Checking the Paths to Identify Mutant Application on Embedded Systems

The resistance of Java Card against attack is based on software and hardware countermeasures, and the ability of the Java platform to check the correct behaviour of Java code (by using bytecode verification for instance). Recently, the idea to combine logical attacks with a physical attack in order to bypass bytecode verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified on-card using laser beam. Such applications become mutant applications, with a different control flow from the original expected behaviour. This internal change could lead to bypass control and protection and thus offer illegal access to secret data and operation inside the chip. This paper presents an evaluation of the ability of an application to become mutant and a new countermeasure based on the runtime check of the application control flow to detect the deviant mutations....

[1]  Jean-Louis Lanet,et al.  Developing a Trojan applets in a smart card , 2010, Journal in Computer Virology.

[2]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[3]  Guillaume Barbu,et al.  Attacks on Java Card 3.0 Combining Fault and Logical Attacks , 2010, CARDIS.

[4]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[5]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[6]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[7]  Eric Vétillard,et al.  Combined Attacks and Countermeasures , 2010, CARDIS.

[8]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[9]  Jean-Louis Lanet,et al.  Automatic detection of fault attack and countermeasures , 2009, WESS '09.

[10]  David A. Wagner,et al.  Cryptanalysis of a provably secure CRT-RSA algorithm , 2004, CCS '04.

[11]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[12]  Ludger Hemme,et al.  A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[13]  Wayne Wolf,et al.  Proceedings of the 4th Workshop on Embedded Systems Security , 2009 .