Beyond Cryptanalysis is Software Security the Next Threat for Smart Cards

Jean-Louis Lanet 1, *
* Auteur correspondant
1 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Smart cards have been considered for a long time as a secure container for storing secret data and executing programs that manipulate them without leaking any information. In the last decade, a new form of attack that uses the hardware has been intensively studied. We have proposed in the past to pay attention also to easier attacks that use only software. We demonstrated through several proof of concepts that such an approach should be a threat under some hypotheses. We have been able to execute self-modifying code, return address programming and so on. More recently we have been able to retrieve secret keys belonging to another application. Then all the already published attacks should have been a threat but the industry increased the counter measures to mitigate for each of the published attack. In such a sensitive domain, we always submit the attacks to the industrial partners but also national agencies before publishing any attack. Within such an approach, they have been able to patch their system before any vulnerabilities should be exploited.
Type de document :
Communication dans un congrès
Said El Hajji ; Abderrahmane Nitaj ; Claude Carlet; El Mamoun Souidi C2SI 2015 - First International Conference Codes, Cryptology, and Information Security, May 2015, Rabat, Morocco. Springer, Volume 9084 of the series Lecture Notes in Computer Science, pp.74-82, Codes, Cryptology, and Information Security. 〈10.1007/978-3-319-18681-8_6〉
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01250585
Contributeur : Jean-Louis Lanet <>
Soumis le : mardi 5 janvier 2016 - 08:29:27
Dernière modification le : mercredi 16 mai 2018 - 11:24:11
Document(s) archivé(s) le : jeudi 7 avril 2016 - 14:56:37

Fichier

InvitedTalk.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Jean-Louis Lanet. Beyond Cryptanalysis is Software Security the Next Threat for Smart Cards. Said El Hajji ; Abderrahmane Nitaj ; Claude Carlet; El Mamoun Souidi C2SI 2015 - First International Conference Codes, Cryptology, and Information Security, May 2015, Rabat, Morocco. Springer, Volume 9084 of the series Lecture Notes in Computer Science, pp.74-82, Codes, Cryptology, and Information Security. 〈10.1007/978-3-319-18681-8_6〉. 〈hal-01250585〉

Partager

Métriques

Consultations de la notice

290

Téléchargements de fichiers

101