Sep 24, 2021


Lecture Notes




Analysis of the sensibility of Java Card Applet to a fault attack

The main idea here is to propose to strengthen virtual machine security by reducing the possibility for an attacker to obtain information using a fault attack. In a first approach we work at the application level in order to propose a first line of defense. We suggest a methodology and a tool that assist the developer or the security evaluator to evaluate the probability an attacker could obtain information. Then some indication can be attached to the application and provide to the virtual machine as clues to force the execution engine to enter in a secure mode. This is the subject of the PhD of Ahmadou Sere .

Upgrading safely such a tiny device

We want to provide here some direction to solve the problem of fixing security patches to a system, for which the service cannot be interrupted, the network bandwidth is restricted and the device is resource constrained. Up to now, when a cryptographic algorithm is broken the only solution is to proceed to a renewal of all the on-the-field smart cards. The idea here is to provide adapted solution├á la OSGI for next generation smart cards (i.e. Java Card 3.0 Connected Edition). This is the research theme of Agn├Ęs Noubissi PhD.

Logical attacks against Java Card

For old fashion Java Card (Java Card 3.0 Classic Edition) or ot Net card we investigate how it is possible to gain access to some part of the system in order to design new protection against attackers. For that purpose we develop a framework (the library OPAL) to automate access to the card.

  • EMAN attack, the aim of this attack is to retrieve the EEprom area in modifying the reference location component. We completely dumped several smart card, see papers JCV or Cesar08,
  • EMAN V2, here we used type confusion in order to retrieve information. It runs well with some cards, recent cards are not subject to this attack. At the end we found a flaw in the byte code verifier that allows us to make a type confusion with a well typed applet. Unpublished work.
  • EMAN V2bis, we try to use ROP method to get a native control of the microcontroller. Work published at Cardis 2011.
  • EMAN V3, dump of the rom area of a smart card. We got the rom and now we need to reverse the JVM. Results published at STIC 2014.
  • EMAN V4, a joined hardware attack and logical attack. We succeed in getting control (EEPROM dump) of a well formed applet, thanks to a laser beam injection. Published at Cardis 2011.
  • EMAN V5, we expect with this new attack to be able to run native code on a Java Card;

Web server security

We develop here a component that should detect irrelevant http response to http request on a Java Card 3.0 Connected Edition that could embed attacks against the smart card web server.

This page may have a more recent version on PmWiki:LogicalSecurity, and a talk page: PmWiki:LogicalSecurity-Talk.

Page Actions