7, 2014. Lecture Notes in Computer Science, vol. 8968, pp. 3–17. Springer (2014)Google Scholar
  21. 21.
    Mostowski, W., Poll, E.: Malicious Code on Java Card smartcards: attacks and countermeasures. In: Grimaud, G., Standaert, F. (eds.) Proceedings of Smart Card Research and Advanced Applications, CARDIS, London, UK, September 8–11, 2008. Lecture Notes in Computer Science, vol. 5189, pp. 1–16. Springer (2008)Google Scholar
  22. 22.
    Oracle. Java Card 3 Platform, Virtual Machine Specification, Classic Edition. Number Version 3.0.4. Oracle, Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065 (2011)Google Scholar
  23. 23.
    Prouff, E. (ed.) Smart Card Research and Advanced Applications, CARDIS, Leuven, Belgium, September 14–16, 2011. Lecture Notes in Computer Science, vol. 7079. Springer (2011)Google Scholar
  24. 24.
    Razafindralambo, T., Bouffard, G., Lanet, J.-L.: A Friendly Framework for Hidding fault enabled virus for Java Based Smartcard. In: Cuppens-Boulahia, N., Cuppens, F., García-Alfaro, J. (eds.) DBSec. Lecture Notes in Computer Science, vol. 7371, pp. 122–128. Springer (2012)Google Scholar
  25. 25.
    Vetillard E., Ferrari A. Combined attacks and coun- termeasures. In: Gollmann et al. [14], pp. 133–147Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Noreddine El Janati El Idrissi
    • 1
  • Guillaume Bouffard
    • 2
    Email author
  • Jean-Louis Lanet
    • 3
  • Said El Hajji
    • 1
  1. 1.LabMIA, Faculté des SciencesRabatMorocco
  2. 2.Agence Nationale de la Sécurité des Systèmes d’InformationSecrétariat Général de la Défense et de la Sécurité NationaleParisFrance
  3. 3.INRIA, LHS-PECRennesFrance

Personalised recommendations