Skip to Main content Skip to Navigation
Conference papers

Attacks on Java Card 3.0 Combining Fault and Logical Attacks

Abstract : Java Cards have been threatened so far by attacks using ill-formed applications which assume that the application bytecode is not verified. This assumption remained realistic as long as the bytecode verifier was commonly executed off-card and could thus be bypassed. Nevertheless it can no longer be applied to the Java Card 3 Connected Edition context where the bytecode verification is necessarily performed on-card. Therefore Java Card 3 Connected Edition seems to be immune against this kind of attacks. In this paper, we demonstrate that running ill-formed application does not necessarily mean loading and installing ill-formed application. For that purpose, we introduce a brand new kind of attack which combines fault injection and logical tampering. By these means, we describe two case studies taking place in the new Java Card 3 context. The first one shows how ill-formed applications can still be introduced and executed despite the on-card bytecode verifier. The second example leads to the modification of any method already installed on the card into any malicious bytecode. Finally we successfully mount these attacks on a recent device, emphasizing the necessity of taking into account these new threats when implementing Java Card 3 features.
Document type :
Conference papers
Complete list of metadatas

Cited literature [18 references]  Display  Hide  Download
Contributor : Guillaume Barbu <>
Submitted on : Saturday, April 28, 2012 - 5:45:45 PM
Last modification on : Friday, July 31, 2020 - 10:44:07 AM
Long-term archiving on: : Sunday, July 29, 2012 - 2:35:36 AM


Files produced by the author(s)



Guillaume Barbu, Hugues Thiebeauld, Vincent Guerin. Attacks on Java Card 3.0 Combining Fault and Logical Attacks. Smart Card Research and Advanced Application. 9th IFIP WG 8.8/11.2 International Conference. CARDIS 2010, Apr 2010, Passau, Germany. pp.148-163, ⟨10.1007/978-3-642-12510-2_11⟩. ⟨hal-00692165⟩



Record views


Files downloads