smart card to mitigate logical attacks
play

Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, - PowerPoint PPT Presentation

Aug 31, 2023 •278 likes •466 views

A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N Thampi , and Jean-Louis Lanet Smart Secure Devices (SSD) Team, XLIM/ Universit de Limoges, France

  1. A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N Thampi , and Jean-Louis Lanet Smart Secure Devices (SSD) Team, XLIM/ Université de Limoges, France bhagyalekshmy.narayanan-thampi@xlim.fr SNDS - 2012 11-12 October 2012

  2. Outline • Introduction • Java Card Security • Byte code verifier, CAP File, API, Linker, Firewall • Types of attacks on Java Cards • Objective • Developing a new attack • Existing countermeasure • Newly proposed countermeasure & its implementation • Conclusion A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 2

  3. Introduction • Smart Card/ Java Card – Most of the Smart Cards are Java Card – Secure, efficient, cost effective embedded device – Limited memory size (RAM, ROM, EEPROM) – Prone to attacks – Hardware & software security – Multi-application environment A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 3

  4. Java Card Security Off-Card Security Model Byte Code Java Class Byte Code Byte Code Java Card Verifier files Converter Signer file/ CAP (BCV) On-Card Security Model Java Card Installed BCV Linker Firewall file/ CAP applet A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 4

  5. Java Card Security: CAP File • CAP: Converted Applet • Binary representation of a package of classes • Consists of 12 components • Some of the main components – Class – Method – Constant Pool – Reference Location etc. A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 5

  6. Types of attacks on Smart Card • Logical – software/ sensitive informations – two categories of logical attacks • well formed CAP File: shareable interface mechanism, transaction mechanism • ill formed CAP File: CAP File manipulation • Side Channel – cryptographic secrets obtained through electromagnetic leaks, timing information, power consumption, heat radiation, etc. A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 6

  7. Types of attacks on Smart Card (Contd.) • Physical – fault attacks (optical, electromagnetic) – input current modifications • Combined – logical and physical • fault injection (bypass on-card BCV) A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 7

  8. Objective: introducing a new logical attack • Abused the Java Card linker to change the correct bytecode into malicious one • Set of instructions modified • Each instruction is referenced by an offset in the method component • Linking step is done during the loading of a CAP file • Linker interprets the instructions as tokens and resolve it • CAP File Manipulator: developed by our team – Allows to read and modify Cap Files or any component of a CAP File – Respect the interdependencies between the components A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 8

  9. Objective: introducing a new logical attack (Contd.) Linking step Token (1) (2) ReferenceLocationComponent MethodComponent { { [ … ] [ … ] @ 1F invokestatic 0002 offsets_to_byte2_indices = { [ … ] [ … ] } @0020 [ … ] Method referenced by token } } (3) Offset value ConstantPoolComponent { of token [ … ] 0002 CONSTANT_StaticMethodRef: If linking finished packageToken 80, classToken 20, Token 8 0002 will change to } 4E56 A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 9

  10. Developing a new attack Method Component Linking needs Offset Bytecode Mnemonic two bytes 0020 [0x00] nop 0021 [0x02] sconst_m1 0022 [0x02] sconst_m1 0023 [0x3C] pop2 0024 [0x04] sconst_m1 0025 [0x3B] pop Constant Pool Component /* 0008, 2 */CONSTANT_StaticMethodRef: external: 0x80, 0x8, 0xD Reference Location Component Offset value: 0020 A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 10

  11. Developing a new attack (Contd.) Set of instructions after linking resolution Offset Bytecode Mnemonic 0020 [0x8E] Invokeinterface 0021 [0x03] // nargs 0022 [0x02] // indexByte1 0023 [0x3C] // indexByte2 0024 [0x04] // method 0025 [0x3B] pop Token method 0x0002 is linked by the value 0x8E03 A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 11

  12. Existing countermeasure ins hidden =ins ⊕ K bytecode (1) where K bytecode is the key, ins is the instruction • Impossible to execute the malicious code without the knowledge of K bytecode • To find xor key: change the Control Flow Graph (CFG) • Through brute force attack: easily obtain xor key with 256 possible values A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 12

  13. Newly proposed countermeasure ins hidden = ins ⊕ K bytecode (1) ins hidden = ins ⊕ K bytecode ⊕ jpc (2) Scrambling Bytecode with equation 1 equation 2 Address Bytecode Mnemonic Address Bytecode Mnemonic 0x8068 0x42 nop 0x8068 0x2a nop 0x8069 0x40 sconst_m1 0x8069 0x29 sconst_m1 0x806A 0x40 sconst_m1 0x806A 0x2a sconst_m1 0x806B 0x7E pop2 0x806B 0x15 pop2 0x806C 0x46 sconst_1 0x806C 0x2d sconst_1 0x806D 0x79 pop 0x806D 0x12 pop A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 13

  14. Countermeasure implementation (Contd.) Unscrambling shell cod e Offset Bytecode Mnemonic 0xAB80 0x7D getstatic 8000 0xAB83 0x78 sreturn After unmasking each instruction Offset Bytecode Mnemonic 0xAB80 0xBF //undefined 0xAB81 0x43 ssub 0xAB82 0xC0 // undefined 0xAB83 0xB9 // undefined A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 14

  15. Conclusion • Based on the vulnerability of the linker, a powerful logical attack demonstrated – Correct bytecode to into malicious one • Protect Java Card from logical attacks – Impossible to execute malicious bytecode without the knowledge of jpc stored in the EEPROM • Cost effective countermeasure, suitable for security interoperability A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 15

  16. Future Work • To do reverse engineering using electromagnetic side channel attacks A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 16

  17. Bhagyalekshmy N THAMPI, Research Engineer bhagyalekshmy.narayanan-thampi@xlim.fr Smart Secure Devices (SSD) Team XLIM/ Université de Limoges, 123 Avenue Albert Thomas, 87060 Limoges, France http://secinfo.msi.unilim.fr/ A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks 17

Recommend

Smart Card Attacks: Enter the Matrix Tiana Razafindralambo Guillaume Bouffard Julien

Smart Card Attacks: Enter the Matrix Tiana Razafindralambo Guillaume Bouffard Julien

Introduction Logical attacks Combined attacks Conclusion Smart Card Attacks: Enter the Matrix Tiana Razafindralambo Guillaume Bouffard Julien Iguchi-Cartigny Jean-Louis Lanet Smart Secure Devices (SSD) Team Xlim Labs Universit e

902 views • 53 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva expiration: 09/10 Karen Lu Ksheerabdhi Krishna Challenges Installing crypto providers Breaks mobility Breaks ubiquity of web

425 views • 8 slides
A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation

A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation

[ICCSA 2004] 2004] [ICCSA A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation Criteria for Side Channel Attacks Side Channel Attacks Presented at the workshop ICCSA ICCSA 200 2004 4, ,

404 views • 26 slides
Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface capabilities CPU : 16b/32b RISC @ handful of MhZ Math co-processor: RSA/DES/AES/ECC RAM : X KB HDD : XX..XXX KB (EEPROM) NET :

568 views • 36 slides
Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks

Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks

Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks Konstantinos Markantonakis, Michael Tunstall, Keith Mayes Dr Konstantinos Markantonakis (BSc, MSc, MBA, PhD) K.Markantonakis@rhul.ac.uk

509 views • 15 slides
Combined Software and Hardware Attacks on the Java Card Control Flow Guillaume Bouffard Julien

Combined Software and Hardware Attacks on the Java Card Control Flow Guillaume Bouffard Julien

Introduction EMAN 2 EMAN 4 Conclusion Combined Software and Hardware Attacks on the Java Card Control Flow Guillaume Bouffard Julien Iguchi-Cartigny Jean-Louis Lanet Smart Secure Devices (SSD) Team Xlim Universit e de Limoges

476 views • 45 slides
Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in

Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in

Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in Government 2004 March 10, 2004 What is the Electronic Treasury Enterprise Card (E-TREC)? E-TREC is the result of the Treasury Departments

507 views • 9 slides
Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs

Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs

Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs Smart card A piece of plastic with a chip that contains: CPU, memories and programs SC is your personal information system, your

598 views • 21 slides
National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO) www.sabteahval.ir/houshmand/ National Organization for Civil Tell: 60902701-2 Fax: 66736526 Registration(NOCR) Agenda 1. Traditional ID

370 views • 23 slides
Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com http://christian.amsuess.com/ 2010-05-06 Overview objective understand smart card communication based on sniffable communication hardware standard card

468 views • 20 slides
The Active Card An Active Mind in an Active Body More people, More Active, More often! The

The Active Card An Active Mind in an Active Body More people, More Active, More often! The

The Active Card An Active Mind in an Active Body More people, More Active, More often! The Active vision Active The Olympic Legacy 100,000 card holders by 2012 SMART card technology Improved communications for

421 views • 21 slides
7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com

7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com

7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com whoami Positive Technologies (from 2009) Application security researcher (from 2009) Banking systems

647 views • 45 slides
A Not So Smart Card Any sufficiently unadvanced technology requires a lot of magic ...

A Not So Smart Card Any sufficiently unadvanced technology requires a lot of magic ...

A Not So Smart Card Any sufficiently unadvanced technology requires a lot of magic ... Bernd R. Fix <Bernd.Fix@aspector.com> What we are talking about... ~ 2'500'000 users yearly figures: ~ 700'000'000 transactions ~

785 views • 8 slides
GSA Smart Card Handbook GSA Smart Card Handbook Industry Review and Comment Process Industry

GSA Smart Card Handbook GSA Smart Card Handbook Industry Review and Comment Process Industry

GSA Smart Card Handbook GSA Smart Card Handbook Industry Review and Comment Process Industry Review and Comment Process Industry Review and Comment Process Cathy Medich Cathy Medich Cathy Medich Government Handbook Committee Chair

605 views • 7 slides
T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a

T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a

T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a Smart Card? A smart card is a device that includes an embedded integrated circuit that can be either a secure microcontroller or equivalent

494 views • 12 slides
Pune Towards Smart City CONTENT Challenge - 1 Score Card & Precondition Documents

Pune Towards Smart City CONTENT Challenge - 1 Score Card & Precondition Documents

Pune Towards Smart City CONTENT Challenge - 1 Score Card & Precondition Documents PMCs Budget Fiscal Capacity Technical & Administrative Capacity Pune Citys Vision (version 1.0) Citizen Participation Framework

1.23k views • 47 slides
for Online Gaming How it Works Q4 2012 v4 Step 1 Enrollment & Smart Player Card Issuance B

for Online Gaming How it Works Q4 2012 v4 Step 1 Enrollment & Smart Player Card Issuance B

Multi-factor Age Verification for Online Gaming How it Works Q4 2012 v4 Step 1 Enrollment & Smart Player Card Issuance B C Injected Digital Certificate from ICMS A. The player presents their driver license for scanning and for age

684 views • 9 slides
Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA

Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA

Exploiting type systems and static analyses for smart card security Xavier Leroy INRIA Rocquencourt & Trusted Logic 1 Outline 1. What makes strongly typed programs more secure? 2. Enforcing strong typing (bytecode verification). 3.

828 views • 45 slides
Impact of Integrity Attacks on Real-time Pricing in Smart Grids Rui Tan, Varun Badrinath Krishna,

Impact of Integrity Attacks on Real-time Pricing in Smart Grids Rui Tan, Varun Badrinath Krishna,

Impact of Integrity Attacks on Real-time Pricing in Smart Grids Rui Tan, Varun Badrinath Krishna, David K. Y. Yau, Zbigniew Kalbarczyk Presented by: Tianyuan Liu 10/27/2016 Background Real-time Pricing (RTP) in Smart Grid Balance the

642 views • 18 slides
20 years of excellence beyond wrapping. Safe Bag products SMART TRACK PREMIUM BASIC CARD -

20 years of excellence beyond wrapping. Safe Bag products SMART TRACK PREMIUM BASIC CARD -

20 years of excellence beyond wrapping. Safe Bag products SMART TRACK PREMIUM BASIC CARD - 100% recyclable fjlm - Highly protective Safe Bag services Wrapping - Light / easy to remove - Handling system friendly - Real Time Tracking -

330 views • 16 slides
INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Vulnerability Analysis on Smart Cards using Fault Tree Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet Smart Secure Devices (SSD) Team

705 views • 39 slides
Purchasing Card Program Training for Cardholders Introduction to the P-Card Program What is a

Purchasing Card Program Training for Cardholders Introduction to the P-Card Program What is a

Purchasing Card Program Training for Cardholders Introduction to the P-Card Program What is a P-Card? VISA credit card issued by Bank of America Used to make purchase of goods and some services of $2,500 or less P-Card Controls

480 views • 34 slides
A Smart Port Card Update John DeHart Washington University jdd@arl.wustl.edu

A Smart Port Card Update John DeHart Washington University jdd@arl.wustl.edu

A Smart Port Card Update John DeHart Washington University jdd@arl.wustl.edu http://www.arl.wustl.edu/~jdd Washington Kits Workshop 1 July 10/11 2000 WASHINGTON UNIVERSITY IN ST LOUIS Motivation Active Networking Network Probe

250 views • 8 slides

More recommend