Smart Card Platform classification on the basis of system post-issuance behavior. Closed Platform In these card post-issuance code download is not permitted. In such cases an attack should exploit the side channel analysis or fault injection. Open Platform In these card post-issuance code download is allowed. This scenario is protected by the GlobalPlatform protocol that…
Category: Security
Java card security Model
To be compliant with the Java security rules, the Java Card security model verifying the semantics of the Java program. It ensures that applet file format respects the specification (structural verification) and that all methods are well-formed and verify the type system of Java. The processes involve, to adhere by the security compliance, are complex…
Hybrid Countermeasures
Renaming the nop operation Attacker had the capacity to force a byte to 0x00 or 0xFF. In Java, the instruction 0xFF is reserved, so it will be useless for an attacker to replace an instruction by this value. This let the value 0x00, which correspond to the nop instruction (do nothing), as a critical value….
System Countermeasures
Runtime Type Checking Checking the types of data at runtime, so that type confusion attack is not possible. Object Bounds Checking Any VM is required to do runtime checks on array bounds when accessing array elements. A VM could do some similar runtime checks of object bounds when accessing instance fields and invoking methods on…
Hardware Countermeasure
High-secured smart cards embed countermeasures (encrypted memory, scrambled address and a randomized clock). These countermeasures imply that any error induced into the RAM, EEPROM or CPU at an undetermined moment gives at most the information that a certain variable is faulty Chip Packaging It is the first level of security provided as countermeasure. Inside the…
Countermeasures
Designing efficient countermeasures against fault attacks is important for smart card manufacturers but also for application developers. For the manufacturers, countermeasures must have the lowest cost in term of memory and processor usage. For the application developers, they have to understand the ability of their applets to become mutants and potentially hostiles in case of…
Hybrid Attacks
Recently in javacard attacks, the idea to combine logical attacks with a physical attack to bypass bytecode verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified on-card using laser beam. Such applications become mutant applications, with a different behavior. This internal change could lead to bypass control and protection…
Javacard Logical Attacks
There are some attacks which specially target the javacard nature of smartcard. CAP file manipulation Is to modify the CAP file after the compilation step to bypass the off card BCV. This will only work for cards without on-card BCV and for unsigned CAP files. For example, to treat a byte array as a short…
Fault Attacks
Faults are errors that can be induced into the chip by the perturbation\disturbing its execution environment. Fault attack modifies part of memory content or signal on internal bus and lead to deviant behavior exploitable by an attacker. For instance, while choosing the exact byte of a program the attacker can bypass countermeasures or logical tests….
Semi-Invasive attacks
Semi-Invasive attacks have the following characteristics, or require the following conditions. These attacks require access to the surface of the chip. But they do not need to create contacts with the internal wires. Usually did not damage the system, and depends on how the attacker is performed, they may or may not leave tamper evidence….
Non-Invasive attacks
Non-Invasive attacks have the following characteristics, or require the following conditions. In this case, the attacker will interact with the device, with a chip, with its interface, such as voltage, current, clock, input-output interface, etc. Normally, such attack will not damage the device, and it will not leave any tamper evidence. These attacks have very…
Invasive attacks
Invasive attacks have the following characteristics, or require the following conditions. This kind of attack requires direct access to the inside of the chip or device. Normally, the device will be damaged after the attack. Sometimes tamper evidence will be left. The cost and required skills to perform invasive attack varies based on how the…
Java Card Security 