New security problems raised by open multiapplication smart cards RR-1332-04

Till recently it was impossible to have more than one single application running on a smart card. Multiapplication cards, and especially Java Cards, now make it possible to have several applications sharing the same physical piece of plastic. This raises new security problems by creating additional ways to attack a card. These problems are the topic of this paper. The attacks will be described for multiapplication cards in general and illustrated by means of code samples for Java Cards.

[1]  Xavier Leroy,et al.  Bytecode verification on Java smart cards , 2002 .

[2]  Pierre Girard Which Security Policy for Multiplication Smart Cards? , 1999, Smartcard.

[3]  George S. Taylor,et al.  Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[4]  James A. Muir,et al.  Techniques of Side Channel Cryptanalysis , 2001 .

[5]  Jean-Louis Lanet,et al.  Java Card or How to Cope with the New Security Issues Raised by Open Cards , 1999 .

[6]  Xavier Leroy On-Card Bytecode Verification for Java Card , 2001, E-smart.

[7]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[8]  Gilles Barthe,et al.  A Formal Correspondence between Offensive and Defensive JavaCard Virtual Machines , 2002, VMCAI.

[9]  Serge CHAUMETTE,et al.  JCAT : An environment for attack and test on Java Card , 2003 .

[10]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[11]  Eva Rose,et al.  Lightweight Bytecode Verification , 2004, Journal of Automated Reasoning.

[12]  Lilian Burdy,et al.  Formal development of an embedded verifier for Java Card byte code , 2002, Proceedings International Conference on Dependable Systems and Networks.

[13]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[14]  Christophe Giraud,et al.  A Survey on Fault Attacks , 2004, CARDIS.

[15]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[16]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[17]  Jean-Louis Lanet,et al.  Checking Secure Interactions of Smart Card Applets: Extended Version , 2002, J. Comput. Secur..

[18]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[19]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[20]  Ksheerabdhi Krishna,et al.  Secure object sharing in java card , 1999 .

[21]  Jean-Louis Lanet,et al.  New security issues raised by open cards , 1999, Inf. Secur. Tech. Rep..

[22]  Jean-Jacques Quisquater,et al.  Automatic Code Recognition for Smartcards Using a Kohonen Neural Network , 2002, CARDIS.

[23]  Gilles Grimaud,et al.  Proceedings of the 2nd Workshop on Industrial Experiences with Systems Software Building an "impossible" Verifier on a Java Card , 2022 .

[24]  Jean-Sébastien Coron,et al.  Statistics and secret leakage , 2000, TECS.

[25]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[26]  George S. Taylor,et al.  Security Evaluation of Asynchronous Circuits , 2003, CHES.

[27]  Axel Schairer,et al.  Verification of a Formal Security Model for Multiapplicative Smart Cards , 2000, ESORICS.