Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Journal articles

Trust Can be Misplaced

Abstract : Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the non volatile memory (NVM) area. Most of the researches try to obtain them through side channel attacks or fault attacks. Such cryptographic objects are stored into secure containers. We demonstrate in this paper how one can use some characteristics of the Java Card platform to gain access to these assets. Such a smart card embeds a firewall that provides isolation between applets from different clients (using the notion of security contexts). We exploit the client/server architecture of the intra platform communication to lure a client application to execute within its security context, a hostile code written and called from another security context: the server security context. This attack shows the possibility for a trusted application to execute within its security context some hostile code uploaded previously by the server.
Complete list of metadata

https://hal.inria.fr/hal-01405463
Contributor : Jean-Louis Lanet Connect in order to contact the contributor
Submitted on : Wednesday, November 30, 2016 - 8:45:16 AM
Last modification on : Saturday, June 25, 2022 - 8:30:01 PM

Identifiers

Citation

Noreddine Janati, Guillaume Bouffard, Jean-Louis Lanet, Said Elhajji. Trust Can be Misplaced. Journal of Cryptographic Engineering, Springer, 2016, ⟨10.1007/s13389-016-0142-5⟩. ⟨hal-01405463⟩

Share

Metrics

Record views

189