The ultimate control flow transfer in a Java based smart card

Abstract : Recently, researchers published several attacks on smart cards. Among these, software attacks are the most affordable, they do not require specific hardware (laser, EM probe, etc.). Such attacks succeed to modify a sensitive system element which offers access to the smart card assets. To prevent that, smart card manufacturers embed dedicated countermeasures that aim to protect the sensitive system elements. We present a generic approach based on a Control Flow Transfer (CFT) attack to modify the Java Card program counter. This attack is built on a type confusion using the couple of instructions jsr/ret. Evaluated on different Java Cards, this new attack is a generic CFT exploitation that succeeds on each attacked cards. We present several countermeasures proposed by the literature or implemented by smart card designers and for all of them we explain how to bypass them. Then, we propose to use Attack Countermeasure Tree to develop an effective and affordable countermeasure for this attack.
Type de document :
Article dans une revue
Computers and Security, Elsevier, 2015, 50, pp.33-46. 〈10.1016/j.cose.2015.01.004〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01211370
Contributeur : Jean-Louis Lanet <>
Soumis le : lundi 5 octobre 2015 - 08:45:08
Dernière modification le : jeudi 11 janvier 2018 - 06:26:29
Document(s) archivé(s) le : mercredi 6 janvier 2016 - 10:27:07

Fichier

15-CompSecu.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Guillaume Bouffard, Jean-Louis Lanet. The ultimate control flow transfer in a Java based smart card. Computers and Security, Elsevier, 2015, 50, pp.33-46. 〈10.1016/j.cose.2015.01.004〉. 〈hal-01211370〉

Partager

Métriques

Consultations de la notice

252

Téléchargements de fichiers

147