Vulnerability Analysis on Smart Cards Using Fault Tree

  • Guillaume Bouffard
  • Bhagyalekshmy N. Thampi
  • Jean-Louis Lanet
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8153)


In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use a Fault Tree Analysis. This method used in safety analysis helps to understand and implement all the desirable and undesirable events existing in this domain. We apply this method to Java Card vulnerability analysis. We define the properties that must be ensured: integrity and confidentiality of smart card data and code. By modeling the conditions, we discovered new attack paths to get access to the smart card contents. Then we introduce a new security api which is proposed to mitigate the undesirable events defined in the tree models.


Smart Card Security Fault Tree Analysis Attacks Countermeasures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Leveson, N.G.: Software Safety - What, Why And How? ACM Computing Surveys 16(2), 125–164 (1986)CrossRefGoogle Scholar
  2. 2.
    Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQ Press (1995)Google Scholar
  3. 3.
    Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L., Wang, Y., Lutz, R.: Software fault tree and colored petri net based specification, design and implementation of agent-based intrusion detection systems. IEEE Transactions of Software Engineering (2002) (submitted) Google Scholar
  4. 4.
    Prevost, S., Sachdeva, K.: Application code integrity check during virtual machine runtime. US Patent App. 10/929,221 (2004)Google Scholar
  5. 5.
    Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical report, DTIC Document (2001)Google Scholar
  6. 6.
    Fronczak, E.: A top-down approach to high-consequence fault analysis for software systems. In: Proceedings of the Eighth International Symposium on Software Reliability Engineering, p. 259. IEEE (1997)Google Scholar
  7. 7.
    Byres, E.J., Franz, M., Miller, D.: The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. In: International Infrastructure Survivability Workshop (IISW 2004). IEEE (2004)Google Scholar
  8. 8.
    Oracle: Java Card 3 Platform, Virtual Machine Specification, Classic Edition. Oracle, Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065 (2011)Google Scholar
  9. 9.
    GlobalPlatform: Card Specification. 2.2.1 edn. GlobalPlatform Inc. (2011)Google Scholar
  10. 10.
    Hubbers, E., Poll, E.: Transactions and non-atomic API methods in Java Card: specification ambiguity and strange implementation behaviours. Technical Report NIII-R0438, Radboud University Nijmegen (2004)Google Scholar
  11. 11.
    Iguchy-Cartigny, J., Lanet, J.L.: Developing a Trojan applets in a smart card. Journal in Computer Virology 6(4), 343–351 (2009)CrossRefGoogle Scholar
  12. 12.
    Vetillard, E., Ferrari, A.: Combined Attacks and Countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Dubreuil, J., Bouffard, G., Lanet, J.L., Iguchy-Cartigny, J.: Type classification against Fault Enabled Mutant in Java based Smart Card. In: Sixth International Workshop on Secure Software Engineering (SecSE), pp. 551–556. Springer (2012)Google Scholar
  15. 15.
    Barbu, G.: On the security of Java CardTMplatforms against hardware attacks. PhD thesis, Grant-funded with Oberthur Technologies and Télécom ParisTech. (2012)Google Scholar
  16. 16.
    Blömer, J., Otto, M., Seifert, J.P.: A new CRT-RSA algorithm secure against bellcore attacks. In: ACM Conference on Computer and Communications Security, pp. 311–320. ACM, Washington, DC (2003)Google Scholar
  17. 17.
    Wagner, D.: Cryptanalysis of a provably secure CRT-RSA algorithm. In: ACM Conference on Computer and Communications Security, pp. 92–97. ACM, Washington, DC (2004)Google Scholar
  18. 18.
    Girard, P.: Contribution à la sécurité des cartes à puce et de leur utilisation. Habilitation thesis, University of Limoges (2011)Google Scholar
  19. 19.
    Razafindralambo, T., Bouffard, G., Thampi, B.N., Lanet, J.-L.: A Dynamic Syntax Interpretation for Java Based Smart Card to Mitigate Logical Attacks. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 185–194. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. 20.
    Al Khary Séré, A.: Tissage de contremesures pour machines virtuelles embarquées. PhD thesis, Université de Limoges, 123 Avenue Albert Thomas, 87100 Limoges Cedex (2010)Google Scholar
  21. 21.
    Akkar, M.L., Goubin, L., Ly, O., et al.: Automatic integration of counter-measures against fault injection attacks (2003), Pre-print found at
  22. 22.
    Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security (TISSEC) 13(1), 4 (2009)CrossRefGoogle Scholar
  23. 23.
    Piètre-Cambacédès, L., Bouissou, M.: Attack and Defense Modeling with BDMP. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 86–101. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Guillaume Bouffard
    • 1
  • Bhagyalekshmy N. Thampi
    • 1
  • Jean-Louis Lanet
    • 1
  1. 1.Smart Secure Devices (SSD) TeamXLIM/University of LimogesLimogesFrance

Personalised recommendations