Abstract
Stack underflow attacks against Java Card platform attempt to access undefined local variables or operands to corrupt data that are not supposed to be accessible. Indeed, their exploitations rely on changing system data (return address, execution of context, etc.). The current attacks are restricted to the main assumption that the frame system data is located between the operand stack and the local variable area. However, Java stacks are implementation dependent and their structures are not always in the above configuration. This article presents a new attack which does not rely on the Java stack implementation model and that exploits specific countermeasure omission during frame allocation. Nevertheless the attack relies on ill-formed application that does not undergo the Bytecode Verifier. In spite of that, it is well-known that fault injection can be used to turn harmless code sequence into malicious code. We then suggest a new combined attack that allows performing several type confusions with one fault model.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)
Bouffard, G.: A Generic Approach for Protecting Java Card Smart Card Against Software Attacks. PhD thesis, Université de Limoges (2014)
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the java card control flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)
Bouffard, G., Khefif, T., Kane, I., Salvia, S.C.: Accessing Secure Information using Export file Fraudulence. In: CRiSIS, pp. 1–5, La Rochelle, France, October 2013
Calafato, A.: An analysis of the vulnerabilities introduced with java card 3 connected edition (2013)
Faugeron, E.: Manipulate frame information with an underflow attack undetected by the off-card verifie (2013)
Hubbers, E., Poll, E.: Transactions and non-atomic api calls in java card: specification ambiguity and strange implementation behaviours. Radboud University Nijmegen, Department of Computer Science NIII-R0438 (2004)
Iguchi-Cartigny, J., Lanet, J.-L.: Developing a trojan applets in a smart card. J. Comput. Virol. 6(4), 343–351 (2010)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener [17], pp. 388–397
Lackner, M., Berlach, R., Loinig, J., Weiss, R., Steger, C.: Towards the hardware accelerated defensive virtual machine – type and bound protection. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 1–15. Springer, Heidelberg (2013)
Mostowski, W., Poll, E.: Malicious code on java card smartcards: attacks and countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)
Nohl, K.: Rooting sim cards (2013)
The Last Stage of Delirium Research Group: Java and java virtual machine security vulnerabilities and their exploitation techniques (2002)
Sere, A.A., Iguchi-Cartigny, J., Lanet, J.-L.: Evaluation of countermeasures against fault attacks on smart cards. Int. J. Secur. Appl. 5(2), 49–61 (2011)
Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Vetillard, E., Ferrari, A.: Combined attacks and countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)
Wiener, M.J. (ed.) 19th Annual International Cryptology Conference—Advances in Cryptology - CRYPTO 1999, Santa Barbara, California, USA, August 15–19. Lecture Notes in Computer Science, vol. 1666. Springer, Heidelberg (1999)
Witteman, M.: Advances in smartcard security. Inf. Secur. Bull. 7, 11–22 (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Laugier, B., Razafindralambo, T. (2016). Misuse of Frame Creation to Exploit Stack Underflow Attacks on Java Card. In: Homma, N., Medwed, M. (eds) Smart Card Research and Advanced Applications. CARDIS 2015. Lecture Notes in Computer Science(), vol 9514. Springer, Cham. https://doi.org/10.1007/978-3-319-31271-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-31271-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31270-5
Online ISBN: 978-3-319-31271-2
eBook Packages: Computer ScienceComputer Science (R0)