Skip to main content
Springer Nature Link
Log in

A Dynamic Syntax Interpretation for Java Based Smart Card to Mitigate Logical Attacks

  • Conference paper
Recent Trends in Computer Networks and Distributed Systems Security (SNDS 2012)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 335))

Abstract

Off late security problems related to smart cards have seen a significant rise and the risks of the attack are of deep concern for the industries. In this context, smart card industries try to overcome the anomaly by implementing various countermeasures. In this paper we discuss and present a powerful attack based on the vulnerability of the linker which could change the correct byte code into malicious one. During the attack, the linker interprets the instructions as tokens and are able to resolve them. Later we propose a countermeasure which scrambles the instructions of the method byte code with the Java Card Program Counter (jpc). Without the knowledge of jpc used to decrypt the byte code, an attacker cannot execute any malicious byte code. By this way we propose security interoperability for different Java Card platforms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Aranda, F.X., Lanet, J.L.: Smart Card Reverse-Engineering Code Execution Using Side-Channel Analysis. NTCCS, Théorie des Nombres, Codes, Cryptographie et Systèmes de Communication, Oujda, Marocco (April 2012)

    Google Scholar 

  2. Barbu, G.: On the security of Java Card platforms against hardware attacks. Ph.D. thesis, TÉLÉCOM ParisTech (2012)

    Google Scholar 

  3. Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Bouffard, G., Lanet, J.-L., Machemie, J.-B., Poichotte, J.-Y., Wary, J.-P.: Evaluation of the Ability to Transform SIM Applications into Hostile Applications. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 1–17. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  6. Clavier, C.: De la sécurité physique des crypto-systèmes embarqués. Ph.D. thesis, Université de Versailles Saint-Quentin-en-Yvelines (2007)

    Google Scholar 

  7. Global Platform: Card Specification v2.2 (2006)

    Google Scholar 

  8. Hamadouche, S.: Étude de la sécurité d’un vérifieur de Byte Code et génération de tests de vulnérabilité. Master’s thesis, Université de Boumerdés (2012)

    Google Scholar 

  9. Hubbers, E., Poll, E.: Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours. Dept. of Computer Science NIII-R0438, Radboud University Nijmegen (2004)

    Google Scholar 

  10. Iguchi-Cartigny, J., Lanet, J.: Developing a Trojan applet in a Smart Card. Journal in Computer Virology (2010)

    Google Scholar 

  11. ISO/IEC: Common Criteria v3.0. Tech. rep., ISO/IEC 15408:2005 Information technology - Security techniques - Evaluation criteria for IT security (2005)

    Google Scholar 

  12. Oracle: Java Card Platform Specification

    Google Scholar 

  13. Petri, S.: An introduction to smart cards. Secure Service Provider TM (2002), http://www.artofconfusion.org/smartcards/docs/intro.pdf

  14. Smart Secure Devices (SSD) Team – XLIM, Université de Limoges: The CAP file manipulator, http://secinfo.msi.unilim.fr/

  15. Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse Engineering Java Card Applets Using Power Analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Smart Secure Devices (SSD) Team, XLIM/Université de Limoges, 123 Avenue Albert Thomas, 87060, Limoges, France

    Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N. Thampi & Jean-Louis Lanet

Authors
  1. Tiana Razafindralambo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guillaume Bouffard
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bhagyalekshmy N. Thampi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Louis Lanet
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi  & Tony Thomas  & 

  2. School of Information Technologies, The University of Sydney, Building J12, 2006, Sydney, NSW, Australia

    Albert Y. Zomaya

  3. FG Peer-to-Peer-Netzwerke, TU Darmstadt - FB 20, Hochschulstr. 10, 64289, Darmstadt, Germany

    Thorsten Strufe

  4. Hewlett-Packard Laboratories, Stoke Gifford, BS34 8QZ, Bristol, UK

    Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Razafindralambo, T., Bouffard, G., Thampi, B.N., Lanet, JL. (2012). A Dynamic Syntax Interpretation for Java Based Smart Card to Mitigate Logical Attacks. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2012. Communications in Computer and Information Science, vol 335. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34135-9_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34135-9_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34134-2

  • Online ISBN: 978-3-642-34135-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics