Embedded Eavesdropping on Java Card

Abstract : In this article we present the first Combined Attack on a Java Card targeting the APDU buffer itself, thus threatening both the security of the platform and of the hosted applications as well as the privacy of the cardholder. We show that such an attack, which combines malicious application and fault injection, is achievable in practice on the latest release of the Java Card specifications by presenting several case studies taking advantage for instance of the well-known GlobalPlatform and (U)SIM Application ToolKit.
Complete list of metadatas

Cited literature [21 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-00706186
Contributor : Guillaume Barbu <>
Submitted on : Saturday, June 9, 2012 - 10:54:16 AM
Last modification on : Thursday, October 17, 2019 - 12:36:06 PM
Long-term archiving on : Monday, September 10, 2012 - 2:40:08 AM

File

main.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Guillaume Barbu, Christophe Giraud, Vincent Guerin. Embedded Eavesdropping on Java Card. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Greece. pp.37-48, ⟨10.1007/978-3-642-30436-1_4⟩. ⟨hal-00706186⟩

Share

Metrics

Record views

307

Files downloads

2021