Checking the Paths to Identify Mutant Application on Embedded Systems

  • Ahmadou Al Khary Séré
  • Julien Iguchi-Cartigny
  • Jean-Louis Lanet
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6485)


The resistance of Java Card against attack is based on software and hardware countermeasures, and the ability of the Java platform to check the correct behaviour of Java code (by using bytecode verification for instance). Recently, the idea to combine logical attacks with a physical attack in order to bypass bytecode verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified on-card using laser beam. Such applications become mutant applications, with a different control flow from the original expected behaviour. This internal change could lead to bypass control and protection and thus offer illegal access to secret data and operation inside the chip. This paper presents an evaluation of the ability of an application to become mutant and a new countermeasure based on the runtime check of the application control flow to detect the deviant mutations....


Smart Card Java Card Fault Attack Control Flow Graph 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumuller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.: Fault attacks on RSA with CRT: Concrete results and practical countermeasures. LNCS, pp. 260–275 (2003)Google Scholar
  2. 2.
    Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Blomer, J., Otto, M., Seifert, J.P.: A new CRT-RSA algorithm secure against Bellcore attacks. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 311–320. ACM, New York (2003)Google Scholar
  4. 4.
    Global platform group. Global platform official site (July 2010)
  5. 5.
    Hemme, L.: A differential fault attack against early rounds of (triple-) DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 254–267. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Iguchi-Cartigny, J., Lanet, J.L.: Developing a Trojan applets in a smart card. Journal in Computer Virology, 1–9 (2009)Google Scholar
  7. 7.
    Sun Mycrosystems, Java CardTM 3.0.1 Specification. Sun Microsystems (2009)Google Scholar
  8. 8.
    Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Sere, A.A., Iguchi-Cartigny, J., Lane, J.L.: Automatic detection of fault attack and countermeasures. In: Proceedings of the 4th Workshop on Embedded Systems Security, pp. 1–7. ACM, New York (2009)Google Scholar
  10. 10.
    Sere, A.A., Iguchi-Cartigny, J., Lanet, J.L.: Checking the Path to Identify Control Flow Modification. PAca Security Trends In embedded Systems (2010)Google Scholar
  11. 11.
    Sere, A.A., Iguchi-Cartigny, J., Lanet, J.L.: Mutant applications in smart card. In: Proceedings of CIS 2010(2010)Google Scholar
  12. 12.
    Vetillard, E., Ferrari, A.: Combined Attacks and Countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Wagner, D.: Cryptanalysis of a provably secure crt-rsa algorithm. In: Proceedings of the 11th ACM conference on Computer and communications security, pp. 92–97. ACM, New York (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Ahmadou Al Khary Séré
    • 1
  • Julien Iguchi-Cartigny
    • 2
  • Jean-Louis Lanet
    • 2
  1. 1.XLIM LabsUniversité de Limoges, JIDELimogesFrance
  2. 2.Université de Limoges, JIDELimogesFrance

Personalised recommendations