Abstract
Recently, researchers published several attacks on smart cards. Among these, software attacks are the most affordable, they do not require specific hardware (laser, EM probe, etc.). To prevent such attacks, smart card manufacturers embed dedicated software countermeasures to protect the sensitive system elements. They design countermeasure to mitigate an existing attack with global view of the security. An affordable countermeasure must have a high coverage with a low footprint. For that reasons the design of a mitigation technique is often a trade off between the memory usage and the efficiency of a countermeasure. We present here a survey bringing to the fore the countermeasures used to mitigate the attacks. We use the formalism of attack defense tree to have a synthetic and graphical view of the attack scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rankl, W., Effing, W.: Smart Card Handbook. Wiley, Hoboken (2004)
Oracle: Java Card Platform Specification. http://java.sun.com/javacard/specs.html
Sun Microsystems, Java Card Platform Security, Technical White Paper, October 2001
Hubbers, E., Poll, E.: Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviors. Department of Computer Science NIII-R0438, Radboud University Nijmegen (2004)
Witteman, M.: Java Card security. Inf. Secur. Bull. 8, 291–298 (2003)
Mostowski, W., Poll, E.: Malicious code on Java Card smartcards: attacks and countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85893-5_1
Bouffard, G., Khefif, T., Lanet, J.-L., Kane, I., Salvia, S.C.: Accessing secure information using export file fraudulence. In: CRiSIS, pp. 1–5 (2013)
Noubissi, A., Séré, A., Iguchi-Cartigny, J., Lanet, J.-L., Bouffard, G., Boutet, J.: Cartes puce: attaques et contremesures. In: MajecSTIC 16.1112 (2009)
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the Java Card control flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011). doi:10.1007/978-3-642-27257-8_18
Faugeron, E.: Manipulating the frame information with an underflow attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 140–151. Springer, Heidelberg (2014). doi:10.1007/978-3-319-08302-5_10
Bouffard, G., Lanet, J.-L.: The ultimate control flow transfer in a Java based smart card. Comput. Secur. 50(2015), 3346 (2015). doi:10.1016/j.cose. 01.004
Farhadi, M. , Lanet, J.L.: Chronicle of Java Card death. J. Comput. Virol. Hacking Tech. 1–15 (2016). doi:10.1007/s11416-016-0276-0
Hamadouche, S., Bouffard, G., Lanet, J.-L., Dorsemaine, B., Nouhant, B., Magloire, A., Reygnaud, A.: Subverting byte code linker service to characterize Java Card API. In: Seventh Conference on Network and Information Systems Security (SAR-SSI), pp. 75–81 (2012)
Dubreuil J.: Java Card security, software and combined attacks. In: SSTIC (2016)
Lancia, J., Bouffard, G.: Java Card virtual machine compromising from a byte code verified applet. In: 14th CARDIS, Bochum, pp. 75–88 (2015)
Lancia, J., Bouffard, G.: Fuzzing and overflows in Java Card smart cards. In: SSTIC Conference, Rennes, France, June 2016
Laugier, B., Razafindralambo, T.: Misuse of frame creation to exploit stack underflow attacks on Java Card. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 89–104. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31271-2_6
Schneier, B.: Attack trees. Dr. Dobb J. 24(12), 21–29 (1999)
Common Criteria, Common Criteria for Information Technology Security Evaluation, version 3.1, July 2009
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Farhadi, M., Lanet, JL. (2016). Paper Tigers: An Endless Fight. In: Bica, I., Reyhanitabar, R. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2016. Lecture Notes in Computer Science(), vol 10006. Springer, Cham. https://doi.org/10.1007/978-3-319-47238-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-47238-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47237-9
Online ISBN: 978-3-319-47238-6
eBook Packages: Computer ScienceComputer Science (R0)