Combined Software and Hardware Attacks on the Java Card Control Flow - Smart Card Research and Advanced Applications
Conference Papers Year : 2011

Combined Software and Hardware Attacks on the Java Card Control Flow

Guillaume Bouffard
DMI
Julien Iguchi-Cartigny
DMI
Jean-Louis Lanet
  • Function : Author
  • PersonId : 918086
DMI

Abstract

The Java Card uses two components to ensure the security of its model. On the one hand, the byte code verifier (BCV) checks, during an applet installation, if the Java Card security model is ensured. This mechanism may not be present in the card. On the other hand, the firewall dynamically checks if there is no illegal access. This paper describes two attacks to modify the Java Card control flow and to execute our own malicious byte code. In the first attack, we use a card without embedded security verifier and we show how it is simple to change the return address of a current function. In the second attack, we consider the hypothesis that the card embeds a partial implementation of a BCV. With the help of a laser beam, we are able to change the execution flow.
Fichier principal
Vignette du fichier
978-3-642-27257-8_18_Chapter.pdf (391.76 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-00684616 , version 1 (27-09-2017)

Licence

Identifiers

Cite

Guillaume Bouffard, Julien Iguchi-Cartigny, Jean-Louis Lanet. Combined Software and Hardware Attacks on the Java Card Control Flow. 10th Smart Card Research and Advanced Applications (CARDIS), Sep 2011, Leuven, Belgium. pp.283-296, ⟨10.1007/978-3-642-27257-8_18⟩. ⟨hal-00684616⟩
268 View
525 Download

Altmetric

Share

More