%0 Conference Proceedings
%T Synchronized Attacks on Multithreaded Systems - Application to Java Card 3.0
%+ Laboratoire Traitement et Communication de l'Information (LTCI)
%+ Oberthur Technologies
%+ RFI Global Services Ltd.
%A Barbu, Guillaume
%A Thiebeauld, Hugues
%Z Part 1: Smart Cards System Security
%< avec comité de lecture
%( Smart Card Research and Advanced Applications: 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011
%( Lecture Notes in Computer Science
%B 10th Smart Card Research and Advanced Applications (CARDIS)
%C Leuven, Belgium
%Y Emmanuel Prouff
%I Springer
%3 Smart Card Research and Advanced Applications
%V LNCS-7079
%P 18-33
%8 2011-09-14
%D 2011
%R 10.1007/978-3-642-27257-8_2
%K Fault Injection
%K Logical Attack
%K Multithreading
%K Network Flooding
%K Java Card 3
%K Technological Convergence
%Z Computer Science [cs]/Cryptography and Security [cs.CR]
%Z Computer Science [cs]/Embedded SystemsConference papers
%X Up to now devices in charge of performing secure transactions mainly remained limited regarding their functionalities. However the trend has recently gone towards an increasing integration of features and technologies, which could potentially represent a source of additional threats. This article introduces an innovative attack exploiting advanced functionalities and offering unrivalled opportunities. This attack targets specifically the multithreaded systems featuring network capabilities. By the way of a network flooding we show how a process can be interrupted at the precise time a sensitive operation is being executed. This interruption aims at subsequently modifying the execution context and consequently breaking the sensitive operation. The practical feasibility of this attack is illustrated on a Java Card 3.0 Connected Edition platform. This description reveals that going through with the full attack scenario is not obvious. However this apparent complexity must not conceal the potential breach, which may significantly alter any application running on the system. Finally the goal of this work is to emphasize that the increasing products complexity may generate new security issues rather than to highlight a specific weakness on released products.
%G English
%Z TC 8
%Z TC 11
%Z WG 8.8
%Z WG 11.2
%2 https://hal.science/hal-00692172/document
%2 https://hal.science/hal-00692172/file/multithreading.pdf
%L hal-00692172
%U https://hal.science/hal-00692172
%~ INSTITUT-TELECOM
%~ CNRS
%~ ENST
%~ TELECOM-PARISTECH
%~ PARISTECH
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-TC8
%~ IFIP-WG11-2
%~ IFIP-CARDIS
%~ IFIP-WG8-8
%~ IFIP-LNCS-7079
%~ LTCI
%~ INSTITUTS-TELECOM