Abstract
Security and interoperability issues are increasing in smart card domain and it is important to analyze these issues carefully and implement appropriate countermeasures to mitigate them. Security issues involve attacks on smart cards which can lead to their abnormal behavior. Fault attacks are the most important among them and they can affect the program execution, smart card memory, etc. Detecting these abnormalities requires some redundancies, either by another code execution or by an equivalent representation. In this paper, we propose an automatic method to provide this redundancy using a security automaton as the main detection mechanism. This can enforce some trace properties on a smart card application, by using the combination of a static analysis and a dynamic monitoring. The security officer specifies the fragments of the code that must be protected against fault attacks and a program transformer produces an equivalent program that mesh a security automaton into the code according to the security requirements.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Aktug, I.: Algorithmic Verification Techniques for Mobile Code. Ph.D. thesis, KTH, Theoretical Computer Science, TCS, qC 20100628 (2008)
Al Khary Sere, A.: Tissage de contremesures pour machines virtuelles embarquées. Ph.D. thesis, Université de Limoges (2010)
Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)
Barbu, G.: On the security of Java Card platforms against hardware attacks. Ph.D. thesis, Grant-funded PhD with Oberthur Technologies and Télécom ParisTech (2012)
Barbu, G., Andouard, P., Giraud, C.: Dynamic Fault Injection Countermeasure A New Conception of Java Card Security. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 16–30. Springer, Heidelberg (2013)
Blömer, J., Otto, M., Seifert, J.P.: A new CRT-RSA algorithm secure against bellcore attacks. In: Computer and Communications Security, pp. 311–320 (2003)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)
Dubreuil, J., Bouffard, G., Lanet, J.L., Iguchy-Cartigny, J.: Type classification against Fault Enabled Mutant in Java based Smart Card. In: ARES 2012, pp. 551–556. IEEE, Prague (2012)
Farissi, I.E., Azizi, M., Moussaoui, M., Lanet, J.L.: Neural network Vs Bayesian network to detect javacard mutants. In: Colloque International sur la Sécurité des Systèmes d’Information (CISSE), Kenitra Marocco (March 2013)
Girard, P., Villegas, K., Lanet, J.L., Plateaux, A.: A new payment protocol over the Internet. In: CRiSIS 2010, pp. 1–6 (2010)
Joye, M., Quisquater, J.J., Bao, F., Deng, R.H.: RSA-type signatures in the presence of transient faults. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 155–160. Springer, Heidelberg (1997)
McDougall, M., Alur, R., Gunter, C.A.: A model-based approach to integrating security policies for embedded devices. In: 4th ACM International Conference on Embedded Software, EMSOFT 2004, pp. 211–219. ACM, New York (2004)
Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.L.: Enforcing High-Level Security Properties for Applets. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications. IFIP, vol. 153, pp. 1–16. Springer, Heidelberg (2004)
Prevost, S., Sachdeva, K.: Application code integrity check during virtual machine runtime (August 2004)
Razafindralambo, T., Bouffard, G., Thampi, B.N., Lanet, J.-L.: A Dynamic Syntax Interpretation for Java Based Smart Card to Mitigate Logical Attacks. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 185–194. Springer, Heidelberg (2012)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Skorobogatov, S.P., Anderson, R.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 31–48. Springer, Heidelberg (2003)
Vetillard, E., Ferrari, A.: Combined Attacks and Countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)
Wagner, D.: Cryptanalysis of a provably secure CRT-RSA algorithm. In: 11th ACM Conference on Computer and Communications Security, pp. 92–97 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bouffard, G., Thampi, B.N., Lanet, JL. (2013). Detecting Laser Fault Injection for Smart Cards Using Security Automata. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-40576-1_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40575-4
Online ISBN: 978-3-642-40576-1
eBook Packages: Computer ScienceComputer Science (R0)