A Friendly Framework for Hidding fault enabled virus for Java Based Smartcard

Razafindralambo, Tiana; Bouffard, Guillaume; Lanet, Jean‐Louis

doi:10.1007/978-3-642-31540-4_10

Cited by 13 publications

(10 citation statements)

References 9 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As seen in the previous section, an applet that contains unchecked piece of code can be installed into the card and modified by an external fault injection (Razafindralambo et al, 2012). To succeed our attack on a Java Card smart cards with an embedded BCV, we installed an applet with the code shown in the Listing 10.…”

Section: Enabling Virus Inside the Cardmentioning

confidence: 98%

The ultimate control flow transfer in a Java based smart card

Bouffard

Lanet

2015

Computers & Security

Self Cite

View full text Add to dashboard Cite

International audienceRecently, researchers published several attacks on smart cards. Among these, software attacks are the most affordable, they do not require specific hardware (laser, EM probe, etc.). Such attacks succeed to modify a sensitive system element which offers access to the smart card assets. To prevent that, smart card manufacturers embed dedicated countermeasures that aim to protect the sensitive system elements. We present a generic approach based on a Control Flow Transfer (CFT) attack to modify the Java Card program counter. This attack is built on a type confusion using the couple of instructions jsr/ret. Evaluated on different Java Cards, this new attack is a generic CFT exploitation that succeeds on each attacked cards. We present several countermeasures proposed by the literature or implemented by smart card designers and for all of them we explain how to bypass them. Then, we propose to use Attack Countermeasure Tree to develop an effective and affordable countermeasure for this attack

show abstract

Section: Enabling Virus Inside the Cardmentioning

confidence: 98%

The ultimate control flow transfer in a Java based smart card

Bouffard

Lanet

2015

Computers & Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [6], Bouffard et al described how to change the execution flow of an application after loading it into a Java Card. Recently, Razafindralambo et al [20] introduced a combined attack based on fault enabled viruses. Such a virus is activated by hitting with a laser beam, at a precise location in the memory, where the instruction of a program (virus) is stored.…”

Section: Fooling the Control Flow Graphmentioning

confidence: 99%

Heap $$\ldots $$ Hop! Heap Is Also Vulnerable

Bouffard

Lackner

Lanet

et al. 2015

Smart Card Research and Advanced Applications

Self Cite

View full text Add to dashboard Cite

Several logical attacks against Java based smart card have been published recently. Most of them are based on the hypothesis that the type verification was not performed, thus allowing to obtain dynamically a type confusion. To mitigate such attacks, typed stack have been introduced on recent smart card. We propose here a new attack path for performing a type confusion even in presence of a typed stack. Then we propose using a Fault Tree Analysis a way to design efficiently counter measure in a top down approach. These counter measures are then evaluated on a Java Card virtual machine

show abstract

“…In [6], Bouffard et al described how to change the execution flow of an application after loading it into a Java Card. Recently, Razafindralambo et al [17] introduced a combined attack based on fault enabled viruses. Such a virus is activated by hitting with a laser beam, at a precise location in the memory, where the instruction of a program (virus) is stored.…”

Section: State Of the Art Of Attacks Against Java Cardsmentioning

confidence: 99%

“…As they know all the addresses of each method of the API, they could replace instructions of any method. In [17], they abuse the on board linker in such a way that the application is only made of tokens to be resolved by the linker. Knowing the mapping between addresses to tokens thanks to the previous attack, they have been able to use the linker to generate itself the shell code to be executed.…”

Section: State Of the Art Of Attacks Against Java Cardsmentioning

confidence: 99%

Countermeasures Mitigation for Designing Rich Shell Code in Java Card

Idrissi

Hajji²,

Lanet³

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Recently, logical attacks have been published that target Java based smart card. They use dynamically a type confusion which is possible if type verification is not performed. Countermeasures have been introduced on recent smart card to avoid executing rich shell code and in particular dynamic bound checking of the code segment. We propose here a new attack path for performing a type confusion that leads to a Java based self modifying code. Then, we propose to improve the previous counter measure to mitigate this new attack.

show abstract

A Friendly Framework for Hidding fault enabled virus for Java Based Smartcard

Cited by 13 publications

References 9 publications

The ultimate control flow transfer in a Java based smart card

The ultimate control flow transfer in a Java based smart card

Heap $$\ldots $$ Hop! Heap Is Also Vulnerable

Countermeasures Mitigation for Designing Rich Shell Code in Java Card

Contact Info

Product

Resources

About