Abstract
Java Cards have been threatened so far by attacks using ill-formed applications which assume that the application bytecode is not verified. This assumption remained realistic as long as the bytecode verifier was commonly executed off-card and could thus be bypassed. Nevertheless it can no longer be applied to the Java Card 3 Connected Edition context where the bytecode verification is necessarily performed on-card. Therefore Java Card 3 Connected Edition seems to be immune against this kind of attacks. In this paper, we demonstrate that running ill-formed application does not necessarily mean loading and installing ill-formed application. For that purpose, we introduce a brand new kind of attack which combines fault injection and logical tampering. By these means, we describe two case studies taking place in the new Java Card 3 context. The first one shows how ill-formed applications can still be introduced and executed despite the on-card bytecode verifier. The second example leads to the modification of any method already installed on the card into any malicious bytecode. Finally we successfully mount these attacks on a recent device, emphasizing the necessity of taking into account these new threats when implementing Java Card 3 features.
Chapter PDF
Similar content being viewed by others
References
Allenbach, P.: Java Card 3: Classic Functionality Gets a Connectivity Boost (2009), http://java.sun.com/developer/technicalArticles/javacard/javacard3/
Anderson, R., Kuhn, M.: Tamper Resistance – a Cautionary Note. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11. USENIX Association (1996)
Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.P.: Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)
Barbu, G.: Fault Attacks on Java Card 3 Virtual Machine. In: e-Smart 2009 (2009)
Bauduin, R.: Fault Attacks, an Intuitive Approach. In: Fault Diagnosis and Tolerance in Cryptography, FDTC 2006 (2006) (invited talk)
Boneh, D., DeMillo, R., Lipton, R.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Common Criteria: Application of Attack Potential to Smartcards - Version 2.7, Rev.1 (2009)
Giraud, C., Thiebeauld, H.: A Survey on Fault Attacks. In: Smart Card Research and Advanced Application Conference (CARDIS 2004). LNCS, pp. 159–176. Springer, Heidelberg (2004)
GlobalPlatform Inc.: GlobalPlatform Card Specification 2.1.1. (2003)
GlobalPlatform Inc.: GlobalPlatform Card Specification 2.2. (2006)
Govindavajhala, S., Appel, A.: Using Memory Errors to Attack a Virtual Machine. In: IEEE Symposium on Security and Privacy, SP 2003 (2003)
Hyppönen, K.: Use of Cryptographic Codes for Bytecode Verification in Smartcard Environment. Master’s thesis, University of Kuopio, Finland (2003)
Iguchi-Cartigny, J., Lanet, J.L.: Évaluation de l’injection de code malicieux dans une Java Card. In: Symposium sur la Sécurité des Technologies de l’Information et de la Communication, SSTIC 2009 (2009)
Kocher, P., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. Technical report, Cryptography Research Inc. (1998)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification, 2nd edn. Addison-Wesley, Reading (1999)
Mostowski, W., Poll, E.: Malicious Code on Java Card Smartcards: Attacks and Countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)
Sun Microsystems Inc.: Application Programming Interface, Java Card Platform Version 3.0.1 Connected edn. (2009)
Sun Microsystems Inc.: Java Card Portal, http://java.sun.com/javacard/
Sun Microsystems Inc.: Runtime Environment Specification, Java Card Platform Version 2.2.2 (2006)
Sun Microsystems Inc.: Runtime Environment Specification, Java Card Platform Version 3.0.1 Connected edn. (2009)
Sun Microsystems Inc.: Virtual Machine Specification, Java Card Platform Version 2.2.2 (2006)
Vermoen, D., Witteman, M., Gaydadjiev, G.: Reverse Engineering Java Card Applet Using Power Analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007)
Witteman, M.: Java Card Security. Information Security Bulletin 8, 291–298 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barbu, G., Thiebeauld, H., Guerin, V. (2010). Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, JL., Iguchi-Cartigny, J. (eds) Smart Card Research and Advanced Application. CARDIS 2010. Lecture Notes in Computer Science, vol 6035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12510-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-12510-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12509-6
Online ISBN: 978-3-642-12510-2
eBook Packages: Computer ScienceComputer Science (R0)