A Defensive Virtual Machine Layer to Counteract Fault Attacks on Java Cards

Lackner, Michael; Berlach, Reinhard; Raschke, Wolfgang; Weiß, Reinhold; Steger, Christian

doi:10.1007/978-3-642-38530-8_6

Cited by 4 publications

(5 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…No Applet Preprocessing Required: In [11,12], a defensive JVM that stores the used main data type integralData or reference during run-time for every OS and LV element are proposed. A drawback of this type of storing approach is that it requires additional memory for type storing and additional computational power for the type checks.…”

Section: Related Workmentioning

confidence: 99%

Countering type confusion and buffer overflow attacks on Java smart cards by data type sensitive obfuscation

Lackner

Berlach

Weiß

et al. 2014

Proceedings of the First Workshop on Cryptography and Security in Computing Systems

Self Cite

View full text Add to dashboard Cite

Java enabled smart cards protect security-related code and data by a sandbox concept. Unfortunately, this sandbox can be bypassed by fault attacks. Therefore, there is a substantial need for transparent, effective, and low-overhead countermeasures. This work demonstrates a new countermeasure against type confusion and buffer overflow attacks. This new countermeasure is based on obfuscating the security critical calculation parts of a virtual machine by secret keys. This countermeasure was integrated into a Java Card virtual machine running on a smart card prototype. New hardware features were added to this prototype to accelerate the obfuscating operation. The execution time overhead of the new countermeasure is demonstrated by performing run-time measurements on the prototype.

show abstract

Section: Related Workmentioning

confidence: 99%

Countering type confusion and buffer overflow attacks on Java smart cards by data type sensitive obfuscation

Lackner

Berlach

Weiß

et al. 2014

Proceedings of the First Workshop on Cryptography and Security in Computing Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, run-time rather than static approaches have also been proposed to achieve similar advantages in the context of bytecode execution on Java smart cards. Lackner et al proposed to adapt the virtual machine (VM) that interprets the bytecode to inject the necessary redundancy in the executed code [27,28]. By duplicating code at run time, they achieve the same goal of providing protection without interfering with the software development cycle.…”

Section: Related Workmentioning

confidence: 99%

Link-time smart card code hardening

Keulenaer

Maebe

Bosschere

et al. 2015

Int. J. Inf. Secur.

View full text Add to dashboard Cite

This paper presents a feasibility study to protect smart card software against fault-injection attacks by means of link-time code rewriting. This approach avoids the drawbacks of source code hardening, avoids the need for manual assembly writing, and is applicable in conjunction with closed third-party compilers. We implemented a range of cookbook code hardening recipes in a prototype link-time rewriter and evaluate their coverage and associated overhead to conclude that this approach is promising. We demonstrate that the overhead of using an automated link-time approach is not significantly higher than what can be obtained with compile-time hardening or with manual hardening of compiler-generated assembly code.

show abstract

“…Calls to setState(), added to the source code, instruct the virtual machine to check the integrity of the control flow by comparing the current state with the allowed ones according to the automaton. The virtual machine can also check the validity of the bytecode address to avoid the execution of any bytecode stored outside the applet currently being executed [20]. However, a small jump inside the allowed bytecode, for example inside a function, would not be detected and might have serious consequences for security.…”

Section: Code Securing and Control Flow Securingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…Fault detection is generally based on spatial, temporal or information redundancy at hardware or software level. In java card enabled smart cards, software components of the virtual machine can perform security checks [18,20,10].In practice, developers of security-critical applications often manually add countermeasures into an application code. This operation requires knowledge about the target code vulnerabilities.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Lalande

Heydemann

Berthomé

2014

Computer Security - ESORICS 2014

View full text Add to dashboard Cite

Abstract. Fault attacks can target smart card programs in order to disrupt an execution and gain an advantage over the data or the embedded functionalities. Among all possible attacks, control flow attacks aim at disrupting the normal execution flow. Identifying harmful control flow attacks as well as designing countermeasures at software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful intra-procedural jump attacks at source code level and to automatically inject formally-proven countermeasures. The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond. Experiments show that the resulting code is also hardened against unexpected function calls and jump attacks at assembly level.Keywords: control flow integrity, fault attacks, smart card, source level IntroductionSmart cards or more generally secure elements are essential building blocks for many security-critical applications. They are used for securing host applications and sensitive data such as cryptographic keys, biometric data, pin counters, etc. Malicious users aim to get access to these secrets by performing attacks on the secure elements. Fault attacks consists in disrupting the circuit's behavior by using a laser beam or applying voltage, clock or electromagnetic glitches [5,6,24]. Their goal is to alter the correct progress of the algorithm and, by analyzing the deviation of the corrupted behavior with respect to the original one, to retrieve the secret information [14]. For java card, fault attacks target particular components of the virtual machine [3,4,9].Many protections have therefore been proposed to counteract attacks. Fault detection is generally based on spatial, temporal or information redundancy at hardware or software level. In java card enabled smart cards, software components of the virtual machine can perform security checks [18,20,10].In practice, developers of security-critical applications often manually add countermeasures into an application code. This operation requires knowledge about the target code vulnerabilities. Both these tasks are time-consuming with direct impact on the certification of the product. One harmful consequence of fault attacks is control flow disruption which may bypass some implemented countermeasures. It is difficult for programmers to investigate all possible control flow disruption in order to detect sensitive parts of the code and then investigate how to add countermeasures inside these sensitive parts. Moreover, secure smart cards have strong security requirements that have to be certified by an independent qualified entity before being placed on the market. Certification can rely on a review of source code and the implemented software countermeasures. The effectiveness of software security countermeasures is then guaranteed by the use of a certified compiler [21]. Injecting control flow integrity checks at compile time would require to certify the modified compiler. To avoid this diff...

show abstract

A Defensive Virtual Machine Layer to Counteract Fault Attacks on Java Cards

Cited by 4 publications

References 20 publications

Countering type confusion and buffer overflow attacks on Java smart cards by data type sensitive obfuscation

Countering type confusion and buffer overflow attacks on Java smart cards by data type sensitive obfuscation

Link-time smart card code hardening

Software Countermeasures for Control Flow Integrity of Smart Card C Codes

Contact Info

Product

Resources

About