Skip to main content
Conference ProceedingsOPEN ACCESS

Combined software and hardware attacks on the Java Card control flow

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2011) 7079 LNCS 283-296
DOI: 10.1007/978-3-642-27257-8_18
42Citations
Citations of this article
21Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The Java Card uses two components to ensure the security of its model. On the one hand, the byte code verifier (BCV) checks, during an applet installation, if the Java Card security model is ensured. This mechanism may not be present in the card. On the other hand, the firewall dynamically checks if there is no illegal access. This paper describes two attacks to modify the Java Card control flow and to execute our own malicious byte code. In the first attack, we use a card without embedded security verifier and we show how it is simple to change the return address of a current function. In the second attack, we consider the hypothesis that the card embeds a partial implementation of a BCV. With the help of a laser beam, we are able to change the execution flow. © 2011 IFIP International Federation for Information Processing.

Author supplied keywords

Cite

CITATION STYLE

APA

Bouffard, G., Iguchi-Cartigny, J., & Lanet, J. L. (2011). Combined software and hardware attacks on the Java Card control flow. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7079 LNCS, pp. 283–296). https://doi.org/10.1007/978-3-642-27257-8_18

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free