On the security of Java Card platforms against hardware attacks. (De la sécurité des plateformes Java Card face aux attaques matérielles)

Smart cards play a key role in various applications we use on a daily basis: payment, mobile communication, public transports, etc. In this context, the Java Card technology has evolved since its introduction in the mid-nineties to become nowadays the world leading smart card platform. In the context of Java Card, researches on security have revealed that the possibility of loading malicious applications represents a real threat. In the meantime, the scientific community has also paid interest to the security of embedded cryptography, revealing that theoretically strong cryptosystems can be easily broken if their implementation does not take into account certain physical properties of the underlying hardware device. In particular, a part of the published attacks relies on the attacker's capacity to physically perturb the component during a cryptographic operation. These latter fault attacks have been rarely considered in the literature in the Java Card context. In this thesis, we study and evaluate the security of Java Cards against the combination of fault and software attacks in order to enhance it. First, we present various attack paths involving both hardware and software attacks and expose how these attacks allow to break various security mechanisms of Java Cards. In particular, our security analysis proves that the type-safety property, the control-flow integrity and the application isolation can be tampered with by the combination of adequate fault injections and malicious applications. Then, with regards to the goal of this thesis and the results of our security analysis, we present different approaches allowing to improve the resistance of Java Cards and Java Card applications against combined attacks. Thus we define several countermeasures against the attack we exposed as well as against some of the state-of-the-art attacks, always bearing in mind the strong constraints relative to smart cards.

[1]  Adi Shamir,et al.  Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies , 2000, CHES.

[2]  Jean-Sébastien Coron,et al.  Side Channel Cryptanalysis of a Higher Order Masking Scheme , 2007, CHES.

[3]  Z. Chen Java Card Technology for Smart Cards: Architecture and Programmer''s Guide. The Java Series. Addis , 2000 .

[4]  D. Kahn The codebreakers : the story of secret writing , 1968 .

[5]  K. O. Gadellaa An overview of the vulnerabilities of Java Card enabled Smart Cards against fault attacks , 2005 .

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[8]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[9]  Robert C. Seacord,et al.  The Cert Oracle Secure Coding Standard for Java , 2011 .

[10]  Damien Sauveron Etude et réalisation d'un environnement d'expérimentation et de modélisation pour la technologie Java Card : application à la sécurité , 2004 .

[11]  Christof Paar,et al.  Building a Side Channel Based Disassembler , 2010, Trans. Comput. Sci..

[12]  Serge Chaumette,et al.  An Efficient and Simple Way to Test the Security of Java CardsTM , 2005, WOSIS.

[13]  Denis Réal,et al.  Defeating Any Secret Cryptography with SCARE Attacks , 2010, LATINCRYPT.

[14]  Jean-Louis Lanet,et al.  The Next Smart Card Nightmare - Logical Attacks, Combined Attacks, Mutant Applications and Other Funny Things , 2012, Cryptography and Security.

[15]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.

[16]  Peter Wright,et al.  Spy Catcher : The Candid Autobiography of a Senior Intelligence Officer , 1987 .

[17]  Jean-Sébastien Coron,et al.  Use of Cryptographic Codes for Bytecode Verification in Smart Card Environment , 2005 .

[18]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[19]  Christophe Giraud,et al.  A Survey on Fault Attacks , 2004, CARDIS.

[20]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[21]  Marc Frappier,et al.  Automatic Generation of Vulnerability Tests for the Java Card Byte Code Verifier , 2011, 2011 Conference on Network and Information Systems Security.

[22]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[23]  Denis Caromel,et al.  Reflections on MOPs, Components, and Java Security , 2001, ECOOP.

[24]  Andrew W. Appel,et al.  Using memory errors to attack a virtual machine , 2003, 2003 Symposium on Security and Privacy, 2003..

[25]  Jean-Louis Lanet,et al.  Automatic detection of fault attack and countermeasures , 2009, WESS '09.

[26]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[27]  Benoit Feix,et al.  Power Analysis for Secret Recovering and Reverse Engineering of Public Key Algorithms , 2007, Selected Areas in Cryptography.

[28]  Olli Vertanen,et al.  Java Type Confusion and Fault Attacks , 2006, FDTC.

[29]  Moti Yung,et al.  Observability Analysis - Detecting When Improved Cryptosystems Fail , 2002, CT-RSA.

[30]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[31]  Lucille A. Giannuzzi,et al.  Introduction to focused ion beams : instrumentation, theory, techniques, and practice , 2010 .

[32]  Norman Thomson 3 – Case Study , 2002 .

[33]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[34]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[35]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[36]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[37]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[38]  Jean-Louis Lanet,et al.  Combined Software and Hardware Attacks on the Java Card Control Flow , 2011, CARDIS.

[39]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[40]  Wilfrido Alejandro Moreno,et al.  Validating fault tolerant designs using laser fault injection (LFI) , 1997, 1997 IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems.

[41]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[42]  Andrew Calafato,et al.  An analysis of the vulnerabilities introduced with Java Card 3 Connected Edition , 2013 .

[43]  Guillaume Barbu,et al.  Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures , 2011, CARDIS.

[44]  S. Besen THE EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE: A PRELIMINARY ANALYSIS , 1990 .

[45]  Mark D. Ladue WHEN JAVA WAS ONE: THREATS FROM HOSTILE BYTE CODE , 1997 .

[46]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[47]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[48]  Jean-Louis Lanet,et al.  Evaluation of Countermeasures Against Fault Attacks on Smart Cards , 2011 .

[49]  Dennis Vermoen MSc THESIS Reverse engineering of Java Card applets using power analysis , 2006 .

[50]  R. Soref,et al.  Electrooptical effects in silicon , 1987 .

[51]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[52]  Gilles Barthe,et al.  A Tool-Assisted Framework for Certified Bytecode Verification , 2004, FASE.

[53]  Eric Vétillard,et al.  Combined Attacks and Countermeasures , 2010, CARDIS.

[54]  Sylvain Guilley,et al.  Electromagnetic Radiations of FPGAs: High Spatial Resolution Cartography and Attack on a Cryptographic Module , 2009, TRETS.

[55]  Scott Oaks,et al.  Java Security , 1998 .

[56]  Dahlia Malkhi,et al.  Hold Your Sessions: an Attack on Java Servlet Session-id Generation , 2005 .

[57]  David Naccache,et al.  Applet Verification Strategiesfor RAM-Constrained Devices , 2002, ICISC.

[58]  Guillaume Barbu,et al.  Embedded Eavesdropping on Java Card , 2012, SEC.

[59]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[60]  M Handley,et al.  RFC 4732: Internet Denial-of-Service Considerations , 2006 .

[61]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[62]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[63]  Jean-Louis Lanet,et al.  Fuzzing on the HTTP protocol implementation in mobile embedded web server , 2011 .

[64]  Henk L. Muller,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001, Lecture Notes in Computer Science.

[65]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[66]  Wolfgang Rankl,et al.  Smart Card Handbook , 1997 .

[67]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[68]  Valtteri Niemi,et al.  Man-in-the-Middle in Tunnelled Authentication Protocols , 2003, Security Protocols Workshop.

[69]  Marc Joye,et al.  Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[70]  Jean-Louis Lanet,et al.  Checking the Paths to Identify Mutant Application on Embedded Systems , 2010, FGIT.

[71]  Lilian Burdy,et al.  Formal development of an embedded verifier for Java Card byte code , 2002, Proceedings International Conference on Dependable Systems and Networks.

[72]  David Pichardie,et al.  Enforcing Secure Object Initialization in Java , 2010, ESORICS.

[73]  Benjamin Livshits,et al.  Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.

[74]  D. Habing The Use of Lasers to Simulate Radiation-Induced Transients in Semiconductor Devices and Circuits , 1965 .

[75]  Stefano Gregori,et al.  Protection Circuit against Differential Power Analysis Attacks for Smart Cards , 2008, IEEE Transactions on Computers.

[76]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.

[77]  Eran Tromer,et al.  Acoustic cryptanalysis : on nosy people and noisy machines , 2004 .

[78]  Serge CHAUMETTE,et al.  JCAT : An environment for attack and test on Java Card , 2003 .

[79]  Gary McGraw,et al.  Securing Java: getting down to business with mobile code , 1999 .

[80]  Karen R. Sollins,et al.  Expanding and Extending the Security Features of Java , 1998, USENIX Security Symposium.

[81]  Erik Poll,et al.  Malicious Code on Java Card Smartcards: Attacks and Countermeasures , 2008, CARDIS.

[82]  François-Xavier Standaert,et al.  Univariate side channel attacks and leakage modeling , 2011, Journal of Cryptographic Engineering.

[83]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[84]  Xavier Leroy,et al.  Bytecode verification on Java smart cards , 2002 .

[85]  Wojciech Mostowski,et al.  Full Memory Read Attack on a Java Card , 2009 .

[86]  Mark Handley,et al.  Internet Denial-of-Service Considerations , 2006, RFC.

[87]  Erik Poll,et al.  Testing the Java Card Applet Firewall , 2007 .