A Dynamic Syntax Interpretation for Java Based Smart Card to Mitigate Logical Attacks

Off late security problems related to smart cards have seen a significant rise and the risks of the attack are of deep concern for the industries. In this context, smart card industries try to overcome the anomaly by implementing various countermeasures. In this paper we discuss and present a powerful attack based on the vulnerability of the linker which could change the correct byte code into malicious one. During the attack, the linker interprets the instructions as tokens and are able to resolve them. Later we propose a countermeasure which scrambles the instructions of the method byte code with the Java Card Program Counter (jpc). Without the knowledge of jpc used to decrypt the byte code, an attacker cannot execute any malicious byte code. By this way we propose security interoperability for different Java Card platforms.

[1]  Guillaume Barbu,et al.  On the security of Java Card platforms against hardware attacks. (De la sécurité des plateformes Java Card face aux attaques matérielles) , 2012 .

[2]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[3]  École Doctorale,et al.  UNIVERSITÉ DE VERSAILLES SAINT-QUENTIN EN YVELINES , 2014 .

[4]  E. Poll,et al.  Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours , 2004 .

[5]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[6]  Guillaume Barbu,et al.  Attacks on Java Card 3.0 Combining Fault and Logical Attacks , 2010, CARDIS.

[7]  Christophe Clavier,et al.  De la sécurité physique des crypto-systèmes embarqués. (On physical security of embedded systems) , 2007 .

[8]  Sowmyanarayanan Sadagopan,et al.  WWW: service provider , 2002, UBIQ.

[9]  Marc F. Witteman,et al.  Reverse Engineering Java Card Applets Using Power Analysis , 2007, WISTP.

[10]  Steve Petri An Introduction to Smart Cards , 2004 .

[11]  Jean-Louis Lanet,et al.  Developing a Trojan applets in a smart card , 2010, Journal in Computer Virology.

[12]  Jean-Louis Lanet,et al.  Evaluation of the Ability to Transform SIM Applications into Hostile Applications , 2011, CARDIS.

[13]  Jean-Louis Lanet,et al.  Combined Software and Hardware Attacks on the Java Card Control Flow , 2011, CARDIS.

[14]  Keith Mayes An Introduction to Smart Cards , 2008 .