Skip to main content
SpringerLink
Log in

Exploiting JCVM on Smart Cards Using Forged References in the API Calls

  • Conference paper
  • First Online:
Book cover Smart Card Research and Advanced Applications (CARDIS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11389))

  • 694 Accesses

Abstract

This paper presents a novel style of attack which compromises the applet isolation implemented by modern smart cards built on the Java Card platform. System calls (APIs) implemented by all cards tested during our research – from several different manufacturers – fail to perform (sufficient) checks on the ownership of the objects provided by applets, compromising the security of the applet firewall. The practical impact of these vulnerabilities is platform-specific; we show that disclosure of critical private data including secure channel protocol keys is possible on some cards, and that even Secure Elements – with dedicated hardware support for memory isolation – fail to prevent memory disclosure of objects owned by the Java Card Runtime Environment, despite preventing all other known state-of-the-art logical attacks. We demonstrate that physical attacks can also be used to exploit this vulnerability on some smart cards, removing the need for an attacker to first install an applet on the card. Finally, we propose a potential countermeasure for preventing these classes of attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Barbu, G., Duc, G., Hoogvorst, P.: Java card operand stack: fault attacks, combined attacks and countermeasures. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 297–313. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_19

    Chapter  Google Scholar 

  2. Bouffard, G., Lanet, J.-L.: Reversing the operating system of a Java based smart card. J. Comput. Virol. Hacking Tech. 10(4), 239–253 (2014)

    Article  Google Scholar 

  3. Farhadi, M., Lanet, J.-L.: Chronicle of a Java Card death. J. Comput. Virol. Hacking Tech. (2), 1–15 (2017)

    Google Scholar 

  4. Faugeron, E.: Manipulating the frame information with an underflow attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 140–151. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_10

    Chapter  Google Scholar 

  5. GlobalPlatform. GlobalPlatform Card Specification 2.2, March 2006. http://www.win.tue.nl/pinpasjc/docs/GPCardSpec_v2.2.pdf

  6. Machiry, A., et al.: Boomerang: exploiting the semantic gap in trusted execution environments. In: Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS) (2017)

    Google Scholar 

  7. Mesbah, A., Mezghiche, M., Lanet, J.-L.: Persistent fault injection attack from white-box to black-box. In: 2017 5th International Conference on Electrical Engineering - Boumerdes (ICEE-B), pp. 1–6 (2017)

    Google Scholar 

  8. Sun Microsystems. The Java Card application programming interface (API), 3.0.5, October 2015. https://docs.oracle.com/javacard/3.0.5/api/index.html

  9. Mostowski, W., Poll, E.: Malicious code on java card smartcards: attacks and countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85893-5_1

    Chapter  Google Scholar 

  10. Rothbart, K., Neffe, U., Steger, C., Weiss, R., Rieger, E., Mühlberger, A.: Power consumption profile analysis for security attack simulation in smart cards at high abstraction level. In: Proceedings of the 5th ACM International Conference on Embedded Software, pp. 214–217 (2005)

    Google Scholar 

  11. Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering java card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72354-7_12

    Chapter  Google Scholar 

  12. Witteman, M.: Java Card security. Inf. Secur. Bull. 8, 291–298 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Riscure B.V., Delft, The Netherlands

    Sergei Volokitin

Authors
  1. Sergei Volokitin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sergei Volokitin .

Editor information

Editors and Affiliations

  1. Rambus - Cryptography Research, Rotterdam, Zuid-Holland, The Netherlands

    Begül Bilgin

  2. Nagravision, Cheseaux-sur-Lausanne, Vaud, Switzerland

    Jean-Bernard Fischer

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Volokitin, S. (2019). Exploiting JCVM on Smart Cards Using Forged References in the API Calls. In: Bilgin, B., Fischer, JB. (eds) Smart Card Research and Advanced Applications. CARDIS 2018. Lecture Notes in Computer Science(), vol 11389. Springer, Cham. https://doi.org/10.1007/978-3-030-15462-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-15462-2_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-15461-5

  • Online ISBN: 978-3-030-15462-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation