Abstract
Several logical attacks against Java based smart card have been published recently. Most of them are based on the hypothesis that the type verification was not performed, thus allowing to obtain dynamically a type confusion. To mitigate such attacks, typed stack have been introduced on recent smart card. We propose here a new attack path for performing a type confusion even in presence of a typed stack. Then we propose using a Fault Tree Analysis a way to design efficiently counter measure in a top down approach. These counter measures are then evaluated on a Java Card virtual machine
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Writing in EEPROM needs to erase which is time consuming.
- 2.
Memory encryption results in a logical read-out value which is random.
References
Barbu, G., Duc, G., Hoogvorst, P.: Java card operand stack: fault attacks, combined attacks and countermeasures. In: Prouff [19], pp. 297–313
Barbu, G., Giraud, C., Guerin, V.: Embedded eavesdropping on java card. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 37–48. Springer, Heidelberg (2012)
Barbu, G., Hoogvorst, P., Duc, G.: Application-replay attack on java cards: when the garbage collector gets confused. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 1–13. Springer, Heidelberg (2012)
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)
Berlach, R., Lackner, M., Steger, C., Loinig, J., Haselsteiner, E.: Memory-efficient On-card Byte Code Verification for Java Cards. In: Proceedings of the First Workshop on Cryptography and Security in Computing Systems. CS2 2014, pp. 37–40. ACM, New York (2014)
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.L.: Combined software and hardware attacks on the java card control flow. In: Prouff [19], pp. 283–296
Dubreuil, J., Bouffard, G., Thampi, B.N., Lanet, J.L.: Mitigating Type Confusion on Java Card. IJSSE 4(2), 19–39 (2013)
Faugeron, E.: Manipulating the frame information with an underflow attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 140–151. Springer, Heidelberg (2014)
GlobalPlatform: Card Specification. GlobalPlatform Inc., 2.2.1 edn., January 2011
Hamadouche, S., Bouffard, G., Lanet, J.L., Dorsemaine, B., Nouhant, B., Magloire, A., Reygnaud, A.: Subverting byte code linker service to characterize java card api. In: Seventh Conference on Network and Information Systems Security (SAR-SSI), pp. 75–81 (22–25 May 2012)
Hamadouche, S., Lanet, J.L.: Virus in a smart card: Myth or reality? J. Inf. Secur. Appl. 18(2–3), 130–137 (2013)
Iguchi-Cartigny, J., Lanet, J.L.: Developing a Trojan applets in a smart card. J. Comput. Virol. 6(4), 343–351 (2010)
Lancia, J.: Java card combined attacks with localization-agnostic fault injection. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 31–45. Springer, Heidelberg (2013)
Leroy, X.: Bytecode verification on Java smart cards. Softw. Pract. Exper. 32(4), 319–340 (2002)
Morana, G., Tramontana, E., Zito, D.: Detecting Attacks on Java Cards by Fingerprinting Applets. In: Reddy, S., Jmaiel, M. (eds.) WETICE, pp. 359–364. IEEE (2013)
Nohl, K.: Rooting SIM Cards. Speak at the Black Hat USA 2013 (2013)
Oracle: Java Card 3 Platform, Runtime Environment Specification, Classic Edition. No. Version 3.0.4, Oracle. Oracle America Inc., Redwood City, September 2011
Oracle: Java Card 3 Platform, Virtual Machine Specification, Classic Edition. No. Version 3.0.4, Oracle. Oracle America Inc., Redwood City (2011)
Prouff, E. (ed.): CARDIS 2011, vol. 7079. Springer, Heidelberg (2011)
Razafindralambo, T., Bouffard, G., Lanet, J.-L.: A friendly framework for hidding fault enabled virus for java based smartcard. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 122–128. Springer, Heidelberg (2012)
Razafindralambo, T., Bouffard, G., Thampi, B.N., Lanet, J.-L.: A dynamic syntax interpretation for java based smart card to mitigate logical attacks. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 185–194. Springer, Heidelberg (2012)
Sere, A., Iguchi-Cartigny, J., Lanet, J.L.: Evaluation of Countermeasures Against Fault Attacks on Smart Cards. Int. J. Secur. Appl. 5(2), 49–61 (2011)
Séré, A.A.K., Iguchi-Cartigny, J., Lanet, J.L.: Automatic detection of fault attack and countermeasures. In: Serpanos, D.N., Wolf, W. (eds.) WESS. ACM (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Bouffard, G., Lackner, M., Lanet, JL., Loinig, J. (2015). Heap \(\ldots \) Hop! Heap Is Also Vulnerable. In: Joye, M., Moradi, A. (eds) Smart Card Research and Advanced Applications. CARDIS 2014. Lecture Notes in Computer Science(), vol 8968. Springer, Cham. https://doi.org/10.1007/978-3-319-16763-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-16763-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16762-6
Online ISBN: 978-3-319-16763-3
eBook Packages: Computer ScienceComputer Science (R0)