Checking the Paths to Identify Mutant Application on Embedded Systems
The resistance of Java Card against attack is based on software and hardware countermeasures, and the ability of the Java platform to check the correct behaviour of Java code (by using bytecode verification for instance). Recently, the idea to combine logical attacks with a physical attack in order to bypass bytecode verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified on-card using laser beam. Such applications become mutant applications, with a different control flow from the original expected behaviour. This internal change could lead to bypass control and protection and thus offer illegal access to secret data and operation inside the chip. This paper presents an evaluation of the ability of an application to become mutant and a new countermeasure based on the runtime check of the application control flow to detect the deviant mutations....
KeywordsSmart Card Java Card Fault Attack Control Flow Graph
Unable to display preview. Download preview PDF.
- 1.Aumuller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.: Fault attacks on RSA with CRT: Concrete results and practical countermeasures. LNCS, pp. 260–275 (2003)Google Scholar
- 3.Blomer, J., Otto, M., Seifert, J.P.: A new CRT-RSA algorithm secure against Bellcore attacks. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 311–320. ACM, New York (2003)Google Scholar
- 4.Global platform group. Global platform official site (July 2010) http://www.globalplatform.org
- 6.Iguchi-Cartigny, J., Lanet, J.L.: Developing a Trojan applets in a smart card. Journal in Computer Virology, 1–9 (2009)Google Scholar
- 7.Sun Mycrosystems, Java CardTM 3.0.1 Specification. Sun Microsystems (2009)Google Scholar
- 9.Sere, A.A., Iguchi-Cartigny, J., Lane, J.L.: Automatic detection of fault attack and countermeasures. In: Proceedings of the 4th Workshop on Embedded Systems Security, pp. 1–7. ACM, New York (2009)Google Scholar
- 10.Sere, A.A., Iguchi-Cartigny, J., Lanet, J.L.: Checking the Path to Identify Control Flow Modification. PAca Security Trends In embedded Systems (2010)Google Scholar
- 11.Sere, A.A., Iguchi-Cartigny, J., Lanet, J.L.: Mutant applications in smart card. In: Proceedings of CIS 2010(2010)Google Scholar
- 13.Wagner, D.: Cryptanalysis of a provably secure crt-rsa algorithm. In: Proceedings of the 11th ACM conference on Computer and communications security, pp. 92–97. ACM, New York (2004)Google Scholar