Manipulating the Frame Information with an Underflow Attack

  • Emilie Faugeron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8419)


This paper presents an underflow attack performed on Java Card platforms. This underflow is based on the dup_x instruction that can be used in order to read and modify the current context of execution of the attacker’s application. We first detail the theoretical and practical attack path by describing the method that can be used to characterize the platform and exploit the obtained information. Secondly, we show how it is possible to set up this underflow attack in a way that makes it bypass the current concept of Byte Code Verifier. Finally, we describe some countermeasures that can be implemented to prevent this kind of attack.


Malicious application Underflow Java Card Open Platform 


  1. 1.
    Mostowski, W., Poll, E.: Malicious code on java card smartcards: attacks and countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)Google Scholar
  2. 2.
    Lanet, J.L., Faugeron, E., Dessiatnikoff, A.: EMAN: Un cheval de Troie dans une carte à Puce. Computer & Electronics Security Applications Rendez-vous (CESAR 2008), p. 198 (2008)Google Scholar
  3. 3.
    Lanet, J.L., Iguchi-Cartigny, J.: Évaluation de l’injection de code malicieux dans une Java Card (SSTIC 09) (2009)Google Scholar
  4. 4.
    Java Card Virtual Machine Specification - Java Card Platform, Version 2.2.2, March 2006Google Scholar
  5. 5.
    Java Card Runtime Environment specification - Java Card Platform, Version 2.2.2, March 2006Google Scholar
  6. 6.
    Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)Google Scholar
  7. 7.
    Vetillard, E., Ferrari, A.: Combined attacks and countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)Google Scholar
  8. 8.
    Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the java card control flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)Google Scholar
  9. 9.
    Karsten Nohl: Rooting SIM cards. BlackHat (2013)Google Scholar
  10. 10.
    Pierre Girard thesis: Contribution à la sécurité des cartes à puce et de leur utilisation. University of Limoges (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Thales Communications and SecurityToulouse Cedex 9France

Personalised recommendations