Abstract
Nowadays Fault Injection is the main threat for any sensitive applications being executed on embedded devices. Indeed, such an attack allows one to efficiently recover any secret or to gain unauthorized privileges if no appropriate countermeasure is implemented. In the context of Java Card applications, the main method to counteract Fault Injection consists in adding redundancy for sensitive operations and integrity verification for sensitive variables. While being efficient from a security point of view, such a method substantially impacts the performance of the application. In this article we introduce a new pragmatic approach to counteract Fault Injection by dynamically increasing the security level of the application. This methodology, based on upgrading the Java Card Virtual Machine, allows us to optimize the performance of sensitive applications in every day life while providing a strong security level as soon as an attacker tries to disturb their executions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Quisquater, J.J., Samyde, D.: A New Tool for Non-intrusive Analysis of Smart Cards Based on Electro-magnetic Emissions, the SEMA and DEMA Methods. Presented during EUROCRYPT 2000 Rump Session (2000)
Bellcore: New Threat Model Breaks Crypto Codes. Press Release (1996)
du Castel, B.: Personal History of the Java Card (2012), French version originally published in MISC magazine, HS-2 (November 2008)
Joye, M., Tunstall, M.: Fault Analysis in Cryptography. Information Security and Cryptography. Springer (2012)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks. IEEE 94, 370–382 (2006)
Giraud, C., Thiebeauld, H.: A Survey on Fault Attacks. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., Kalam, A.E. (eds.) Smart Card Research and Advanced Applications VI – CARDIS 2004, pp. 159–176. Kluwer Academic Publishers (2004)
Mostowski, W., Poll, E.: Malicious Code on Java Card Smartcards: Attacks and Countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)
Barbu, G., Duc, G., Hoogvorst, P.: Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 297–313. Springer, Heidelberg (2011)
Common Criteria: Application of Attack Potential to Smartcards (2009)
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)
Vetillard, E., Ferrari, A.: Combined Attacks and Countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)
Sun Microsystems Inc.: Virtual Machine Specification – Java Card Plateform, Version 3.0.1 (2009)
The Apache Software Foundation: (Apache Commons BCEL, The Byte Code Engineering Library), http://commons.apache.org/bcel/
Smart Secure Devices (SSD) Team – XLIM, Université de Limoges: CapMap – The CAP file manipulator, http://secinfo.msi.unilim.fr
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barbu, G., Andouard, P., Giraud, C. (2013). Dynamic Fault Injection Countermeasure. In: Mangard, S. (eds) Smart Card Research and Advanced Applications. CARDIS 2012. Lecture Notes in Computer Science, vol 7771. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37288-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-37288-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37287-2
Online ISBN: 978-3-642-37288-9
eBook Packages: Computer ScienceComputer Science (R0)