The Next Smart Card Nightmare
Java Card is a kind of smart card that implements one of the two editions, “Classic Edition” or “Connected Edition”, of the standard Java Card 3.0 . Such a smart card embeds a virtual machine which interprets codes already romized with the operating system or downloaded after issuance. Due to security reasons, the ability to download code into the card is controlled by a protocol defined by Global Platform . This protocol ensures that the owner of the code has the necessary authorization to perform the action. Java Card is an open platform for smart cards, i.e. able of loading and executing new applications after issuance. Thus, different applications from different providers run in the same smart card. Thanks to type verification, byte codes delivered by the Java compiler and the converter (in charge of giving a compact representation of class files) are safe, i.e. the loaded application is not hostile to other applications in the Java Card. Furthermore, the Java Card firewall checks permissions between applications in the card, enforcing isolation between them.
KeywordsVirtual Machine Smart Card Fault Injection Physical Attack Fault Attack
Unable to display preview. Download preview PDF.
- 2.Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010), http://dblp.uni-trier.de/db/conf/cardis/cardis2010.html#BarbuTG10 CrossRefGoogle Scholar
- 3.Global Platform: Card Specification v2.2 (2006)Google Scholar
- 5.Hubbers, E., Poll, E.: Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours. Dept. of Computer Science NIII-R0438, Radboud University Nijmegen (2004)Google Scholar
- 6.Iguchi-Cartigny, J., Lanet, J.: Developing a Trojan applet in a Smart Card. Journal in Computer Virology (2010)Google Scholar
- 7.Oracle: Java Card Platform Specification, http://java.sun.com/javacard/specs.html
- 9.Sere, A., Iguchi-Cartigny, J., Lanet, J.: Automatic detection of fault attack and countermeasures. In: Proceedings of the 4th Workshop on Embedded Systems Security, p. 7. ACM, New York (2009)Google Scholar
- 10.Smart Secure Devices (SSD) Team – XLIM/University of Limoges: OPAL: An Open Platform Access Library, http://secinfo.msi.unilim.fr/
- 11.Smart Secure Devices (SSD) Team – XLIM/University of Limoges: The CAP file manipulator, http://secinfo.msi.unilim.fr/