Attacks on Java Card 3.0 Combining Fault and Logical Attacks

Java Cards have been threatened so far by attacks using ill-formed applications which assume that the application bytecode is not verified. This assumption remained realistic as long as the bytecode verifier was commonly executed off-card and could thus be bypassed. Nevertheless it can no longer be applied to the Java Card 3 Connected Edition context where the bytecode verification is necessarily performed on-card. Therefore Java Card 3 Connected Edition seems to be immune against this kind of attacks. In this paper, we demonstrate that running ill-formed application does not necessarily mean loading and installing ill-formed application. For that purpose, we introduce a brand new kind of attack which combines fault injection and logical tampering. By these means, we describe two case studies taking place in the new Java Card 3 context. The first one shows how ill-formed applications can still be introduced and executed despite the on-card bytecode verifier. The second example leads to the modification of any method already installed on the card into any malicious bytecode. Finally we successfully mount these attacks on a recent device, emphasizing the necessity of taking into account these new threats when implementing Java Card 3 features.

[1]  Matt Brown,et al.  Invited talk , 2007 .

[2]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[3]  Marc F. Witteman,et al.  Reverse Engineering Java Card Applets Using Power Analysis , 2007, WISTP.

[4]  Christophe Giraud,et al.  A Survey on Fault Attacks , 2004, CARDIS.

[5]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[6]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[7]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[8]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[9]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[10]  Jean-Sébastien Coron,et al.  Use of Cryptographic Codes for Bytecode Verification in Smart Card Environment , 2005 .

[11]  Andrew W. Appel,et al.  Using memory errors to attack a virtual machine , 2003, 2003 Symposium on Security and Privacy, 2003..

[12]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[13]  Erik Poll,et al.  Malicious Code on Java Card Smartcards: Attacks and Countermeasures , 2008, CARDIS.

[14]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[15]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[16]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[17]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.