Application-replay attack on Java cards: When the garbage collector gets confused

9Citations
Citations of this article
10Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Java Card 3.0 specifications have brought many new features in the Java Card world, amongst which a true garbage collection mechanism. In this paper, we show how one could use this specific feature to predict the references that will be assigned to object instances to be created. We also exploit this reference prediction process in a combined attack. This attack stands as a kind of "application replay" attack, taking advantage of an unspecified behavior of the Java Card Runtime Environment (JCRE) on application instance deletion. It reveals quite powerful, since it potentially permits the attacker to circumvent the application firewall: a fundamental and historical Java Card security mechanism. Finally, we point out that this breach comes from the latest specification update and more precisely from the introduction of the automatic garbage collection mechanism, which leads to a straightforward countermeasure to the exposed attack. © 2012 Springer-Verlag.

Cite

CITATION STYLE

APA

Barbu, G., Hoogvorst, P., & Duc, G. (2012). Application-replay attack on Java cards: When the garbage collector gets confused. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7159 LNCS, pp. 1–13). https://doi.org/10.1007/978-3-642-28166-2_1

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free