Application-replay attack on Java cards: When the garbage collector gets confused

Guillaume Barbu; Philippe Hoogvorst; Guillaume Duc

doi:10.1007/978-3-642-28166-2_1

Application-replay attack on Java cards: When the garbage collector gets confused

Guillaume Barbu
, Philippe Hoogvorst
, Guillaume Duc

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Java Card 3.0 specifications have brought many new features in the Java Card world, amongst which a true garbage collection mechanism. In this paper, we show how one could use this specific feature to predict the references that will be assigned to object instances to be created. We also exploit this reference prediction process in a combined attack. This attack stands as a kind of "application replay" attack, taking advantage of an unspecified behavior of the Java Card Runtime Environment (JCRE) on application instance deletion. It reveals quite powerful, since it potentially permits the attacker to circumvent the application firewall: a fundamental and historical Java Card security mechanism. Finally, we point out that this breach comes from the latest specification update and more precisely from the introduction of the automatic garbage collection mechanism, which leads to a straightforward countermeasure to the exposed attack.

Original language	English
Title of host publication	Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings
Pages	1-13
Number of pages	13
DOIs	https://doi.org/10.1007/978-3-642-28166-2_1
Publication status	Published - 27 Feb 2012
Externally published	Yes
Event	4th International Symposium on Engineering Secure Software and Systems, ESSoS 2012 - Eindhoven, Netherlands Duration: 16 Feb 2012 → 17 Feb 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7159 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	4th International Symposium on Engineering Secure Software and Systems, ESSoS 2012
Country/Territory	Netherlands
City	Eindhoven
Period	16/02/12 → 17/02/12

Keywords

Application Firewall
Combined Attack
Garbage Collection
Java Card

Access to Document

10.1007/978-3-642-28166-2_1

Cite this

Barbu, G., Hoogvorst, P., & Duc, G. (2012). Application-replay attack on Java cards: When the garbage collector gets confused. In Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings (pp. 1-13). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7159 LNCS). https://doi.org/10.1007/978-3-642-28166-2_1

Barbu, Guillaume ; Hoogvorst, Philippe ; Duc, Guillaume. / Application-replay attack on Java cards : When the garbage collector gets confused. Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings. 2012. pp. 1-13 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{f4872f70eaac48eca5ca8ad2a5cdeb8d,

title = "Application-replay attack on Java cards: When the garbage collector gets confused",

abstract = "Java Card 3.0 specifications have brought many new features in the Java Card world, amongst which a true garbage collection mechanism. In this paper, we show how one could use this specific feature to predict the references that will be assigned to object instances to be created. We also exploit this reference prediction process in a combined attack. This attack stands as a kind of {"}application replay{"} attack, taking advantage of an unspecified behavior of the Java Card Runtime Environment (JCRE) on application instance deletion. It reveals quite powerful, since it potentially permits the attacker to circumvent the application firewall: a fundamental and historical Java Card security mechanism. Finally, we point out that this breach comes from the latest specification update and more precisely from the introduction of the automatic garbage collection mechanism, which leads to a straightforward countermeasure to the exposed attack.",

keywords = "Application Firewall, Combined Attack, Garbage Collection, Java Card",

author = "Guillaume Barbu and Philippe Hoogvorst and Guillaume Duc",

year = "2012",

month = feb,

day = "27",

doi = "10.1007/978-3-642-28166-2\_1",

language = "English",

isbn = "9783642281655",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "1--13",

booktitle = "Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings",

note = "4th International Symposium on Engineering Secure Software and Systems, ESSoS 2012 ; Conference date: 16-02-2012 Through 17-02-2012",

}

Barbu, G, Hoogvorst, P & Duc, G 2012, Application-replay attack on Java cards: When the garbage collector gets confused. in Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7159 LNCS, pp. 1-13, 4th International Symposium on Engineering Secure Software and Systems, ESSoS 2012, Eindhoven, Netherlands, 16/02/12. https://doi.org/10.1007/978-3-642-28166-2_1

Application-replay attack on Java cards: When the garbage collector gets confused. / Barbu, Guillaume; Hoogvorst, Philippe; Duc, Guillaume.
Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings. 2012. p. 1-13 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7159 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Application-replay attack on Java cards

T2 - 4th International Symposium on Engineering Secure Software and Systems, ESSoS 2012

AU - Barbu, Guillaume

AU - Hoogvorst, Philippe

AU - Duc, Guillaume

PY - 2012/2/27

Y1 - 2012/2/27

N2 - Java Card 3.0 specifications have brought many new features in the Java Card world, amongst which a true garbage collection mechanism. In this paper, we show how one could use this specific feature to predict the references that will be assigned to object instances to be created. We also exploit this reference prediction process in a combined attack. This attack stands as a kind of "application replay" attack, taking advantage of an unspecified behavior of the Java Card Runtime Environment (JCRE) on application instance deletion. It reveals quite powerful, since it potentially permits the attacker to circumvent the application firewall: a fundamental and historical Java Card security mechanism. Finally, we point out that this breach comes from the latest specification update and more precisely from the introduction of the automatic garbage collection mechanism, which leads to a straightforward countermeasure to the exposed attack.

AB - Java Card 3.0 specifications have brought many new features in the Java Card world, amongst which a true garbage collection mechanism. In this paper, we show how one could use this specific feature to predict the references that will be assigned to object instances to be created. We also exploit this reference prediction process in a combined attack. This attack stands as a kind of "application replay" attack, taking advantage of an unspecified behavior of the Java Card Runtime Environment (JCRE) on application instance deletion. It reveals quite powerful, since it potentially permits the attacker to circumvent the application firewall: a fundamental and historical Java Card security mechanism. Finally, we point out that this breach comes from the latest specification update and more precisely from the introduction of the automatic garbage collection mechanism, which leads to a straightforward countermeasure to the exposed attack.

KW - Application Firewall

KW - Combined Attack

KW - Garbage Collection

KW - Java Card

UR - https://www.scopus.com/pages/publications/84857310094

U2 - 10.1007/978-3-642-28166-2_1

DO - 10.1007/978-3-642-28166-2_1

M3 - Conference contribution

AN - SCOPUS:84857310094

SN - 9783642281655

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 13

BT - Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings

Y2 - 16 February 2012 through 17 February 2012

ER -

Barbu G, Hoogvorst P, Duc G. Application-replay attack on Java cards: When the garbage collector gets confused. In Engineering Secure Software and Systems - 4th International Symposium, ESSoS 2012, Proceedings. 2012. p. 1-13. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-28166-2_1

Application-replay attack on Java cards: When the garbage collector gets confused

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this