Nowadays, each of us uses a smart card to pay or withdraw money, uses public transports, travels the world, etc. These devices contain some private information needed to make sensitive operations. The Java Card plays an important role in the smart card projects with a friendly development step without physical components dependencies and a secure environment. Its specification is produced by Oracle and describes the Java Card Virtual Machine (JCVM) with these security components such as the firewall policy and the security rules should respect by each applet. On a smart card, an attacker can use two ways. On the one hand, an ill-formed applet may execute illegal instructions. This kind of attack tests the logical level and might find some security flaws in the JCVM. On the other hand, the physical attacks may be used to discover sensitive information contained in a smart card. Thus, an analysis of the card consumption, may reverse the executed instructions on the current applet. Moreover with a specific equipment, you can make a fault attack on the cryptographic implementations, explained by Christophe Clavier in his PhD Thesis, in order to find the private keys used. Newly, Guillaume Barbu explains the way whose an unauthorized cast between two different objects in a valid applet, statically analysed by the smart card ByteCode Verifier (BCV) and correctly installed, becomes a malware because of a laser beamer attack which the cast type check instruction to be executed. This sort of attack exploits a new method to execute illegal instructions using physical and logical levels. In his article, Barbu uses a laser attack against the JCVM where every information was known to modify the applet execution. This method should not apply on almost smart card.
An interesting approach will use a generic attack against a smart card chip without knowledge about the JCVM. We produce some modifications in the chip registers and might change the JCVM states and the applet execution. The electronic issues provided by this sort of attack should be studied in order to determine what a laser beamer may change on a generic chip. Indeed, each physical attack research center in the card manufacturers, like Gemalto or Oberthur Card Systems, and independent labs, such as Thales Security Systems, use yet a purely practical method to found when and where the beamer should touch the chip.
In Sciences, the purely practical method cannot explore each possibility. On the contrary, a theoretical approach would be analysis each modification and impact, on each level, produced by an attack. Experimentations on real chips will be allowed to prove the correctness of the theoretical study. Second, you should analyse how this physical modification changes the JCVM execution flow and how that may be by an attacker to execute illegal instructions in the JCVM.
This year, few students in the master degree CRYPTIS found a way to make a virus in a Java Card. In a first time, they should install correctly a specific applet checked by the BCV. An external 1-byte modification changes their applet to a naughty virus. Finally, with the previous results, we should find some counter-measures to prevent smart cards from physical modifications of the JCVM execution flow
Contact:Jean Louis Lanet