Java Card operand stack: Fault attacks, combined attacks and countermeasures

Guillaume Barbu; Guillaume Duc; Philippe Hoogvorst

doi:10.1007/978-3-642-27257-8_19

Java Card operand stack: Fault attacks, combined attacks and countermeasures

Guillaume Barbu, Guillaume Duc, Philippe Hoogvorst

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Until 2009, Java Cards have been mainly threatened by Logical Attacks based on ill-formed applications. The publication of the Java Card 3.0 Connected Edition specifications and their mandatory on-card byte code verification may have then lead to the end of software-based attacks against such platforms. However, the introduction in the Java Card field of Fault Attacks, well-known from the cryptologist community, has proven this conclusion wrong. Actually, the idea of combining Fault Attacks and Logical Attacks to tamper with Java Cards appears as an even more dangerous threat. Although the operand stack is a fundamental element of all Java Card Virtual Machines, the potential consequences of a physical perturbation of this element has never been studied so far. In this article, we explore this path by presenting both Fault Attacks and Combined Attacks taking advantage of an alteration of the operand stack. In addition, we provide experimental results proving the practical feasibility of these attacks and illustrating their efficiency. Finally, we describe different approaches to protect the operand stack's integrity and compare their cost with a particular interest on the time factor.

Original language	English
Title of host publication	Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Revised Selected Papers
Pages	297-313
Number of pages	17
DOIs	https://doi.org/10.1007/978-3-642-27257-8_19
Publication status	Published - 26 Dec 2011
Externally published	Yes
Event	10th IFIP Conference on Smart Card Research and Advanced Applications, CARDIS 2011 - Leuven, Belgium Duration: 14 Sept 2011 → 16 Sept 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7079 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	10th IFIP Conference on Smart Card Research and Advanced Applications, CARDIS 2011
Country/Territory	Belgium
City	Leuven
Period	14/09/11 → 16/09/11

Keywords

Combined Attack
Countermeasures
Fault Attack
Java Card
Logical Attacks

Access to Document

10.1007/978-3-642-27257-8_19

Cite this

Barbu, G., Duc, G., & Hoogvorst, P. (2011). Java Card operand stack: Fault attacks, combined attacks and countermeasures. In Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Revised Selected Papers (pp. 297-313). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7079 LNCS). https://doi.org/10.1007/978-3-642-27257-8_19

Barbu, Guillaume ; Duc, Guillaume ; Hoogvorst, Philippe. / Java Card operand stack : Fault attacks, combined attacks and countermeasures. Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Revised Selected Papers. 2011. pp. 297-313 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{ee368037e36a46f29a56b0b5993ef28d,

title = "Java Card operand stack: Fault attacks, combined attacks and countermeasures",

abstract = "Until 2009, Java Cards have been mainly threatened by Logical Attacks based on ill-formed applications. The publication of the Java Card 3.0 Connected Edition specifications and their mandatory on-card byte code verification may have then lead to the end of software-based attacks against such platforms. However, the introduction in the Java Card field of Fault Attacks, well-known from the cryptologist community, has proven this conclusion wrong. Actually, the idea of combining Fault Attacks and Logical Attacks to tamper with Java Cards appears as an even more dangerous threat. Although the operand stack is a fundamental element of all Java Card Virtual Machines, the potential consequences of a physical perturbation of this element has never been studied so far. In this article, we explore this path by presenting both Fault Attacks and Combined Attacks taking advantage of an alteration of the operand stack. In addition, we provide experimental results proving the practical feasibility of these attacks and illustrating their efficiency. Finally, we describe different approaches to protect the operand stack's integrity and compare their cost with a particular interest on the time factor.",

keywords = "Combined Attack, Countermeasures, Fault Attack, Java Card, Logical Attacks",

author = "Guillaume Barbu and Guillaume Duc and Philippe Hoogvorst",

year = "2011",

month = dec,

day = "26",

doi = "10.1007/978-3-642-27257-8\_19",

language = "English",

isbn = "9783642272561",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "297--313",

booktitle = "Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Revised Selected Papers",

note = "10th IFIP Conference on Smart Card Research and Advanced Applications, CARDIS 2011 ; Conference date: 14-09-2011 Through 16-09-2011",

}

Barbu, G, Duc, G & Hoogvorst, P 2011, Java Card operand stack: Fault attacks, combined attacks and countermeasures. in Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7079 LNCS, pp. 297-313, 10th IFIP Conference on Smart Card Research and Advanced Applications, CARDIS 2011, Leuven, Belgium, 14/09/11. https://doi.org/10.1007/978-3-642-27257-8_19

Java Card operand stack: Fault attacks, combined attacks and countermeasures. / Barbu, Guillaume; Duc, Guillaume; Hoogvorst, Philippe.
Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Revised Selected Papers. 2011. p. 297-313 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7079 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Java Card operand stack

T2 - 10th IFIP Conference on Smart Card Research and Advanced Applications, CARDIS 2011

AU - Barbu, Guillaume

AU - Duc, Guillaume

AU - Hoogvorst, Philippe

PY - 2011/12/26

Y1 - 2011/12/26

N2 - Until 2009, Java Cards have been mainly threatened by Logical Attacks based on ill-formed applications. The publication of the Java Card 3.0 Connected Edition specifications and their mandatory on-card byte code verification may have then lead to the end of software-based attacks against such platforms. However, the introduction in the Java Card field of Fault Attacks, well-known from the cryptologist community, has proven this conclusion wrong. Actually, the idea of combining Fault Attacks and Logical Attacks to tamper with Java Cards appears as an even more dangerous threat. Although the operand stack is a fundamental element of all Java Card Virtual Machines, the potential consequences of a physical perturbation of this element has never been studied so far. In this article, we explore this path by presenting both Fault Attacks and Combined Attacks taking advantage of an alteration of the operand stack. In addition, we provide experimental results proving the practical feasibility of these attacks and illustrating their efficiency. Finally, we describe different approaches to protect the operand stack's integrity and compare their cost with a particular interest on the time factor.

AB - Until 2009, Java Cards have been mainly threatened by Logical Attacks based on ill-formed applications. The publication of the Java Card 3.0 Connected Edition specifications and their mandatory on-card byte code verification may have then lead to the end of software-based attacks against such platforms. However, the introduction in the Java Card field of Fault Attacks, well-known from the cryptologist community, has proven this conclusion wrong. Actually, the idea of combining Fault Attacks and Logical Attacks to tamper with Java Cards appears as an even more dangerous threat. Although the operand stack is a fundamental element of all Java Card Virtual Machines, the potential consequences of a physical perturbation of this element has never been studied so far. In this article, we explore this path by presenting both Fault Attacks and Combined Attacks taking advantage of an alteration of the operand stack. In addition, we provide experimental results proving the practical feasibility of these attacks and illustrating their efficiency. Finally, we describe different approaches to protect the operand stack's integrity and compare their cost with a particular interest on the time factor.

KW - Combined Attack

KW - Countermeasures

KW - Fault Attack

KW - Java Card

KW - Logical Attacks

U2 - 10.1007/978-3-642-27257-8_19

DO - 10.1007/978-3-642-27257-8_19

M3 - Conference contribution

AN - SCOPUS:84055192330

SN - 9783642272561

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 297

EP - 313

BT - Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Revised Selected Papers

Y2 - 14 September 2011 through 16 September 2011

ER -

Barbu G, Duc G, Hoogvorst P. Java Card operand stack: Fault attacks, combined attacks and countermeasures. In Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Revised Selected Papers. 2011. p. 297-313. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-27257-8_19

Java Card operand stack: Fault attacks, combined attacks and countermeasures

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this