Embedded Eavesdropping on Java Card

Abstract : In this article we present the first Combined Attack on a Java Card targeting the APDU buffer itself, thus threatening both the security of the platform and of the hosted applications as well as the privacy of the cardholder. We show that such an attack, which combines malicious application and fault injection, is achievable in practice on the latest release of the Java Card specifications by presenting several case studies taking advantage for instance of the well-known GlobalPlatform and (U)SIM Application ToolKit.
Document type :
Conference papers
Dimitris Gritzalis ; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.37-48, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_4〉
Liste complète des métadonnées

Cited literature [21 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-00706186
Contributor : Guillaume Barbu <>
Submitted on : Saturday, June 9, 2012 - 10:54:16 AM
Last modification on : Thursday, May 4, 2017 - 3:17:20 PM
Document(s) archivé(s) le : Monday, September 10, 2012 - 2:40:08 AM

File

main.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Guillaume Barbu, Christophe Giraud, Vincent Guerin. Embedded Eavesdropping on Java Card. Dimitris Gritzalis ; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.37-48, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_4〉. 〈hal-00706186〉

Share

Metrics

Record views

209

Document downloads

724