论文信息 - Developing a Trojan applets in a smart card

Developing a Trojan applets in a smart card

This paper presents a method to inject a mutable Java Card applet into a smart card. This code can on demand parse the memory in order to search for a given pattern and eliminate it. One of these key features is to bypass security checks or retrieve secret data from other applets. We evaluate the countermeasures against this attack and we show how some of them can be circumvented and we propose to combine this attack with others already known.

Jean-Louis Lanet | Julien Iguchi-Cartigny | Jean-Louis Lanet | Julien Iguchi-Cartigny

[1] Konstantin Hyppönen,et al. An Open Mobile Identity Tool: An Architecture for Mobile Identity Management , 2008, EuroPKI.

[2] Jean-Louis Lanet,et al. New security issues raised by open cards , 1999, Inf. Secur. Tech. Rep..

[3] Jean-Sébastien Coron,et al. Use of Cryptographic Codes for Bytecode Verification in Smart Card Environment , 2005 .

[4] David Naccache,et al. The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[5] Olli Vertanen,et al. Java Type Confusion and Fault Attacks , 2006, FDTC.

[6] Jean-Louis Lanet,et al. Report highlights: New security issues raised by open cards , 1999 .

[7] Erik Poll,et al. Malicious Code on Java Card Smartcards: Attacks and Countermeasures , 2008, CARDIS.

[8] Markus G. Kuhn,et al. Tamper resistance: a cautionary note , 1996 .