论文信息 - Persistent fault injection attack from white-box to black-box

Persistent fault injection attack from white-box to black-box

Among the protection mechanisms that ensure the Java Card security, the Byte Code Verifier (BCV) is one of the most important security elements. In fact, embedded applets must be verified prior installation. This prevents ill-formed applet to be loaded. In this article, the behavior of the Oracle BCV towards some unchecked piece of codes is analyzed, and the way to bypass the BCV is highlighted. Then, we demonstrate how one can use this breach to access to the system data of a frame, and persistently activate any code. Using both a white-box approach and fault injection that can transform a well-formed code to an ill-formed one during runtime execution.

[1] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[2] Guillaume Barbu,et al. Attacks on Java Card 3.0 Combining Fault and Logical Attacks , 2010, CARDIS.

[3] Jean-Louis Lanet,et al. Combined Software and Hardware Attacks on the Java Card Control Flow , 2011, CARDIS.

[4] Jean-Louis Lanet,et al. The ultimate control flow transfer in a Java based smart card , 2015, Comput. Secur..

[5] Marc F. Witteman,et al. Reverse Engineering Java Card Applets Using Power Analysis , 2007, WISTP.

[6] Jean-Pierre Seifert,et al. A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[7] Jean-Louis Lanet,et al. The Hell Forgery - Self Modifying Codes Shoot Again , 2016, CARDIS.

[8] Ross J. Anderson,et al. Optical Fault Induction Attacks , 2002, CHES.

[9] Eric Vétillard,et al. Combined Attacks and Countermeasures , 2010, CARDIS.

[10] Jean-Louis Lanet,et al. Reverse engineering a Java Card memory management algorithm , 2017, Comput. Secur..

[11] Erik Poll,et al. Logical Attacks on Secured Containers of the Java Card Platform , 2016, CARDIS.

[12] David Naccache,et al. The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[13] Julien Lancia,et al. Java Card Virtual Machine Compromising from a Bytecode Verified Applet , 2015, CARDIS.