Synchronized Attacks on Multithreaded Systems - Application to Java Card 3.0 - Smart Card Research and Advanced Applications
Conference Papers Year : 2011

Synchronized Attacks on Multithreaded Systems - Application to Java Card 3.0

Abstract

Up to now devices in charge of performing secure transactions mainly remained limited regarding their functionalities. However the trend has recently gone towards an increasing integration of features and technologies, which could potentially represent a source of additional threats. This article introduces an innovative attack exploiting advanced functionalities and offering unrivalled opportunities. This attack targets specifically the multithreaded systems featuring network capabilities. By the way of a network flooding we show how a process can be interrupted at the precise time a sensitive operation is being executed. This interruption aims at subsequently modifying the execution context and consequently breaking the sensitive operation. The practical feasibility of this attack is illustrated on a Java Card 3.0 Connected Edition platform. This description reveals that going through with the full attack scenario is not obvious. However this apparent complexity must not conceal the potential breach, which may significantly alter any application running on the system. Finally the goal of this work is to emphasize that the increasing products complexity may generate new security issues rather than to highlight a specific weakness on released products.
Fichier principal
Vignette du fichier
multithreading.pdf (1.16 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-00692172 , version 1 (28-04-2012)

Identifiers

Cite

Guillaume Barbu, Hugues Thiebeauld. Synchronized Attacks on Multithreaded Systems - Application to Java Card 3.0. 10th Smart Card Research and Advanced Applications (CARDIS), Sep 2011, Leuven, Belgium. pp.18-33, ⟨10.1007/978-3-642-27257-8_2⟩. ⟨hal-00692172⟩
218 View
502 Download

Altmetric

Share

More