Paper Tigers: An Endless Fight

Farhadi, Mozhdeh; Lanet, Jean-Louis

doi:10.1007/978-3-319-47238-6_3

Mozhdeh Farhadi¹⁵ &
Jean-Louis Lanet¹⁶

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10006))

Included in the following conference series:

International Conference for Information Technology and Communications

932 Accesses
1 Citations

Abstract

Recently, researchers published several attacks on smart cards. Among these, software attacks are the most affordable, they do not require specific hardware (laser, EM probe, etc.). To prevent such attacks, smart card manufacturers embed dedicated software countermeasures to protect the sensitive system elements. They design countermeasure to mitigate an existing attack with global view of the security. An affordable countermeasure must have a high coverage with a low footprint. For that reasons the design of a mitigation technique is often a trade off between the memory usage and the efficiency of a countermeasure. We present here a survey bringing to the fore the countermeasures used to mitigate the attacks. We use the formalism of attack defense tree to have a synthetic and graphical view of the attack scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Rankl, W., Effing, W.: Smart Card Handbook. Wiley, Hoboken (2004)
Google Scholar
Oracle: Java Card Platform Specification. http://java.sun.com/javacard/specs.html
Sun Microsystems, Java Card Platform Security, Technical White Paper, October 2001
Google Scholar
Hubbers, E., Poll, E.: Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviors. Department of Computer Science NIII-R0438, Radboud University Nijmegen (2004)
Google Scholar
Witteman, M.: Java Card security. Inf. Secur. Bull. 8, 291–298 (2003)
Google Scholar
Mostowski, W., Poll, E.: Malicious code on Java Card smartcards: attacks and countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85893-5_1
Chapter Google Scholar
Bouffard, G., Khefif, T., Lanet, J.-L., Kane, I., Salvia, S.C.: Accessing secure information using export file fraudulence. In: CRiSIS, pp. 1–5 (2013)
Google Scholar
Noubissi, A., Séré, A., Iguchi-Cartigny, J., Lanet, J.-L., Bouffard, G., Boutet, J.: Cartes puce: attaques et contremesures. In: MajecSTIC 16.1112 (2009)
Google Scholar
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the Java Card control flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011). doi:10.1007/978-3-642-27257-8_18
Chapter Google Scholar
Faugeron, E.: Manipulating the frame information with an underflow attack. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 140–151. Springer, Heidelberg (2014). doi:10.1007/978-3-319-08302-5_10
Google Scholar
Bouffard, G., Lanet, J.-L.: The ultimate control flow transfer in a Java based smart card. Comput. Secur. 50(2015), 3346 (2015). doi:10.1016/j.cose. 01.004
Google Scholar
Farhadi, M. , Lanet, J.L.: Chronicle of Java Card death. J. Comput. Virol. Hacking Tech. 1–15 (2016). doi:10.1007/s11416-016-0276-0
Google Scholar
Hamadouche, S., Bouffard, G., Lanet, J.-L., Dorsemaine, B., Nouhant, B., Magloire, A., Reygnaud, A.: Subverting byte code linker service to characterize Java Card API. In: Seventh Conference on Network and Information Systems Security (SAR-SSI), pp. 75–81 (2012)
Google Scholar
Dubreuil J.: Java Card security, software and combined attacks. In: SSTIC (2016)
Google Scholar
Lancia, J., Bouffard, G.: Java Card virtual machine compromising from a byte code verified applet. In: 14th CARDIS, Bochum, pp. 75–88 (2015)
Google Scholar
Lancia, J., Bouffard, G.: Fuzzing and overflows in Java Card smart cards. In: SSTIC Conference, Rennes, France, June 2016
Google Scholar
Laugier, B., Razafindralambo, T.: Misuse of frame creation to exploit stack underflow attacks on Java Card. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 89–104. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31271-2_6
Chapter Google Scholar
Schneier, B.: Attack trees. Dr. Dobb J. 24(12), 21–29 (1999)
Google Scholar
Common Criteria, Common Criteria for Information Technology Security Evaluation, version 3.1, July 2009
Google Scholar

Download references

Author information

Authors and Affiliations

Tehran, Iran
Mozhdeh Farhadi
INRIA, LHS PEC, 263 Avenue Général Leclerc, 35042, Rennes, France
Jean-Louis Lanet

Authors

Mozhdeh Farhadi
View author publications
You can also search for this author in PubMed Google Scholar
Jean-Louis Lanet
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jean-Louis Lanet .

Editor information

Editors and Affiliations

Military Technical Academy , Bucharest, Romania
Ion Bica
NEC Laboratories Europe , Heidelberg, Germany
Reza Reyhanitabar

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Farhadi, M., Lanet, JL. (2016). Paper Tigers: An Endless Fight. In: Bica, I., Reyhanitabar, R. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2016. Lecture Notes in Computer Science(), vol 10006. Springer, Cham. https://doi.org/10.1007/978-3-319-47238-6_3

Download citation

DOI: https://doi.org/10.1007/978-3-319-47238-6_3
Published: 05 October 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47237-9
Online ISBN: 978-3-319-47238-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics