%0 Conference Proceedings
%T Combined Software and Hardware Attacks on the Java Card Control Flow
%+ DMI
%A Bouffard, Guillaume
%A Iguchi-Cartigny, Julien
%A Lanet, Jean-Louis
%Z Part 7: Java Card Security
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 10th Smart Card Research and Advanced Applications (CARDIS)
%C Leuven, Belgium
%Y Emmanuel Prouff
%I Springer
%3 Smart Card Research and Advanced Applications
%V LNCS-7079
%P 283-296
%8 2011-09-15
%D 2011
%R 10.1007/978-3-642-27257-8_18
%K Java Card
%K control flow
%K laser
%K Java Card Stack
%K attack
%Z Computer Science [cs]
%Z Computer Science [cs]/Embedded SystemsConference papers
%X The Java Card uses two components to ensure the security of its model. On the one hand, the byte code verifier (BCV) checks, during an applet installation, if the Java Card security model is ensured. This mechanism may not be present in the card. On the other hand, the firewall dynamically checks if there is no illegal access. This paper describes two attacks to modify the Java Card control flow and to execute our own malicious byte code. In the first attack, we use a card without embedded security verifier and we show how it is simple to change the return address of a current function. In the second attack, we consider the hypothesis that the card embeds a partial implementation of a BCV. With the help of a laser beam, we are able to change the execution flow.
%G English
%Z TC 8
%Z TC 11
%Z WG 8.8
%Z WG 11.2
%2 https://hal.science/hal-00684616/document
%2 https://hal.science/hal-00684616/file/978-3-642-27257-8_18_Chapter.pdf
%L hal-00684616
%U https://hal.science/hal-00684616
%~ UNILIM
%~ CNRS
%~ XLIM
%~ XLIM-DMI
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-TC8
%~ IFIP-WG11-2
%~ IFIP-CARDIS
%~ IFIP-WG8-8
%~ IFIP-LNCS-7079