Skip to main content
Book cover

International Conference on Smart Card Research and Advanced Applications

CARDIS 2008: Smart Card Research and Advanced Applications pp 1–16Cite as

Malicious Code on Java Card Smartcards: Attacks and Countermeasures

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 5189)

Abstract

When it comes to security, an interesting difference between Java Card and regular Java is the absence of an on-card bytecode verifier on most Java Cards. In principle this opens up the possibility of malicious, ill-typed code as an avenue of attack, though the Java Card platform offers some protection against this, notably by code signing.

This paper gives an extensive overview of vulnerabilities and possible runtime countermeasures against ill-typed code, and describes results of experiments with attacking actual Java Cards currently on the market with malicious code.

Keywords

  • Fault Injection
  • Malicious Code
  • Runtime Check
  • Transaction Mechanism
  • Array Bound

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Beckert, B., Mostowski, W.: A program logic for handling Java Card’s transaction mechanism. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 246–260. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  2. Dietl, W., Müller, P., Poetzsch-Heffter, A.: A Type System for Checking Applet Isolation in Java Card. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 129–150. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  3. Govindavajhala, S., Appel, A.W.: Using memory errors to attack a virtual machine. In: IEEE Symposium on Security and Privacy, pp. 154–165 (2003)

    Google Scholar 

  4. Hubbers, E., Mostowski, W., Poll, E.: Tearing Java Cards. In: Proceedings, e-Smart 2006, Sophia-Antipolis, France, September 20–22 (2006)

    Google Scholar 

  5. Marché, C., Rousset, N.: Verification of Java Card applets behavior with respect to transactions and card tears. In: Proc. Software Engineering and Formal Methods (SEFM), Pune, India. IEEE Computer Society Press, Los Alamitos (2006)

    Google Scholar 

  6. McGraw, G., Felten, E.W.: Securing Java. Wiley, Chichester (1999), http://www.securingjava.com/

    Google Scholar 

  7. Montgomery, M., Krishna, K.: Secure object sharing in Java Card. In: Proceedings of the USENIX Workshop on Smartcard Technology (Smartcard 1999), Chicago, Illinois, USA, May 10–11 (1999)

    Google Scholar 

  8. Mostowski, W., Poll, E.: Testing the Java Card Applet Firewall. Technical Report ICIS–R07029, Radboud University Nijmegen (December 2007), https://pms.cs.ru.nl/iris-diglib/src/icis_tech_reports.php

  9. Sun Microsystems, Inc. Java Card 2.2.2 Runtime Environment Specification (March 2006), http://www.sun.com

  10. Vermoen, D.: Reverse engineering of Java Card applets using power analysis. Technical report, TU Delft1 (2006), http://ce.et.tudelft.nl/publicationfiles/1162_634_thesis_Dennis.pdf

  11. Witteman, M.: Java Card security. Information Security Bulletin 8, 291–298 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Digital Security (DS) group, Department of Computing Science, Radboud University Nijmegen, The Netherlands

    Wojciech Mostowski & Erik Poll

Authors
  1. Wojciech Mostowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Erik Poll
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 2008 IFIP International Federation for Information Processing

    About this paper

    Cite this paper

    Mostowski, W., Poll, E. (2008). Malicious Code on Java Card Smartcards: Attacks and Countermeasures. In: Grimaud, G., Standaert, FX. (eds) Smart Card Research and Advanced Applications. CARDIS 2008. Lecture Notes in Computer Science, vol 5189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85893-5_1

    Download citation

    • DOI: https://doi.org/10.1007/978-3-540-85893-5_1

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-85892-8

    • Online ISBN: 978-3-540-85893-5

    • eBook Packages: Computer ScienceComputer Science (R0)