smart card to mitigate logical attacks
play

Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, - PowerPoint PPT Presentation

Aug 31, 2023 •278 likes •466 views

A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N Thampi , and Jean-Louis Lanet Smart Secure Devices (SSD) Team, XLIM/ Universit de Limoges, France

  1. A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N Thampi , and Jean-Louis Lanet Smart Secure Devices (SSD) Team, XLIM/ Université de Limoges, France bhagyalekshmy.narayanan-thampi@xlim.fr SNDS - 2012 11-12 October 2012

  2. Outline • Introduction • Java Card Security • Byte code verifier, CAP File, API, Linker, Firewall • Types of attacks on Java Cards • Objective • Developing a new attack • Existing countermeasure • Newly proposed countermeasure & its implementation • Conclusion A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 2

  3. Introduction • Smart Card/ Java Card – Most of the Smart Cards are Java Card – Secure, efficient, cost effective embedded device – Limited memory size (RAM, ROM, EEPROM) – Prone to attacks – Hardware & software security – Multi-application environment A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 3

  4. Java Card Security Off-Card Security Model Byte Code Java Class Byte Code Byte Code Java Card Verifier files Converter Signer file/ CAP (BCV) On-Card Security Model Java Card Installed BCV Linker Firewall file/ CAP applet A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 4

  5. Java Card Security: CAP File • CAP: Converted Applet • Binary representation of a package of classes • Consists of 12 components • Some of the main components – Class – Method – Constant Pool – Reference Location etc. A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 5

  6. Types of attacks on Smart Card • Logical – software/ sensitive informations – two categories of logical attacks • well formed CAP File: shareable interface mechanism, transaction mechanism • ill formed CAP File: CAP File manipulation • Side Channel – cryptographic secrets obtained through electromagnetic leaks, timing information, power consumption, heat radiation, etc. A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 6

  7. Types of attacks on Smart Card (Contd.) • Physical – fault attacks (optical, electromagnetic) – input current modifications • Combined – logical and physical • fault injection (bypass on-card BCV) A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 7

  8. Objective: introducing a new logical attack • Abused the Java Card linker to change the correct bytecode into malicious one • Set of instructions modified • Each instruction is referenced by an offset in the method component • Linking step is done during the loading of a CAP file • Linker interprets the instructions as tokens and resolve it • CAP File Manipulator: developed by our team – Allows to read and modify Cap Files or any component of a CAP File – Respect the interdependencies between the components A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 8

  9. Objective: introducing a new logical attack (Contd.) Linking step Token (1) (2) ReferenceLocationComponent MethodComponent { { [ … ] [ … ] @ 1F invokestatic 0002 offsets_to_byte2_indices = { [ … ] [ … ] } @0020 [ … ] Method referenced by token } } (3) Offset value ConstantPoolComponent { of token [ … ] 0002 CONSTANT_StaticMethodRef: If linking finished packageToken 80, classToken 20, Token 8 0002 will change to } 4E56 A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 9

  10. Developing a new attack Method Component Linking needs Offset Bytecode Mnemonic two bytes 0020 [0x00] nop 0021 [0x02] sconst_m1 0022 [0x02] sconst_m1 0023 [0x3C] pop2 0024 [0x04] sconst_m1 0025 [0x3B] pop Constant Pool Component /* 0008, 2 */CONSTANT_StaticMethodRef: external: 0x80, 0x8, 0xD Reference Location Component Offset value: 0020 A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 10

  11. Developing a new attack (Contd.) Set of instructions after linking resolution Offset Bytecode Mnemonic 0020 [0x8E] Invokeinterface 0021 [0x03] // nargs 0022 [0x02] // indexByte1 0023 [0x3C] // indexByte2 0024 [0x04] // method 0025 [0x3B] pop Token method 0x0002 is linked by the value 0x8E03 A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 11

  12. Existing countermeasure ins hidden =ins ⊕ K bytecode (1) where K bytecode is the key, ins is the instruction • Impossible to execute the malicious code without the knowledge of K bytecode • To find xor key: change the Control Flow Graph (CFG) • Through brute force attack: easily obtain xor key with 256 possible values A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 12

  13. Newly proposed countermeasure ins hidden = ins ⊕ K bytecode (1) ins hidden = ins ⊕ K bytecode ⊕ jpc (2) Scrambling Bytecode with equation 1 equation 2 Address Bytecode Mnemonic Address Bytecode Mnemonic 0x8068 0x42 nop 0x8068 0x2a nop 0x8069 0x40 sconst_m1 0x8069 0x29 sconst_m1 0x806A 0x40 sconst_m1 0x806A 0x2a sconst_m1 0x806B 0x7E pop2 0x806B 0x15 pop2 0x806C 0x46 sconst_1 0x806C 0x2d sconst_1 0x806D 0x79 pop 0x806D 0x12 pop A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 13

  14. Countermeasure implementation (Contd.) Unscrambling shell cod e Offset Bytecode Mnemonic 0xAB80 0x7D getstatic 8000 0xAB83 0x78 sreturn After unmasking each instruction Offset Bytecode Mnemonic 0xAB80 0xBF //undefined 0xAB81 0x43 ssub 0xAB82 0xC0 // undefined 0xAB83 0xB9 // undefined A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 14

  15. Conclusion • Based on the vulnerability of the linker, a powerful logical attack demonstrated – Correct bytecode to into malicious one • Protect Java Card from logical attacks – Impossible to execute malicious bytecode without the knowledge of jpc stored in the EEPROM • Cost effective countermeasure, suitable for security interoperability A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 15

  16. Future Work • To do reverse engineering using electromagnetic side channel attacks A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 16

  17. Bhagyalekshmy N THAMPI, Research Engineer bhagyalekshmy.narayanan-thampi@xlim.fr Smart Secure Devices (SSD) Team XLIM/ Université de Limoges, 123 Avenue Albert Thomas, 87060 Limoges, France http://secinfo.msi.unilim.fr/ A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Smart Card Attacks: Enter the Matrix Tiana Razafindralambo Guillaume Bouffard Julien

Smart Card Attacks: Enter the Matrix Tiana Razafindralambo Guillaume Bouffard Julien

Introduction Logical attacks Combined attacks Conclusion Smart Card Attacks: Enter the Matrix Tiana Razafindralambo Guillaume Bouffard Julien Iguchi-Cartigny Jean-Louis Lanet Smart Secure Devices (SSD) Team Xlim Labs Universit e

902 views • 53 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva expiration: 09/10 Karen Lu Ksheerabdhi Krishna Challenges Installing crypto providers Breaks mobility Breaks ubiquity of web

425 views • 8 slides
A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation

A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation

[ICCSA 2004] 2004] [ICCSA A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation Criteria for Side Channel Attacks Side Channel Attacks Presented at the workshop ICCSA ICCSA 200 2004 4, ,

404 views • 26 slides
Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface capabilities CPU : 16b/32b RISC @ handful of MhZ Math co-processor: RSA/DES/AES/ECC RAM : X KB HDD : XX..XXX KB (EEPROM) NET :

568 views • 36 slides
Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks

Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks

Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks Konstantinos Markantonakis, Michael Tunstall, Keith Mayes Dr Konstantinos Markantonakis (BSc, MSc, MBA, PhD) K.Markantonakis@rhul.ac.uk

509 views • 15 slides
Combined Software and Hardware Attacks on the Java Card Control Flow Guillaume Bouffard Julien

Combined Software and Hardware Attacks on the Java Card Control Flow Guillaume Bouffard Julien

Introduction EMAN 2 EMAN 4 Conclusion Combined Software and Hardware Attacks on the Java Card Control Flow Guillaume Bouffard Julien Iguchi-Cartigny Jean-Louis Lanet Smart Secure Devices (SSD) Team Xlim Universit e de Limoges

476 views • 45 slides
Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in

Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in

Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in Government 2004 March 10, 2004 What is the Electronic Treasury Enterprise Card (E-TREC)? E-TREC is the result of the Treasury Departments

507 views • 9 slides
Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs

Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs

Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs Smart card A piece of plastic with a chip that contains: CPU, memories and programs SC is your personal information system, your

598 views • 21 slides
National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO) www.sabteahval.ir/houshmand/ National Organization for Civil Tell: 60902701-2 Fax: 66736526 Registration(NOCR) Agenda 1. Traditional ID

370 views • 23 slides
Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com http://christian.amsuess.com/ 2010-05-06 Overview objective understand smart card communication based on sniffable communication hardware standard card

468 views • 20 slides
The Active Card An Active Mind in an Active Body More people, More Active, More often! The

The Active Card An Active Mind in an Active Body More people, More Active, More often! The

The Active Card An Active Mind in an Active Body More people, More Active, More often! The Active vision Active The Olympic Legacy 100,000 card holders by 2012 SMART card technology Improved communications for

421 views • 21 slides
7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com

7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com

7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com whoami Positive Technologies (from 2009) Application security researcher (from 2009) Banking systems

647 views • 45 slides
A Not So Smart Card Any sufficiently unadvanced technology requires a lot of magic ...

A Not So Smart Card Any sufficiently unadvanced technology requires a lot of magic ...

A Not So Smart Card Any sufficiently unadvanced technology requires a lot of magic ... Bernd R. Fix <Bernd.Fix@aspector.com> What we are talking about... ~ 2'500'000 users yearly figures: ~ 700'000'000 transactions ~

785 views • 8 slides
GSA Smart Card Handbook GSA Smart Card Handbook Industry Review and Comment Process Industry

GSA Smart Card Handbook GSA Smart Card Handbook Industry Review and Comment Process Industry

GSA Smart Card Handbook GSA Smart Card Handbook Industry Review and Comment Process Industry Review and Comment Process Industry Review and Comment Process Cathy Medich Cathy Medich Cathy Medich Government Handbook Committee Chair

605 views • 7 slides
T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a

T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a

T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a Smart Card? A smart card is a device that includes an embedded integrated circuit that can be either a secure microcontroller or equivalent

494 views • 12 slides
SAR-SSI 2012 1 Introduction Java Card security model Off-card security model Java class Byte

SAR-SSI 2012 1 Introduction Java Card security model Off-card security model Java class Byte

Samiya Hamadouche, Guillaume Bouffard , Jean-Louis Lanet, Bruno Dorsemaine , Bastien Nouhant, Alexandre Magloire, Arnaud Reygnaud guillaume.bouffard@xlim.fr bruno.dorsemaine@etu.unilim.fr SAR-SSI 2012 1 Introduction Java Card security model

227 views • 19 slides
Ethereum Recall: Bitcoin scripting: non Turing-complete limited/limiting Solutions: Add

Ethereum Recall: Bitcoin scripting: non Turing-complete limited/limiting Solutions: Add

Cryptocurrency Technologies Ethereum Ethereum Recall: Bitcoin scripting: non Turing-complete limited/limiting Solutions: Add application-specific functionality in scripting of altcoin Create altcoin with Turing-complete scripting

399 views • 15 slides
CSE 101 DISJOINT SET DATA STRUCTURE OPERATIONS WHEN IS WORST-CASE PESSIMISTIC If we are using a

CSE 101 DISJOINT SET DATA STRUCTURE OPERATIONS WHEN IS WORST-CASE PESSIMISTIC If we are using a

Algorithm Design and Analysis Sanjoy Dasgupta Russell Impagliazzo and Ragesh Jaiswal russell@cs.ucsd.edu Lecture 10: Amortized analysis of Data Structures Thanks, Miles Jones CSE 101 DISJOINT SET DATA STRUCTURE OPERATIONS WHEN IS WORST-CASE

358 views • 32 slides
Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Cryptocurrencies & Security on the Blockchain Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM execution must be deterministic. Cannot rely on outside information But sometimes that

591 views • 17 slides
Object-Oriented Design No SVN checkout today Analysis Design Software Implementation

Object-Oriented Design No SVN checkout today Analysis Design Software Implementation

Object-Oriented Design No SVN checkout today Analysis Design Software Implementation Development Testing Deployment Maintenance Standardized approaches intended to: Reduce costs Increase predictability of results Examples:

279 views • 26 slides
On-the-Fly Token Similarity Joins in Relational Databases N. Augsten 1 A. Miraglia 2 T. Neumann 3

On-the-Fly Token Similarity Joins in Relational Databases N. Augsten 1 A. Miraglia 2 T. Neumann 3

On-the-Fly Token Similarity Joins in Relational Databases N. Augsten 1 A. Miraglia 2 T. Neumann 3 A. Kemper 3 1 University of Salzburg, Austria nikolaus.augsten@sbg.ac.at 2 VU University Amsterdam, Netherlands a.miraglia@student.vu.nl 3 TU M

1.04k views • 60 slides
The Practitioners Perspective Panel discussion by Agustn Carstens General Manager, Bank for

The Practitioners Perspective Panel discussion by Agustn Carstens General Manager, Bank for

The Practitioners Perspective Panel discussion by Agustn Carstens General Manager, Bank for International Settlements The Workshop on Digital Currency Economics and Policy Singapore, 16 November 2018 Money Flower: a TV series 2 The Money

493 views • 8 slides
System Modelling and Design Modelling a Queue Towards Implementation Revision: 1.6, April 28,

System Modelling and Design Modelling a Queue Towards Implementation Revision: 1.6, April 28,

Outline System Modelling and Design Modelling a Queue Towards Implementation Revision: 1.6, April 28, 2010 Ken Robinson School of Computer Science & Engineering The University of New South Wales, Sydney Australia October 6, 2010 Ken

1.39k views • 111 slides

More recommend