Application-Replay Attack on Java Cards: When the Garbage Collector Gets Confused

Barbu, Guillaume; Hoogvorst, Philippe; Duc, Guillaume

doi:10.1007/978-3-642-28166-2_1

Guillaume Barbu^16,17,
Philippe Hoogvorst¹⁶ &
Guillaume Duc¹⁶

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7159))

Included in the following conference series:

International Symposium on Engineering Secure Software and Systems

818 Accesses
6 Citations

Abstract

Java Card 3.0 specifications have brought many new features in the Java Card world, amongst which a true garbage collection mechanism. In this paper, we show how one could use this specific feature to predict the references that will be assigned to object instances to be created. We also exploit this reference prediction process in a combined attack. This attack stands as a kind of ”application replay” attack, taking advantage of an unspecified behavior of the Java Card Runtime Environment (JCRE) on application instance deletion. It reveals quite powerful, since it potentially permits the attacker to circumvent the application firewall: a fundamental and historical Java Card security mechanism. Finally, we point out that this breach comes from the latest specification update and more precisely from the introduction of the automatic garbage collection mechanism, which leads to a straightforward countermeasure to the exposed attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Sun Microsystems Inc.: Application Programming Interface, Java Card Platform Version 2.2.2 (2006)
Google Scholar
Sun Microsystems Inc.: Application Programming Interface, Java Card Platform Version 3.0.1 Connected Edition (2009)
Google Scholar
Govindavajhala, S., Appel, A.W.: Using Memory Errors to Attack a Virtual Machine. In: SP 2003: Proceedings of the 2003 IEEE Symposium on Security and Privacy, Washington, DC, p. 154 (2003)
Google Scholar
Witteman, M.: Java Card Security. Information Security Bulletin 8, 291–298 (2003)
Google Scholar
Mostowski, W., Poll, E.: Malicious Code on Java Card Smartcards: Attacks and Countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)
Chapter Google Scholar
Iguchi-Cartigny, J., Lanet, J.L.: Developping a Trojan Applet in a Smart Card. Journal in Computer Virology (2010)
Google Scholar
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)
Chapter Google Scholar
Vetillard, E., Ferrari, A.: Combined Attacks and Countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)
Chapter Google Scholar
Sere, A., Lanet, J.L., Iguchi-Cartigny, J.: Checking the Paths to Identify Mutant Application on Embedded Systems. In: Kim, T.-h., Lee, Y.-h., Kang, B.-H., Ślęzak, D. (eds.) FGIT 2010. LNCS, vol. 6485, pp. 459–468. Springer, Heidelberg (2010)
Chapter Google Scholar
Barbu, G., Duc, G., Hoogvorst, P.: Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 297–313. Springer, Heidelberg (2011)
Chapter Google Scholar
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)
Chapter Google Scholar
Sere, A., Lanet, J.L., Iguchi-Cartigny, J.: Evaluation of Countermeasures Against Fault Attacks on Smart Cards. International Journal of Security and Its Applications (5), 49–61
Google Scholar
Hogenboom, J., Mostowski, W.: Full memory read attack on a java card. In: 4th Benelux Workshop on Information and System Security Proceedings, WISSEC 2009 (2009)
Google Scholar
Sun Microsystems Inc.: Runtime Environment Specification, Java Card Platform Version 3.0.1 Connected Edition (2009)
Google Scholar

Download references

Author information

Authors and Affiliations

Département COMELEC, Institut Télécom / Télécom ParisTech, CNRS LTCI, 46 rue Barrault, 75634, Paris Cedex 13, France
Guillaume Barbu, Philippe Hoogvorst & Guillaume Duc
Oberthur Technologies, Innovation Group, Parc Scientifique Unitec 1 - Porte 2, 4 allée du Doyen George Brus, 33600, Pessac, France
Guillaume Barbu

Authors

Guillaume Barbu
View author publications
You can also search for this author in PubMed Google Scholar
Philippe Hoogvorst
View author publications
You can also search for this author in PubMed Google Scholar
Guillaume Duc
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Gilles Barthe Benjamin Livshits Riccardo Scandariato

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Barbu, G., Hoogvorst, P., Duc, G. (2012). Application-Replay Attack on Java Cards: When the Garbage Collector Gets Confused. In: Barthe, G., Livshits, B., Scandariato, R. (eds) Engineering Secure Software and Systems. ESSoS 2012. Lecture Notes in Computer Science, vol 7159. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28166-2_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-28166-2_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28165-5
Online ISBN: 978-3-642-28166-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics