Advertisement

Detecting Laser Fault Injection for Smart Cards Using Security Automata

  • Guillaume Bouffard
  • Bhagyalekshmy N. Thampi
  • Jean-Louis Lanet
Part of the Communications in Computer and Information Science book series (CCIS, volume 377)

Abstract

Security and interoperability issues are increasing in smart card domain and it is important to analyze these issues carefully and implement appropriate countermeasures to mitigate them. Security issues involve attacks on smart cards which can lead to their abnormal behavior. Fault attacks are the most important among them and they can affect the program execution, smart card memory, etc. Detecting these abnormalities requires some redundancies, either by another code execution or by an equivalent representation. In this paper, we propose an automatic method to provide this redundancy using a security automaton as the main detection mechanism. This can enforce some trace properties on a smart card application, by using the combination of a static analysis and a dynamic monitoring. The security officer specifies the fragments of the code that must be protected against fault attacks and a program transformer produces an equivalent program that mesh a security automaton into the code according to the security requirements.

Keywords

Fault attacks Trust Smart Card Security Automata Countermeasure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aktug, I.: Algorithmic Verification Techniques for Mobile Code. Ph.D. thesis, KTH, Theoretical Computer Science, TCS, qC 20100628 (2008)Google Scholar
  2. 2.
    Al Khary Sere, A.: Tissage de contremesures pour machines virtuelles embarquées. Ph.D. thesis, Université de Limoges (2010)Google Scholar
  3. 3.
    Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Barbu, G.: On the security of Java Card platforms against hardware attacks. Ph.D. thesis, Grant-funded PhD with Oberthur Technologies and Télécom ParisTech (2012)Google Scholar
  5. 5.
    Barbu, G., Andouard, P., Giraud, C.: Dynamic Fault Injection Countermeasure A New Conception of Java Card Security. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 16–30. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Blömer, J., Otto, M., Seifert, J.P.: A new CRT-RSA algorithm secure against bellcore attacks. In: Computer and Communications Security, pp. 311–320 (2003)Google Scholar
  7. 7.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Dubreuil, J., Bouffard, G., Lanet, J.L., Iguchy-Cartigny, J.: Type classification against Fault Enabled Mutant in Java based Smart Card. In: ARES 2012, pp. 551–556. IEEE, Prague (2012)Google Scholar
  10. 10.
    Farissi, I.E., Azizi, M., Moussaoui, M., Lanet, J.L.: Neural network Vs Bayesian network to detect javacard mutants. In: Colloque International sur la Sécurité des Systèmes d’Information (CISSE), Kenitra Marocco (March 2013)Google Scholar
  11. 11.
    Girard, P., Villegas, K., Lanet, J.L., Plateaux, A.: A new payment protocol over the Internet. In: CRiSIS 2010, pp. 1–6 (2010)Google Scholar
  12. 12.
    Joye, M., Quisquater, J.J., Bao, F., Deng, R.H.: RSA-type signatures in the presence of transient faults. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 155–160. Springer, Heidelberg (1997)Google Scholar
  13. 13.
    McDougall, M., Alur, R., Gunter, C.A.: A model-based approach to integrating security policies for embedded devices. In: 4th ACM International Conference on Embedded Software, EMSOFT 2004, pp. 211–219. ACM, New York (2004)Google Scholar
  14. 14.
    Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.L.: Enforcing High-Level Security Properties for Applets. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications. IFIP, vol. 153, pp. 1–16. Springer, Heidelberg (2004)Google Scholar
  15. 15.
    Prevost, S., Sachdeva, K.: Application code integrity check during virtual machine runtime (August 2004)Google Scholar
  16. 16.
    Razafindralambo, T., Bouffard, G., Thampi, B.N., Lanet, J.-L.: A Dynamic Syntax Interpretation for Java Based Smart Card to Mitigate Logical Attacks. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 185–194. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  18. 18.
    Skorobogatov, S.P., Anderson, R.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 31–48. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Vetillard, E., Ferrari, A.: Combined Attacks and Countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Wagner, D.: Cryptanalysis of a provably secure CRT-RSA algorithm. In: 11th ACM Conference on Computer and Communications Security, pp. 92–97 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Guillaume Bouffard
    • 1
  • Bhagyalekshmy N. Thampi
    • 1
  • Jean-Louis Lanet
    • 1
  1. 1.Smart Secure Devices (SSD) TeamUniversity of LimogesLimoges CedexFrance

Personalised recommendations