Abstract
This paper presents a method to inject a mutable Java Card applet into a smart card. This code can on demand parse the memory in order to search for a given pattern and eliminate it. One of these key features is to bypass security checks or retrieve secret data from other applets. We evaluate the countermeasures against this attack and we show how some of them can be circumvented and we propose to combine this attack with others already known.
Similar content being viewed by others
References
Virtual machine specification, java card platform, version 3.0, classic edition (2008). http://java.sun.com/javacard/3.0/
Global Platform Specification 2.2. http://www.globalplatform.org/specifications.asp
Girard P., Lanet J.L.: New security issues raised by open cards. Inf. Secur. Tech. Rep. 4(1), 4–5 (1999)
Anderson, R., Kuhn, M.: Tamper resistance: a cautionary note. In: WOEC’96: Proceedings of the 2nd conference on Proceedings of the Second USENIXWorkshop on Electronic Commerce, p. 1. USENIX Association, Berkeley (1996)
Bar-El H., Choukri H., Naccache D., Tunstall M., Whelan C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)
Joint interpretation library application of attack potential to smartcards, v2.1, available at http://www.ssi.gouv.fr/site_documents/JIL/JIL-The_application_of_attack_potential_to_smartcards_V2-1.pdf (2006)
Mostowski,W., Poll, E.: Malicious code on java card smartcards: Attacks and countermeasures. In: Proceedings of the Smart Card Research and advanced application conference (CARDIS 2008), pp. 1–16 (2008)
Vertanen O.: Java Type Confusion and Fault Attacks, Lecture Notes in Computer Science, vol. 4326/2006, pp. 237–251. Springer, Berlin (2006)
Witteman M.: Smartcard security. Inf. Secur. Bull. 8, 291–298 (2003)
Hyppönen, K.: Use of cryptographic codes for bytecode verification in smart card environment. Master’s thesis, University of Kuopio (2003). Available at http://dx.doi.org/10.1007/978-3-540-69485-4_15
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Iguchi-Cartigny, J., Lanet, JL. Developing a Trojan applets in a smart card. J Comput Virol 6, 343–351 (2010). https://doi.org/10.1007/s11416-009-0135-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-009-0135-3