Abstract
Power analysis on smart cards is widely used to obtain information about implemented cryptographic algorithms. We propose similar methodology for Java Card applets reverse engineering. Because power analysis alone does not provide enough information, we refine our methodology by involving additional information sources. Issues like distinguishing between bytecodes performing similar tasks and reverse engineering of conditional branches and nested loops are also addressed. The proposed methodology is applied to a commercially available Java Card smart card and the results are reported. We conclude that our augmented power analysis can be successfully used to acquire information about the bytecodes executed on a Java Card smart card.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Sun Microsystems, Inc.: http://www.sun.com/smi/Press/sunflash/2004-11/sunflash.20041102.1.xml (2004)
Sun Microsystems, Inc.: http://www.sun.com/smi/Press/sunflash/2005-11/sunflash.20051115.2.xml (2005)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Computers 51(5), 541–552 (2002)
Witteman, M.: Advances in smartcard security. Information Security Bulletin 7, 11–22 (2002), Also available at http://www.riscure.com/articles/ISB0707MW.pdf
Vermoen, D.: Reverse engineering of java card applets using power analysis (2006), Available at http://ce.et.tudelft.nl/publicationfiles/1162_634_thesis_Dennis.pdf
Chen, Z.: Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. Addison-Wesley Longman Publishing Co., Inc, Boston (2000)
Witteman, M.: Java card security. Information Security Bulletin 8, 291–298 (2003), Also available at http://www.riscure.com/articles/ISB0808MW.pdf
Press, W.H., et al.: Numerical Recipes in C++, 2nd edn. Cambridge University Press, Cambridge (2002)
Proebsting, T.A., Watterson, S.A.: Krakatoa: Decompilation in java (does bytecode reveal source?) In: COOTS, USENIX, pp. 185–198 (1997)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Vermoen, D., Witteman, M., Gaydadjiev, G.N. (2007). Reverse Engineering Java Card Applets Using Power Analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, JJ. (eds) Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. WISTP 2007. Lecture Notes in Computer Science, vol 4462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72354-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-72354-7_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72353-0
Online ISBN: 978-3-540-72354-7
eBook Packages: Computer ScienceComputer Science (R0)