Introduction
Java Card is a kind of smart card that implements one of the two editions, “Classic Edition” or “Connected Edition”, of the standard Java Card 3.0 [7]. Such a smart card embeds a virtual machine which interprets codes already romized with the operating system or downloaded after issuance. Due to security reasons, the ability to download code into the card is controlled by a protocol defined by Global Platform [3]. This protocol ensures that the owner of the code has the necessary authorization to perform the action. Java Card is an open platform for smart cards, i.e. able of loading and executing new applications after issuance. Thus, different applications from different providers run in the same smart card. Thanks to type verification, byte codes delivered by the Java compiler and the converter (in charge of giving a compact representation of class files) are safe, i.e. the loaded application is not hostile to other applications in the Java Card. Furthermore, the Java Card firewall checks permissions between applications in the card, enforcing isolation between them.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.: Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 81–95. Springer, Heidelberg (2003)
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010), http://dblp.uni-trier.de/db/conf/cardis/cardis2010.html#BarbuTG10
Global Platform: Card Specification v2.2 (2006)
Hemme, L.: A differential fault attack against early rounds of (Triple-)DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 170–217. Springer, Heidelberg (2004)
Hubbers, E., Poll, E.: Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours. Dept. of Computer Science NIII-R0438, Radboud University Nijmegen (2004)
Iguchi-Cartigny, J., Lanet, J.: Developing a Trojan applet in a Smart Card. Journal in Computer Virology (2010)
Oracle: Java Card Platform Specification, http://java.sun.com/javacard/specs.html
Piret, G., Quisquater, J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)
Sere, A., Iguchi-Cartigny, J., Lanet, J.: Automatic detection of fault attack and countermeasures. In: Proceedings of the 4th Workshop on Embedded Systems Security, p. 7. ACM, New York (2009)
Smart Secure Devices (SSD) Team – XLIM/University of Limoges: OPAL: An Open Platform Access Library, http://secinfo.msi.unilim.fr/
Smart Secure Devices (SSD) Team – XLIM/University of Limoges: The CAP file manipulator, http://secinfo.msi.unilim.fr/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Bouffard, G., Lanet, JL. (2012). The Next Smart Card Nightmare. In: Naccache, D. (eds) Cryptography and Security: From Theory to Applications. Lecture Notes in Computer Science, vol 6805. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28368-0_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-28368-0_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28367-3
Online ISBN: 978-3-642-28368-0
eBook Packages: Computer ScienceComputer Science (R0)