Skip to Main content Skip to Navigation
Journal articles

The ultimate control flow transfer in a Java based smart card

Abstract : Recently, researchers published several attacks on smart cards. Among these, software attacks are the most affordable, they do not require specific hardware (laser, EM probe, etc.). Such attacks succeed to modify a sensitive system element which offers access to the smart card assets. To prevent that, smart card manufacturers embed dedicated countermeasures that aim to protect the sensitive system elements. We present a generic approach based on a Control Flow Transfer (CFT) attack to modify the Java Card program counter. This attack is built on a type confusion using the couple of instructions jsr/ret. Evaluated on different Java Cards, this new attack is a generic CFT exploitation that succeeds on each attacked cards. We present several countermeasures proposed by the literature or implemented by smart card designers and for all of them we explain how to bypass them. Then, we propose to use Attack Countermeasure Tree to develop an effective and affordable countermeasure for this attack.
Complete list of metadata

Cited literature [21 references]  Display  Hide  Download

https://hal.inria.fr/hal-01211370
Contributor : Jean-Louis Lanet <>
Submitted on : Monday, October 5, 2015 - 8:45:08 AM
Last modification on : Friday, February 26, 2021 - 4:08:04 PM
Long-term archiving on: : Wednesday, January 6, 2016 - 10:27:07 AM

File

15-CompSecu.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Guillaume Bouffard, Jean-Louis Lanet. The ultimate control flow transfer in a Java based smart card. Computers and Security, Elsevier, 2015, 50, pp.33-46. ⟨10.1016/j.cose.2015.01.004⟩. ⟨hal-01211370⟩

Share

Metrics

Record views

569

Files downloads

668