Advertisement

A Dynamic Syntax Interpretation for Java Based Smart Card to Mitigate Logical Attacks

  • Tiana Razafindralambo
  • Guillaume Bouffard
  • Bhagyalekshmy N. Thampi
  • Jean-Louis Lanet
Part of the Communications in Computer and Information Science book series (CCIS, volume 335)

Abstract

Off late security problems related to smart cards have seen a significant rise and the risks of the attack are of deep concern for the industries. In this context, smart card industries try to overcome the anomaly by implementing various countermeasures. In this paper we discuss and present a powerful attack based on the vulnerability of the linker which could change the correct byte code into malicious one. During the attack, the linker interprets the instructions as tokens and are able to resolve them. Later we propose a countermeasure which scrambles the instructions of the method byte code with the Java Card Program Counter (jpc). Without the knowledge of jpc used to decrypt the byte code, an attacker cannot execute any malicious byte code. By this way we propose security interoperability for different Java Card platforms.

Keywords

Smart card Java Card Logical Attack Countermeasure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aranda, F.X., Lanet, J.L.: Smart Card Reverse-Engineering Code Execution Using Side-Channel Analysis. NTCCS, Théorie des Nombres, Codes, Cryptographie et Systèmes de Communication, Oujda, Marocco (April 2012)Google Scholar
  2. 2.
    Barbu, G.: On the security of Java Card platforms against hardware attacks. Ph.D. thesis, TÉLÉCOM ParisTech (2012)Google Scholar
  3. 3.
    Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Bouffard, G., Lanet, J.-L., Machemie, J.-B., Poichotte, J.-Y., Wary, J.-P.: Evaluation of the Ability to Transform SIM Applications into Hostile Applications. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 1–17. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Clavier, C.: De la sécurité physique des crypto-systèmes embarqués. Ph.D. thesis, Université de Versailles Saint-Quentin-en-Yvelines (2007)Google Scholar
  7. 7.
    Global Platform: Card Specification v2.2 (2006)Google Scholar
  8. 8.
    Hamadouche, S.: Étude de la sécurité d’un vérifieur de Byte Code et génération de tests de vulnérabilité. Master’s thesis, Université de Boumerdés (2012)Google Scholar
  9. 9.
    Hubbers, E., Poll, E.: Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours. Dept. of Computer Science NIII-R0438, Radboud University Nijmegen (2004)Google Scholar
  10. 10.
    Iguchi-Cartigny, J., Lanet, J.: Developing a Trojan applet in a Smart Card. Journal in Computer Virology (2010)Google Scholar
  11. 11.
    ISO/IEC: Common Criteria v3.0. Tech. rep., ISO/IEC 15408:2005 Information technology - Security techniques - Evaluation criteria for IT security (2005)Google Scholar
  12. 12.
    Oracle: Java Card Platform SpecificationGoogle Scholar
  13. 13.
    Petri, S.: An introduction to smart cards. Secure Service Provider TM (2002), http://www.artofconfusion.org/smartcards/docs/intro.pdf
  14. 14.
    Smart Secure Devices (SSD) Team – XLIM, Université de Limoges: The CAP file manipulator, http://secinfo.msi.unilim.fr/
  15. 15.
    Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse Engineering Java Card Applets Using Power Analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tiana Razafindralambo
    • 1
  • Guillaume Bouffard
    • 1
  • Bhagyalekshmy N. Thampi
    • 1
  • Jean-Louis Lanet
    • 1
  1. 1.Smart Secure Devices (SSD) TeamXLIM/Université de LimogesLimogesFrance

Personalised recommendations