The ultimate control flow transfer in a Java based smart card

Abstract : Recently, researchers published several attacks on smart cards. Among these, software attacks are the most affordable, they do not require specific hardware (laser, EM probe, etc.). Such attacks succeed to modify a sensitive system element which offers access to the smart card assets. To prevent that, smart card manufacturers embed dedicated countermeasures that aim to protect the sensitive system elements. We present a generic approach based on a Control Flow Transfer (CFT) attack to modify the Java Card program counter. This attack is built on a type confusion using the couple of instructions jsr/ret. Evaluated on different Java Cards, this new attack is a generic CFT exploitation that succeeds on each attacked cards. We present several countermeasures proposed by the literature or implemented by smart card designers and for all of them we explain how to bypass them. Then, we propose to use Attack Countermeasure Tree to develop an effective and affordable countermeasure for this attack.
Type de document :
Article dans une revue
Computers and Security, Elsevier, 2015, 50, pp.33-46. 〈10.1016/j.cose.2015.01.004〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger
Contributeur : Jean-Louis Lanet <>
Soumis le : lundi 5 octobre 2015 - 08:45:08
Dernière modification le : mercredi 11 avril 2018 - 02:00:47
Document(s) archivé(s) le : mercredi 6 janvier 2016 - 10:27:07


Fichiers produits par l'(les) auteur(s)




Guillaume Bouffard, Jean-Louis Lanet. The ultimate control flow transfer in a Java based smart card. Computers and Security, Elsevier, 2015, 50, pp.33-46. 〈10.1016/j.cose.2015.01.004〉. 〈hal-01211370〉



Consultations de la notice


Téléchargements de fichiers