Filters








243 Hits in 7.4 sec

Security automaton to mitigate laser-based fault attacks on smart cards

Guillaume Bouffard, Bhagyalekshmy N. Thampi, Jean Louis Lanet
2014 International Journal of Trust Management in Computing and Communications  
In this work we propose an automatic method to obtain control flow redundancy using a security automaton to mitigate laser based fault attacks and hence implement a smart card countermeasure based on the  ...  Security and attacks are two sides of the same coin in the smart card industry.  ...  System based or Dynamic countermeasure approach In the applicative countermeasure approaches, the developer himself is in charge of securing his code.  ... 
doi:10.1504/ijtmcc.2014.064158 fatcat:dmrcbn2m55aidcgberiiay2q5y

Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures [chapter]

Guillaume Barbu, Guillaume Duc, Philippe Hoogvorst
2011 Lecture Notes in Computer Science  
Although the operand stack is a fundamental element of all Java Card Virtual Machines, the potential consequences of a physical perturbation of this element has never been studied so far.  ...  Actually, the idea of combining Fault Attacks and Logical Attacks to tamper with Java Cards appears as an even more dangerous threat.  ...  The authors would like to thank Nicolas Morin, for his helping hand during the fault injection campaign, and Christophe Giraud for his fruitful review(s).  ... 
doi:10.1007/978-3-642-27257-8_19 fatcat:3fbk25yp3ncbtk2wczb5z5pip4

Evaluation of the Ability to Transform SIM Applications into Hostile Applications [chapter]

Guillaume Bouffard, Jean-Louis Lanet, Jean-Baptiste Machemie, Jean-Yves Poichotte, Jean-Philippe Wary
2011 Lecture Notes in Computer Science  
This paper is organized as follows: first we introduce a brief state of the art of fault injection attacks and existing countermeasures, then we discuss about the new countermeasure we have developed.  ...  Hardware Countermeasures Fault attacks are powerful and can threaten the card security.  ...  A Full Java Code of the Debit method  ... 
doi:10.1007/978-3-642-27257-8_1 fatcat:75l7wdoxofbidflslwq72j3q44

Java Card Combined Attacks with Localization-Agnostic Fault Injection [chapter]

Julien Lancia
2013 Lecture Notes in Computer Science  
In this paper, we present a paradigm for combined attacks on Java Cards that lowers the requirements on the localization precision of the fault injection.  ...  Finally, we demonstrate the eciency of our approach through fault injection simulation.  ...  However, when the fault injection switches the A eld index, the new index can reference any B instance on the card.  ... 
doi:10.1007/978-3-642-37288-9_3 fatcat:3f75jbkmlvg3nifsbkw3g53lma

Vulnerability Analysis on Smart Cards Using Fault Tree [chapter]

Guillaume Bouffard, Bhagyalekshmy N. Thampi, Jean-Louis Lanet
2013 Lecture Notes in Computer Science  
In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use a Fault Tree Analysis.  ...  Then we introduce a new security api which is proposed to mitigate the undesirable events defined in the tree models.  ...  Security of Java based smart cards Java Card is a kind of smart card that implements the standard Java Card 3.0 [8] specification.  ... 
doi:10.1007/978-3-642-40793-2_8 fatcat:72qzommupbaanmliw7pk5sqg4y

The ultimate control flow transfer in a Java based smart card

Guillaume Bouffard, Jean-Louis Lanet
2015 Computers & security  
Evaluated on different Java Cards, this new attack is a generic CFT exploitation that succeeds on each attacked cards.  ...  We present a generic approach based on a Control Flow Transfer (CFT) attack to modify the Java Card program counter. This attack is built on a type confusion using the couple of instructions jsr/ret.  ...  Well-typed application based attacks use fault injection which modifies dynamically the behavior of the application, they are often called combined attack.  ... 
doi:10.1016/j.cose.2015.01.004 fatcat:xwmdnq45enbb3m26ybwsoczhly

Evaluation of Detection System of Fault Attacks based on Neural Network into a Java Virtual Machine

Ilhame El farissi, Mostafa AZIZI, Jean-Louis Lanet, Mimoun Moussaoui
2011 INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY  
The Java Card technology provides a secure environment for developing smart card application based on Java while also respecting some constraints such as the limited memory and processing card.  ...  In addition to the security and cryptography APIs offered by the Java Card technology, the smart card is protected against some threats.  ...  A u g 10, 2 0 1 3 CONCLUSION In this paper, we propose a new detection approach of fault attacks.  ... 
doi:10.24297/ijct.v10i3.3278 fatcat:oktjrk5vmjb77cxm42nwn622xy

Developing a Trojan applets in a smart card

Julien Iguchi-Cartigny, Jean-Louis Lanet
2009 Journal in Computer Virology  
This paper presents a method to inject a mutable Java Card applet into a smart card. This code can on demand parse the memory in order to search for a given pattern and eliminate it.  ...  One of these key features is to bypass security checks or retrieve secret data from other applets.  ...  In order to relax the hypothesis on the presence of such a bytecode verifier, we are investigating for another solution based on a hardware fault injection to introduce type confusion in the code stored  ... 
doi:10.1007/s11416-009-0135-3 fatcat:adnwibbhrzagtpkhxgkayqcdlq

A Systematic Review of Fault Injection Attacks on IoT Systems

Aakash Gangolli, Qusay H. Mahmoud, Akramul Azim
2022 Electronics  
Hybrid attack detection methods at the software level are proposed to enhance the security of IoT systems against fault injection attacks.  ...  This paper provides a systematic review of the various techniques proposed in the literature to counter fault injection attacks at both the system level and the software level to identify their limitations  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/electronics11132023 fatcat:ic5ytu5nlnfpnhlualafdbcztu

Smart security management in secure devices

Bruno Robisson, Michel Agoyan, Patrick Soquet, Sébastien Le-Henaff, Franck Wajsbürt, Pirouz Bazargan-Sabet, Guillaume Phan
2016 Journal of Cryptographic Engineering  
A proof of concept has been proposed for the smart card part of a conditional access for Pay-TV, but it could easily be fine-tuned for other applications.  ...  In order to overcome this limitation, we propose a complementary approach: smart dynamic management of the whole set of countermeasures embedded in the component.  ...  To draw an analogy, these mechanisms provide a new "degree of freedom" which make it possible to reach new sets of performances.  ... 
doi:10.1007/s13389-016-0143-4 fatcat:d6pzo4e2gndxnky56zy5u6ptuu

Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices

Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, Stefan Mangard
2018 IEEE Communications Surveys and Tutorials  
card era in the 1990s.  ...  Given the vast amount of sensitive information that are stored on smartphones, the ramifications of side-channel attacks affect both the security and privacy of users and their devices.  ...  In this role he was responsible for defining the security concepts for all the smart card platforms of Infineon, one of the largest manufacturers of smart card ICs worldwide.  ... 
doi:10.1109/comst.2017.2779824 fatcat:4r5ceyc7pbdfxdmngtdncv4n5m

Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Analysis [article]

Carlton Shepherd, Konstantinos Markantonakis, Nico van Heijningen, Driss Aboulkassimi, Clément Gaine, Thibaut Heckmann, David Naccache
2021 arXiv   pre-print
In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021.  ...  In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices.  ...  The authors would like to thank the EXFILES WP5 project partners for comments and discussions around the topic of this work.  ... 
arXiv:2105.04454v5 fatcat:27ldfag7ejgvxh7cbs2qnevb24

A taxonomy and survey of attacks on digital signatures

Jorge L. Hernandez-Ardieta, Ana I. Gonzalez-Tablas, Jose M. de Fuentes, Benjamin Ramos
2013 Computers & security  
The taxonomy will enable a rigorous and systematic analysis of the causes that may subvert the signature reliability, allowing the identification of countermeasures of general applicability.  ...  The inevitability of vulnerabilities in technology and the non-negligible probability of an occurrence of security threats would make non-repudiation of evidence difficult to achieve.  ...  D2-CAT5.2.6: Fault Injection.  ... 
doi:10.1016/j.cose.2012.11.009 fatcat:2vzmgcwwzfbr3hhpnt37cbusou

Authentication schemes for Smart Mobile Devices: Threat Models, Countermeasures, and Open Research Issues [article]

Mohamed Amine Ferrag, Leandros Maglaras, Abdelouahid Derhab, Helge Janicke
2019 arXiv   pre-print
We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics.  ...  We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices.  ...  [69] introduced the concept of multimodal biometricbased authentication, which uses a dynamic programming-based HMM scheduling algorithm to derive the optimal scheme.  ... 
arXiv:1803.10281v2 fatcat:yjkohnh3qje3zk2yzp5xoakzfi

CloudStrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

Kennedy A. Torkura, Muhammad I.H. Sukmana, Feng Cheng, Christoph Meinel
2020 IEEE Access  
RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base.  ...  Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the effectiveness of the security information provided  ...  We tackle the above-mentioned security challenges with a novel concept -Risk Driven Fault Injection (RDFI), a unique application of chaos engineering [16] , [17] to cyber-security.  ... 
doi:10.1109/access.2020.3007338 fatcat:xingcdy3wbh2lnc7fh4hjgdsra
« Previous Showing results 1 — 15 out of 243 results