论文信息 - Beyond Cryptanalysis Is Software Security the Next Threat for Smart Cards

Beyond Cryptanalysis Is Software Security the Next Threat for Smart Cards

Smart cards have been considered for a long time as a secure container for storing secret data and executing programs that manipulate them without leaking any information. In the last decade, a new form of attack that uses the hardware has been intensively studied. We have proposed in the past to pay attention also to easier attacks that use only software. We demonstrated through several proof of concepts that such an approach should be a threat under some hypotheses. We have been able to execute self-modifying code, return address programming and so on. More recently we have been able to retrieve secret keys belonging to another application. Then all the already published attacks should have been a threat but the industry increased the counter measures to mitigate for each of the published attack. In such a sensitive domain, we always submit the attacks to the industrial partners but also national agencies before publishing any attack. Within such an approach, they have been able to patch their system before any vulnerabilities should be exploited.

Jean-Louis Lanet | Jean-Louis Lanet

[1] Ludger Hemme,et al. A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[2] Jean-Louis Lanet,et al. A Friendly Framework for Hidding fault enabled virus for Java Based Smartcard , 2012, DBSec.

[3] Emilie Faugeron,et al. Manipulating the Frame Information with an Underflow Attack , 2013, CARDIS.

[4] Wieland Fischer,et al. Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[5] Jean-Louis Lanet,et al. Reversing the operating system of a Java based smart card , 2014, Journal of Computer Virology and Hacking Techniques.

[6] Jean-Jacques Quisquater,et al. A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[7] Jean-Louis Lanet,et al. Developing a Trojan applets in a smart card , 2010, Journal in Computer Virology.

[8] Jean-Louis Lanet,et al. Combined Software and Hardware Attacks on the Java Card Control Flow , 2011, CARDIS.

[9] D. B. Davis,et al. Sun Microsystems Inc. , 1993 .

[10] E. Poll,et al. Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours , 2004 .

[11] Jean-Louis Lanet,et al. Subverting Byte Code Linker service to characterize Java Card API , 2012 .

[12] Ecole Doctorale,et al. A Generic Approach for Protecting Java Card™ Smart Card Against Software Attacks , 2014 .