Reverse Engineering Java Card Applets Using Power Analysis

  • Dennis Vermoen
  • Marc Witteman
  • Georgi N. Gaydadjiev
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4462)


Power analysis on smart cards is widely used to obtain information about implemented cryptographic algorithms. We propose similar methodology for Java Card applets reverse engineering. Because power analysis alone does not provide enough information, we refine our methodology by involving additional information sources. Issues like distinguishing between bytecodes performing similar tasks and reverse engineering of conditional branches and nested loops are also addressed. The proposed methodology is applied to a commercially available Java Card smart card and the results are reported. We conclude that our augmented power analysis can be successfully used to acquire information about the bytecodes executed on a Java Card smart card.


Power Analysis Smart Card Reverse Engineering Nest Loop Execution Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
  3. 3.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  5. 5.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Computers 51(5), 541–552 (2002)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Witteman, M.: Advances in smartcard security. Information Security Bulletin 7, 11–22 (2002), Also available at Google Scholar
  7. 7.
    Vermoen, D.: Reverse engineering of java card applets using power analysis (2006), Available at
  8. 8.
    Chen, Z.: Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. Addison-Wesley Longman Publishing Co., Inc, Boston (2000)Google Scholar
  9. 9.
    Witteman, M.: Java card security. Information Security Bulletin 8, 291–298 (2003), Also available at Google Scholar
  10. 10.
    Press, W.H., et al.: Numerical Recipes in C++, 2nd edn. Cambridge University Press, Cambridge (2002)Google Scholar
  11. 11.
    Proebsting, T.A., Watterson, S.A.: Krakatoa: Decompilation in java (does bytecode reveal source?) In: COOTS, USENIX, pp. 185–198 (1997)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2007

Authors and Affiliations

  • Dennis Vermoen
    • 1
    • 2
  • Marc Witteman
    • 2
  • Georgi N. Gaydadjiev
    • 1
  1. 1.Computer Engineering, TU DelftThe Netherlands
  2. 2.Riscure BVThe Netherlands

Personalised recommendations