Chronicle of a Java Card Death

Farhadi Mozhdeh 1 Jean-Louis Lanet 2
2 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Various attacks are designed to gain access to the assets of Java Card Platforms. These attacks use software, hardware or a combination of both. Manufacturers have improved their countermeasures to protect card as- sets from these attacks. In this paper, we attempt to gain access to assets of a recent Java Card Platform by combining various logical attacks. As we did not have any information about the internal structure of the targeted platform, we had to execute various attacks and analyze the results. Our investigation on the targeted Java Card Platform lead us to introduce two generic methods to gain access to the assets of Java Card Platforms. One of the new methods we present in this paper is based on the misuse of the Java Card API to build a type confusion and get access to the objects (including cryptographic keys) of a Java Card applet. The other method is a new approach to get access to the return address of the methods in Java Cards with Separate Stack counter- measure. We also propose a pattern that the targeted platform uses to store data and code of applets on the card plus the ability to read and write in the data and code area of the applets in dierent security contexts. These new attacks occur even in the presence of countermeasures such as Separate Stack for kernel and user data, indirect mapping for objects addressing and rewall mechanisms.
Type de document :
Article dans une revue
Journal of Computer Virology and Hacking Techniques, Springer, 2016, 〈10.1007/s11416-016-0276-0 〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01385197
Contributeur : Jean-Louis Lanet <>
Soumis le : vendredi 21 octobre 2016 - 07:56:38
Dernière modification le : mercredi 16 mai 2018 - 11:24:11

Identifiants

Citation

Farhadi Mozhdeh, Jean-Louis Lanet. Chronicle of a Java Card Death. Journal of Computer Virology and Hacking Techniques, Springer, 2016, 〈10.1007/s11416-016-0276-0 〉. 〈hal-01385197〉

Partager

Métriques

Consultations de la notice

362