Detecting Attacks on Java Cards by Fingerprinting Applets

Author

Morana, Giovanni ; Tramontana, Emiliano ; Zito, Domenico

Author_Institution

Dipt. di Mat. e Inf., Univ. of Catania, Catania, Italy

fYear

2013

fDate

17-20 June 2013

Firstpage

359

Lastpage

364

Abstract

Differently from classical JVMs, generally JavaCard Virtual Machines (JCVMs) rely only on limited amount of resources typical of smart cards. Recently, several mixes of logical and physical manoeuvres have been devised to exploit typical JCVM weaknesses and to have mutant applets by means e.g. of faults injection. Such combined attacks manage to bypass the existing countermeasures of several versions of JCVMs. This paper proposes an approach for detecting mutant applets, as soon as they appear at runtime, hence revealing and thwarting an ongoing attack. The approach is completely transparent to the applet´s developer, and only a limited (a priori computable) amount of resources are used at runtime, hence it is affordable on board of smart cards. Our experiments have shown that the proposed solution has only a very limited impact on the performances of the target platform.

Keywords

Java; operating systems (computers); security of data; virtual machines; JCVMs; JavaCard virtual machines; applet developer; attack detection; faults injection; fingerprinting Applets; mutant applets; smart cards; Arrays; Fingerprint recognition; Java; Monitoring; Runtime; Security; Smart cards; Java card; combined attacks; runtime verification;

fLanguage

English

Publisher

ieee

Conference_Titel

Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), 2013 IEEE 22nd International Workshop on

Conference_Location

Hammamet

ISSN

1524-4547

Print_ISBN

978-1-4799-0405-1

Type

conf

DOI

10.1109/WETICE.2013.39

Filename

6570643