Skip to main content
Springer Nature Link
Log in

Java Card Combined Attacks with Localization-Agnostic Fault Injection

  • Conference paper
Smart Card Research and Advanced Applications (CARDIS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7771))

Abstract

In this paper, we present a paradigm for combined attacks on Java Cards that lowers the requirements on the localization precision of the fault injection. The attack relies on educated objects allocation to create favorable memory patterns that raise the chances of success of the combined attack. In order to maximize the probability of successful injection, we determine the optimal parameters depending on the physical properties of the targeted platform. Finally, we demonstrate the efficiency of our approach through fault injection simulation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Agrawal, D., Archambeault, B., Rao, J., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks (2004)

    Google Scholar 

  3. Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined software and hardware attacks on the Java Card control flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  6. Giraud, C., Thiebeauld, H.: A survey on fault attacks. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications VI. IFIP, vol. 153, pp. 159–176. Springer, Boston (2004)

    Chapter  Google Scholar 

  7. Govindavajhala, S., Appel, A.W.: Using memory errors to attack a virtual machine. In: IEEE Symposium on Security and Privacy, pp. 154–165. IEEE Computer Society (2003)

    Google Scholar 

  8. Hogenboom, J., Mostowski, W.: Full memory read attack on a Java Card (2003)

    Google Scholar 

  9. Iguchi-Cartigny, J., Lanet, J.L.: Developing a trojan applets in a smart card. Journal in Computer Virology 6, 343–351 (2010)

    Article  Google Scholar 

  10. Kim, C.H., Quisquater, J.J.: Faults, injection methods, and fault attacks. IEEE Des. Test 24, 544–545 (2007)

    Article  Google Scholar 

  11. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  12. Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: Proceedings of the USENIX Workshop on Smartcard Technology, p. 2. USENIX Association, Berkeley (1999)

    Google Scholar 

  13. Lancia, J.: Un framework de fuzzing pour cartes à puce: application aux protocoles EMV. In: Symposium sur la Sécurité des Technologies de l’Information et de la Communication, SSTIC, pp. 350–368 (2011)

    Google Scholar 

  14. Lancia, J.: Compromission d’une application bancaire JavaCard par attaque logicielle. In: Symposium sur la Sécurité des Technologies de l’Information et de la Communication, SSTIC (2012)

    Google Scholar 

  15. Lindholm, T., Yellin, F.: The Java(TM) Virtual Machine Specification, 2nd edn. Prentice Hall PTR (April 1999)

    Google Scholar 

  16. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  17. Moore, S., Anderson, R., Cunningham, P., Mullins, R., Taylor, G.: Improving smart card security using self-timed circuits. In: Technology, Fourth AciD-WG Workshop, Grenoble, ISBN, pp. 211–218 (2002)

    Google Scholar 

  18. Mostowski, W., Poll, E.: Malicious code on Java Card smartcards: Attacks and countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  19. Quisquater, J.J., Samyde, D.: Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  20. Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  21. Skorobogatov, S.P.: Semi-invasive attacks – a new approach to hardware security analysis. Tech. Rep. 630, University of Cambridge, Computer Laboratory (April 2005), http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf

  22. Sun Microsystems, Inc., Palo Alto/CA, USA: Java Card Platform Security, technical White Paper (2001)

    Google Scholar 

  23. Sun Microsystems, Inc., Palo Alto/CA, USA: Java Card 2.2 Application Programming Interface, API (2002)

    Google Scholar 

  24. Sun Microsystems, Inc., Palo Alto/CA, USA: Java Card 2.2 Runtime Environment (JCRE) Specification (2002)

    Google Scholar 

  25. Sun Microsystems, Inc., Palo Alto/CA, USA: Java Card 2.2 Virtual Machine Specification (2002)

    Google Scholar 

  26. Sun Microsystems, Inc., Palo Alto/CA, USA: Application Programming Interface (API) - Java Card(TM) Platform, Version 3.0.1 (2009)

    Google Scholar 

  27. Sun Microsystems, Inc., Palo Alto/CA, USA: Runtime Environment Specification - Java Card(TM) Platform, Version 3.0.1 (2009)

    Google Scholar 

  28. Sun Microsystems, Inc., Palo Alto/CA, USA: Virtual Machine Specification - Java Card(TM) Platform, Version 3.0.1 (2009)

    Google Scholar 

  29. Vetillard, E., Ferrari, A.: Combined attacks and countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SERMA Technologies, CESTI, 30, avenue Gustave Eiffel, 33600, Pessac, France

    Julien Lancia

Authors
  1. Julien Lancia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Infineon Technologies AG, Am Campeon 1-12, 85579, Neubiberg, Germany

    Stefan Mangard

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lancia, J. (2013). Java Card Combined Attacks with Localization-Agnostic Fault Injection. In: Mangard, S. (eds) Smart Card Research and Advanced Applications. CARDIS 2012. Lecture Notes in Computer Science, vol 7771. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37288-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37288-9_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37287-2

  • Online ISBN: 978-3-642-37288-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics