Attacks on Java Card 3.0 Combining Fault and Logical Attacks

  • Guillaume Barbu
  • Hugues Thiebeauld
  • Vincent Guerin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6035)


Java Cards have been threatened so far by attacks using ill-formed applications which assume that the application bytecode is not verified. This assumption remained realistic as long as the bytecode verifier was commonly executed off-card and could thus be bypassed. Nevertheless it can no longer be applied to the Java Card 3 Connected Edition context where the bytecode verification is necessarily performed on-card. Therefore Java Card 3 Connected Edition seems to be immune against this kind of attacks. In this paper, we demonstrate that running ill-formed application does not necessarily mean loading and installing ill-formed application. For that purpose, we introduce a brand new kind of attack which combines fault injection and logical tampering. By these means, we describe two case studies taking place in the new Java Card 3 context. The first one shows how ill-formed applications can still be introduced and executed despite the on-card bytecode verifier. The second example leads to the modification of any method already installed on the card into any malicious bytecode. Finally we successfully mount these attacks on a recent device, emphasizing the necessity of taking into account these new threats when implementing Java Card 3 features.


Java Card 3 Combined Attack Fault Injection Logical Attack 


  1. 1.
    Allenbach, P.: Java Card 3: Classic Functionality Gets a Connectivity Boost (2009),
  2. 2.
    Anderson, R., Kuhn, M.: Tamper Resistance – a Cautionary Note. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11. USENIX Association (1996)Google Scholar
  3. 3.
    Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.P.: Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Barbu, G.: Fault Attacks on Java Card 3 Virtual Machine. In: e-Smart 2009 (2009)Google Scholar
  5. 5.
    Bauduin, R.: Fault Attacks, an Intuitive Approach. In: Fault Diagnosis and Tolerance in Cryptography, FDTC 2006 (2006) (invited talk)Google Scholar
  6. 6.
    Boneh, D., DeMillo, R., Lipton, R.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Common Criteria: Application of Attack Potential to Smartcards - Version 2.7, Rev.1 (2009)Google Scholar
  8. 8.
    Giraud, C., Thiebeauld, H.: A Survey on Fault Attacks. In: Smart Card Research and Advanced Application Conference (CARDIS 2004). LNCS, pp. 159–176. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    GlobalPlatform Inc.: GlobalPlatform Card Specification 2.1.1. (2003)Google Scholar
  10. 10.
    GlobalPlatform Inc.: GlobalPlatform Card Specification 2.2. (2006)Google Scholar
  11. 11.
    Govindavajhala, S., Appel, A.: Using Memory Errors to Attack a Virtual Machine. In: IEEE Symposium on Security and Privacy, SP 2003 (2003)Google Scholar
  12. 12.
    Hyppönen, K.: Use of Cryptographic Codes for Bytecode Verification in Smartcard Environment. Master’s thesis, University of Kuopio, Finland (2003)Google Scholar
  13. 13.
    Iguchi-Cartigny, J., Lanet, J.L.: Évaluation de l’injection de code malicieux dans une Java Card. In: Symposium sur la Sécurité des Technologies de l’Information et de la Communication, SSTIC 2009 (2009)Google Scholar
  14. 14.
    Kocher, P., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. Technical report, Cryptography Research Inc. (1998)Google Scholar
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Lindholm, T., Yellin, F.: The Java Virtual Machine Specification, 2nd edn. Addison-Wesley, Reading (1999)Google Scholar
  17. 17.
    Mostowski, W., Poll, E.: Malicious Code on Java Card Smartcards: Attacks and Countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Sun Microsystems Inc.: Application Programming Interface, Java Card Platform Version 3.0.1 Connected edn. (2009)Google Scholar
  19. 19.
    Sun Microsystems Inc.: Java Card Portal,
  20. 20.
    Sun Microsystems Inc.: Runtime Environment Specification, Java Card Platform Version 2.2.2 (2006)Google Scholar
  21. 21.
    Sun Microsystems Inc.: Runtime Environment Specification, Java Card Platform Version 3.0.1 Connected edn. (2009)Google Scholar
  22. 22.
    Sun Microsystems Inc.: Virtual Machine Specification, Java Card Platform Version 2.2.2 (2006)Google Scholar
  23. 23.
    Vermoen, D., Witteman, M., Gaydadjiev, G.: Reverse Engineering Java Card Applet Using Power Analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Witteman, M.: Java Card Security. Information Security Bulletin 8, 291–298 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Guillaume Barbu
    • 1
    • 2
  • Hugues Thiebeauld
    • 1
  • Vincent Guerin
    • 1
  1. 1.Oberthur TechnologiesFrance
  2. 2.Dep. ComElec, Groupe SENTelecom ParisTechFrance

Personalised recommendations