Filters








1,762 Hits in 7.6 sec

Software Countermeasures for Control Flow Integrity of Smart Card C Codes [chapter]

Jean-François Lalande, Karine Heydemann, Pascal Berthomé
2014 Lecture Notes in Computer Science  
card and control flow integrity.  ...  The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond.  ...  For javacard enabled smart card, software components of the virtual machine can perform security checks.  ... 
doi:10.1007/978-3-319-11212-1_12 fatcat:nlondd6pyjalnbr4dukk3q2y7a

Formally verified software countermeasures for control-flow integrity of smart card C code

Karine Heydemann, Jean-François Lalande, Pascal Berthomé
2019 Computers & security  
The proposed software countermeasures protect the integrity of individual statements at the granularity of single C statements. They support many control-flow constructs of the C language.  ...  Identifying harmful control-flow attacks and designing countermeasures at the software level are tedious and tricky for developers.  ...  Although this benchmark represents a small but a critical part of a smart cards functionalities, these results show that our approach can efficiently secure a smart card C code against control-flow disruption  ... 
doi:10.1016/j.cose.2019.05.004 fatcat:s4bn4isplrg35gnkfasaskm6xq

The ultimate control flow transfer in a Java based smart card

Guillaume Bouffard, Jean-Louis Lanet
2015 Computers & security  
We present several countermeasures proposed by the literature or implemented by smart card designers and for all of them we explain how to bypass them.  ...  We present a generic approach based on a Control Flow Transfer (CFT) attack to modify the Java Card program counter. This attack is built on a type confusion using the couple of instructions jsr/ret.  ...  Secondly, for each entry points (and only for these) it controls the semantics and the type correctness of the code.  ... 
doi:10.1016/j.cose.2015.01.004 fatcat:xwmdnq45enbb3m26ybwsoczhly

Countermeasures Mitigation for Designing Rich Shell Code in Java Card [chapter]

Noreddine El Janati El Idrissi, Said El Hajji, Jean-Louis Lanet
2015 Lecture Notes in Computer Science  
Countermeasures have been introduced on recent smart card to avoid executing rich shell code and in particular dynamic bound checking of the code segment.  ...  Recently, logical attacks have been published that target Java based smart card. They use dynamically a type confusion which is possible if type verification is not performed.  ...  We develop now a program to automatically extract the controller and the shell code for any program.  ... 
doi:10.1007/978-3-319-18681-8_12 fatcat:2jpl6khhxjca7c6aa3k3cxos5m

Vulnerability Analysis on Smart Cards Using Fault Tree [chapter]

Guillaume Bouffard, Bhagyalekshmy N. Thampi, Jean-Louis Lanet
2013 Lecture Notes in Computer Science  
We apply this method to Java Card vulnerability analysis. We define the properties that must be ensured: integrity and confidentiality of smart card data and code.  ...  In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use a Fault Tree Analysis.  ...  Code Integrity The first property to be analyzed in a smart card for understanding or implementing security features is the code integrity.  ... 
doi:10.1007/978-3-642-40793-2_8 fatcat:72qzommupbaanmliw7pk5sqg4y

Evaluation of the Ability to Transform SIM Applications into Hostile Applications [chapter]

Guillaume Bouffard, Jean-Louis Lanet, Jean-Baptiste Machemie, Jean-Yves Poichotte, Jean-Philippe Wary
2011 Lecture Notes in Computer Science  
This paper is about the control flow integrity.  ...  In both cases we succeed in executing arbitrary byte code. The control flow integrity has been already studied for fault tolerance [17, 15, 18] .  ...  A Full Java Code of the Debit method  ... 
doi:10.1007/978-3-642-27257-8_1 fatcat:75l7wdoxofbidflslwq72j3q44

Security automaton to mitigate laser-based fault attacks on smart cards

Guillaume Bouffard, Bhagyalekshmy N. Thampi, Jean Louis Lanet
2014 International Journal of Trust Management in Computing and Communications  
In this work we propose an automatic method to obtain control flow redundancy using a security automaton to mitigate laser based fault attacks and hence implement a smart card countermeasure based on the  ...  Security and attacks are two sides of the same coin in the smart card industry.  ...  The set S is made of elements of a language which expresses the control flow integrity policy, i.e. all the binary instructions controlling the program flow : ifeq, ifne, goto, invoke, return, … plus the  ... 
doi:10.1504/ijtmcc.2014.064158 fatcat:dmrcbn2m55aidcgberiiay2q5y

Evaluation of Detection System of Fault Attacks based on Neural Network into a Java Virtual Machine

Ilhame El farissi, Mostafa AZIZI, Jean-Louis Lanet, Mimoun Moussaoui
2011 INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY  
The Java Card technology provides a secure environment for developing smart card application based on Java while also respecting some constraints such as the limited memory and processing card.  ...  This component is a Neural Network that we developed in C language and integrated in open source Virtual Machine (Avian) in order to simulate the attack effect and the network behavior.  ...  For that, it is necessary to adapt the program developed in C according to the constraints of the Java Card.  ... 
doi:10.24297/ijct.v10i3.3278 fatcat:oktjrk5vmjb77cxm42nwn622xy

A Defensive Virtual Machine Layer to Counteract Fault Attacks on Java Cards [chapter]

Michael Lackner, Reinhard Berlach, Wolfgang Raschke, Reinhold Weiss, Christian Steger
2013 Lecture Notes in Computer Science  
Adversaries perform fault attacks on these cards to change the control and data flow of the Java Card Virtual Machine.  ...  The objective of Java Cards is to protect security-critical code and data against a hostile environment.  ...  The authors would like to thank the Austrian Federal Ministry for Transport, Innovation, and Technology, which funded the CoCoon project under the FIT-IT contract FFG 830601.  ... 
doi:10.1007/978-3-642-38530-8_6 fatcat:obn3jduwdffiplfgkutz64hu6m

Heap $$\ldots $$ Hop! Heap Is Also Vulnerable [chapter]

Guillaume Bouffard, Michael Lackner, Jean-Louis Lanet, Johannes Loinig
2015 Lecture Notes in Computer Science  
To mitigate such attacks, typed stack have been introduced on recent smart card. We propose here a new attack path for performing a type confusion even in presence of a typed stack.  ...  Several logical attacks against Java based smart card have been published recently.  ...  In a malicious CAP file, the parameter of an invokestatic instruction may redirect the Control Flow Graph (CFG) of another installed applet in the targeted smart card.  ... 
doi:10.1007/978-3-319-16763-3_2 fatcat:6ae25rtmnvejnkcssnszbsb4oa

Power consumption profile analysis for security attack simulation in smart cards at high abstraction level

K. Rothbart, U. Neffe, Ch. Steger, R. Weiss, E. Rieger, A. Muehlberger
2005 Proceedings of the 5th ACM international conference on Embedded software - EMSOFT '05  
This paper presents a hierarchical security attack simulation flow for smart card designs where security attacks can be simulated in the processor specific model at transaction layer 1 in SystemC.  ...  Moreover, points to insert software countermeasures can easily be identified.  ...  SMART CARD DESIGN FLOW As outlined before the importance of simulation for security is obvious.  ... 
doi:10.1145/1086228.1086268 dblp:conf/emsoft/RothbartNSWRM05 fatcat:llvehbvbrzc63ejv2zjjkkwrxa

Secure and Trusted Application Execution on Embedded Devices [chapter]

Konstantinos Markantonakis, Raja Naeem Akram, Mehari G. Msgna
2015 Lecture Notes in Computer Science  
These include smart cards, sensors in vehicles and industrial automation systems. Satisfying the requirements for trusted, reliable and secure embedded devices is more vital than ever before.  ...  We also present a holistic approach to the security and trust of embedded devices, from the hardware design, reliability and trust of the runtime environment to the integrity and trustworthiness of the  ...  Finally, the software integrity verifier uses the output of the EP-C and VP-C to verify the software using RSA signature screening algorithm.  ... 
doi:10.1007/978-3-319-27179-8_1 fatcat:qann2ltknrdgrpt4y665s5gk5u

Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections

Marie-Laure Potet, Laurent Mounier, Maxime Puys, Louis Dureuil
2014 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation  
We propose a global approach, called Lazart, to evaluate code robustness against fault injections targeting control flow modifications. The originality of Lazart is twofolds.  ...  1 In the domain of smart cards, secured devices must be protected against high level attack potential [1] .  ...  In complement with classical hardware countermeasures, codes are hardened by software countermeasures (managing integrity counter, redundant conditions, etc.).  ... 
doi:10.1109/icst.2014.34 dblp:conf/icst/PotetMPD14 fatcat:gbzjezyqafbhpnbpqqjvk5o3u4

On the security issues of NFC enabled mobile phones

Lishoy Francis, Gerhard Hancke, Keith Mayes, Konstantinos Markantonakis
2010 International Journal of Internet Technology and Secured Transactions  
His research interests include security of smart card and mobile platforms; security of contactless and proximity technologies; security attacks and countermeasures; security of multi-access system environments  ...  Finally, we propose several security countermeasures for NFC phones that could prevent such misuse. .  ...  The authors would like to thank Crisp Telecom Limited, UK, for providing equipment support. The authors also thank the editor of this journal.  ... 
doi:10.1504/ijitst.2010.037408 fatcat:gfhtqg3ulba4pdzbbrogms3u4i

A Survey on Fault Attacks [chapter]

Christophe Giraud, Hugues Thiebeauld
2004 IFIP International Federation for Information Processing  
Finally we discuss how to find appropriate software countermeasures.  ...  After studying several ways of inducing faults' we describe attacks on the most popular cryptosystems and we discuss the problem of induced perturbations in the smart card environment.  ...  For example‚ with current smart cards‚ it is very difficult to change the value of a memory cell or to perturb the execution of the code.  ... 
doi:10.1007/1-4020-8147-2_11 fatcat:eq3b2r76wjdc7exm4ikxftbgea
« Previous Showing results 1 — 15 out of 1,762 results