论文信息 - Analysis Vulnerabilities in Smart Card Web Server

Analysis Vulnerabilities in Smart Card Web Server

Since its beginning, smart cards have involved. They are used nowaday by million of users and provide more opportunities. You can integrate it a web server. Java Card 2.2 smart card Web Server does not support the TCP/IP protocol, a new communication protocol has been created between the card and the mobile : the BIP protocol (Bearer Independent protocol). This protocol managed the security of the communication, it should be flawless. To verify protocol security, we use fuzzing technic. Work on the fuzzing shown that many security flaws on application or protocol may be discovered when invalid data is injected. We use this method in black box with an accurate analysis on the BIP protocol to test its vulnerability to attacks. We will see its implementation have some differences with the specification.

Jean-Louis Lanet | Julien Iguchi-Cartigny | Matthieu Barreaud

[1] Salimeh Behnia. Test de modèles formels en B : cadre théorique et critères de couverture , 2000 .

[2] Lionel Van Aertryck. Une methode et un outil pour l'aide a la generation de jeux de tests de logiciels , 1998 .

[3] Jeremy Dick,et al. Automating the Generation and Sequencing of Test Cases from Model-Based Specifications , 1993, FME.

[4] Zachary N. J. Peterson,et al. Analysis of Mutation and Generation-Based Fuzzing , 2007 .

[5] Jared D. DeMott,et al. Fuzzing for Software Security Testing and Quality Assurance , 2008 .