Skip to main content
SpringerLink
Log in

Developing a Trojan applets in a smart card

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

This paper presents a method to inject a mutable Java Card applet into a smart card. This code can on demand parse the memory in order to search for a given pattern and eliminate it. One of these key features is to bypass security checks or retrieve secret data from other applets. We evaluate the countermeasures against this attack and we show how some of them can be circumvented and we propose to combine this attack with others already known.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Virtual machine specification, java card platform, version 3.0, classic edition (2008). http://java.sun.com/javacard/3.0/

  2. Global Platform Specification 2.2. http://www.globalplatform.org/specifications.asp

  3. Girard P., Lanet J.L.: New security issues raised by open cards. Inf. Secur. Tech. Rep. 4(1), 4–5 (1999)

    Article  Google Scholar 

  4. Anderson, R., Kuhn, M.: Tamper resistance: a cautionary note. In: WOEC’96: Proceedings of the 2nd conference on Proceedings of the Second USENIXWorkshop on Electronic Commerce, p. 1. USENIX Association, Berkeley (1996)

  5. Bar-El H., Choukri H., Naccache D., Tunstall M., Whelan C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)

    Article  Google Scholar 

  6. Joint interpretation library application of attack potential to smartcards, v2.1, available at http://www.ssi.gouv.fr/site_documents/JIL/JIL-The_application_of_attack_potential_to_smartcards_V2-1.pdf (2006)

  7. Mostowski,W., Poll, E.: Malicious code on java card smartcards: Attacks and countermeasures. In: Proceedings of the Smart Card Research and advanced application conference (CARDIS 2008), pp. 1–16 (2008)

  8. Vertanen O.: Java Type Confusion and Fault Attacks, Lecture Notes in Computer Science, vol. 4326/2006, pp. 237–251. Springer, Berlin (2006)

    Google Scholar 

  9. Witteman M.: Smartcard security. Inf. Secur. Bull. 8, 291–298 (2003)

    Google Scholar 

  10. Hyppönen, K.: Use of cryptographic codes for bytecode verification in smart card environment. Master’s thesis, University of Kuopio (2003). Available at http://dx.doi.org/10.1007/978-3-540-69485-4_15

Download references

Author information

Authors and Affiliations

  1. XLIM/DMI/SSD, 83 rue d’Isle, 87000, Limoges, France

    Julien Iguchi-Cartigny & Jean-Louis Lanet

Authors
  1. Julien Iguchi-Cartigny
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Louis Lanet
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jean-Louis Lanet.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Iguchi-Cartigny, J., Lanet, JL. Developing a Trojan applets in a smart card. J Comput Virol 6, 343–351 (2010). https://doi.org/10.1007/s11416-009-0135-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-009-0135-3

Keywords

Search

Navigation