Abstract
This paper presents a novel style of attack which compromises the applet isolation implemented by modern smart cards built on the Java Card platform. System calls (APIs) implemented by all cards tested during our research – from several different manufacturers – fail to perform (sufficient) checks on the ownership of the objects provided by applets, compromising the security of the applet firewall. The practical impact of these vulnerabilities is platform-specific; we show that disclosure of critical private data including secure channel protocol keys is possible on some cards, and that even Secure Elements – with dedicated hardware support for memory isolation – fail to prevent memory disclosure of objects owned by the Java Card Runtime Environment, despite preventing all other known state-of-the-art logical attacks. We demonstrate that physical attacks can also be used to exploit this vulnerability on some smart cards, removing the need for an attacker to first install an applet on the card. Finally, we propose a potential countermeasure for preventing these classes of attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barbu, G., Duc, G., Hoogvorst, P.: Java card operand stack: fault attacks, combined attacks and countermeasures. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 297–313. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_19
Bouffard, G., Lanet, J.-L.: Reversing the operating system of a Java based smart card. J. Comput. Virol. Hacking Tech. 10(4), 239–253 (2014)
Farhadi, M., Lanet, J.-L.: Chronicle of a Java Card death. J. Comput. Virol. Hacking Tech. (2), 1–15 (2017)
Faugeron, E.: Manipulating the frame information with an underflow attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 140–151. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_10
GlobalPlatform. GlobalPlatform Card Specification 2.2, March 2006. http://www.win.tue.nl/pinpasjc/docs/GPCardSpec_v2.2.pdf
Machiry, A., et al.: Boomerang: exploiting the semantic gap in trusted execution environments. In: Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS) (2017)
Mesbah, A., Mezghiche, M., Lanet, J.-L.: Persistent fault injection attack from white-box to black-box. In: 2017 5th International Conference on Electrical Engineering - Boumerdes (ICEE-B), pp. 1–6 (2017)
Sun Microsystems. The Java Card application programming interface (API), 3.0.5, October 2015. https://docs.oracle.com/javacard/3.0.5/api/index.html
Mostowski, W., Poll, E.: Malicious code on java card smartcards: attacks and countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85893-5_1
Rothbart, K., Neffe, U., Steger, C., Weiss, R., Rieger, E., Mühlberger, A.: Power consumption profile analysis for security attack simulation in smart cards at high abstraction level. In: Proceedings of the 5th ACM International Conference on Embedded Software, pp. 214–217 (2005)
Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering java card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72354-7_12
Witteman, M.: Java Card security. Inf. Secur. Bull. 8, 291–298 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Volokitin, S. (2019). Exploiting JCVM on Smart Cards Using Forged References in the API Calls. In: Bilgin, B., Fischer, JB. (eds) Smart Card Research and Advanced Applications. CARDIS 2018. Lecture Notes in Computer Science(), vol 11389. Springer, Cham. https://doi.org/10.1007/978-3-030-15462-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-15462-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15461-5
Online ISBN: 978-3-030-15462-2
eBook Packages: Computer ScienceComputer Science (R0)