Huafeng CHEN,Haibin SHEN,Xiaolang YAN

2008-01-01

Abstract:The design-for-testability structure based on scan-chain often compromises the security of crypto chips.A method to attack certain hardware implementation of elliptic curve cryptography was presented.And an easy but effective secure scan method against the attack was proposed,which would not compromise the security of the chip,while maintaining high fault coverage.By controlling operational mode of the chip,the disability mechanism of scan enable signal was applied.The scan function was disabled when there existed security information in the chip.It solved the problem of secure information disclosure caused by scan chain design.

Jun Guo,Liji Wu,Xiangmin Zhang,Xiangyu Li

DOI: https://doi.org/10.1109/cis.2012.150

2012-01-01

Abstract:Fault attack is a kind of attack that the attacker injects faults into the hardware and the secret key is likely to be revealed. The paper will describe a fault attack platform for smart card. This platform includes PC terminal serial console software, smart card interface circuits, and smart card reader fault attack circuits. Then the fault platform could communicate with the contact smart card or the smart card reader by complying with the protocol of ISO/IEC 7816. Using this fault platform, we can inject any glitches on power and clock when the smart card is running the encryption command. And then the fault attack platform can send wrong ciphertext to the PC terminal console software through by serial port. We can analyze the fault data by MATLAB or software programming to crack the key of the smart card. So, the security of smart card could be verified. The glitch of voltage range could be from 0v to 5v. And the scope of clock frequency can be from 1HZ to 50 MHZ.

Jiang-pei Xu,Li-ji Wu,Xiang-jun Yang,Yu-zhong Wang,Xiang-min Zhang

DOI: https://doi.org/10.1109/WOCC.2013.6676466

2013-01-01

Abstract:Generally, Java Card mainly consists of the following parts: COS (Chip Operating System), JCVM (Java Card Virtual Machine), and API (Application Programming Interface). As a multi-application system, Java Card itself is very complicated, so it may inevitably exist some security vulnerabilities inside. Based on these parts of Java Card, we can find out some detectable points to its security vulnerabilities. This paper presents a method containing a specific case to test Java Card on array access, aiming to detect the possible security vulnerabilities of JCVM. In this paper, three different kinds of Java Cards have been tested and the test result has been described. From the test result, we successfully find out a security vulnerability of JCVM.

Ming-Yang Chih,Jie-Ren Shih,Bo-Yin Yang,Jin-Tai Ding,Chen-Mou Cheng

2010-01-01

Abstract:MIFARE Classic is a proprietary contactless smart card technology widely used in public transportation ticketing systems of cities across the world. MIFARE Classic's cryptographic protection to the stored data has been reverse-engineered and broken in a recent series of papers. In this paper, we report our experience attacking a real MIFARE Classic system. Specifically, we have implemented a brute-force search using NVIDIA graphics cards to verify the claims in the literature. Moreover, we have achieved a tremendous improvement over an existing sniffer-based attack that takes advantage of other design and implementation flaws of CRYPTO-1, MIFARE Classic's proprietary cipher. To our best knowledge, this is the first report in the literature of a practical long-range attack. These attacks disarm all cryptographic protection of MIFARE Classic, making it extremely difficult to secure transactions. Lastly, we take up the challenge and present our ideas how to defend against most attacks using practical mechanisms that do not require any hardware changes. Our proposed mechanisms can be easily implemented on a variety of MIFARE Classic readers on the market and only require commodity PCs be used in the backend system with intermittent network connectivity.

Di Wu.,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ASICON.2009.5351533

2009-01-01

Abstract:To meet the urgent need of transferring magnetic stripe bankcard to IC bankcard, a 16-bit low power JAVA CARD coprocessor for EMV compatible IC bankcard is designed and implemented by FPGA. In order to speed up the running of the JAVA CARD applets, a novel 5-stage pipelined JAVA CARD coprocessor is achieved with pure logic circuits, which carries out the execution of 88 instructions out of 134 defined in the JAVA CARD Virtual Machine Specification 3.0 Classic Edition, while the remaining instructions are processed by the main 32-bit RISC processor. A pre-fetch instruction buffer and stack-top-register are used to ensure the fluency of the pipeline for accelerating the coprocessor. The design is verified to be :feasible for the need of IC bankcard by FPGA and proved significantly faster than the regular software virtual machine, while remaining in a low power consumption level(1).

Liu Songyan,Mao Zhigang,Ye Yizheng

DOI: https://doi.org/10.1007/bf02948841

2000-01-01

Abstract:Java card is a new system for programming smart cards, which is based on the Java language and Virtual Machine. Java card programs (applets)run in Java Card Runtime Environment (JCRE) including the Java Card Virtual Machine (JCVM), the framework, the associated native methods and the API (Application Programming Interface). JCVM is implemented as two separate pieces:off-card VM (Virtual Machine) and on-card VM. The stack model and heap memory structure used by on-card VM and exception handling are introduced. Because there are limited resources within smart card environment, and garbage collection is not supported in JCVM, the preferred way to exception handling does not directly involve the use of throw, although the throw keyword is supported. Security is the most important feature of smart card. The Java card applet security feature is also discussed.

Guillaume Bouffard,Vincent Giraud,Léo Gaspard

DOI: https://doi.org/10.48550/arXiv.2110.10037

2021-10-19

Cryptography and Security

Abstract:The Java Card Virtual Machine (JCVM) platform is widely deployed on security-oriented components. JCVM implementations are mainly evaluated under security schemes. However, existing implementation are close-source without detail. We believe studying how to design JCVM will improve them and it can be reused by the community to improve Java Card security. In 2018, Bouffard et al. [6] introduced an Operating System (OS) which aims at running JCVM compatible implementation. This OS is compatible with several Commercially available Off-The-Shelf (COTS) components. This is a first step to design a secure JCVM platform. However, some important details are missing to design a secure-oriented Java Card platform. In this article, we focus on the JCVM memory. This memory contains everything required to run JCVM and applets. Currently, JCVM memory is out of the Java Card specification and each JCVM developer use his own approach. Based on the existing tools and documentation, we explain how to extract from the Java Card toolchain every data required by applets and JCVM. When data to store in memory are identified, this article introduces how to organize required data onto JCVM memory.

Gildas Avoine,Loïc Ferreira

DOI: https://doi.org/10.1007/s00145-024-09528-z

2024-12-08

Journal of Cryptology

Abstract:We describe in this paper how to perform a padding oracle attack against the GlobalPlatform SCP02 protocol. SCP02 is implemented in smart cards and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards). The attack allows an attacker to efficiently retrieve plaintext bytes from an encrypted data field. We provide results of our experiments done with 16 smart cards from 7 different card manufacturers, on different devices (laptops, smartphones). We show that, in our experimental setting, the attack is fully practical in most cases, with a high success rate, and an almost optimal complexity. To the best of our knowledge, this is the first successful attack against SCP02. The protocol was deprecated in 2018, after preliminary results were communicated to GlobalPlatform by the authors. This paper is an augmented version of a previous conference paper by the authors. Compared to the latter, the main addition is to show with practical experiments that a real-world attack scenario targeting a SIM card plugged into a smartphone is indeed achievable. Given that billion SIM cards are produced every year and owing to the their long lifespan, the number of affected items, although difficult to estimate, is potentially high.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Martin Radev,Mathias Morbitzer

DOI: https://doi.org/10.48550/arXiv.2010.07094

2020-10-14

Abstract:Cloud computing is a convenient model for processing data remotely. However, users must trust their cloud provider with the confidentiality and integrity of the stored and processed data. To increase the protection of virtual machines, AMD introduced SEV, a hardware feature which aims to protect code and data in a virtual machine. This allows to store and process sensitive data in cloud environments without the need to trust the cloud provider or the underlying software. However, the virtual machine still depends on the hypervisor for performing certain activities, such as the emulation of special CPU instructions, or the emulation of devices. Yet, most code that runs in virtual machines was not written with an attacker model which considers the hypervisor as malicious. In this work, we introduce a new class of attacks in which a malicious hypervisor manipulates external interfaces of an SEV or SEV-ES virtual machine to make it act against its own interests. We start by showing how we can make use of virtual devices to extract encryption keys and secret data of a virtual machine. We then show how we can reduce the entropy of probabilistic kernel defenses in the virtual machine by carefully manipulating the results of the CPUID and RDTSC instructions. We continue by showing an approach for secret data exfiltration and code injection based on the forgery of MMIO regions over the VM's address space. Finally, we show another attack which forces decryption of the VM's stack and uses Return Oriented Programming to execute arbitrary code inside the VM. While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES, which aims to protect a virtual machine from a benign but vulnerable hypervisor.

Cryptography and Security

Eric Filiol

DOI: https://doi.org/10.48550/arXiv.1009.4000

2010-09-21

Abstract:Fighting against computer malware require a mandatory step of reverse engineering. As soon as the code has been disassemblied/decompiled (including a dynamic analysis step), there is a hope to understand what the malware actually does and to implement a detection mean. This also applies to protection of software whenever one wishes to analyze them. In this paper, we show how to amour code in such a way that reserse engineering techniques (static and dymanic) are absolutely impossible by combining malicious cryptography techniques developped in our laboratory and new types of programming (k-ary codes). Suitable encryption algorithms combined with new cryptanalytic approaches to ease the protection of (malicious or not) binaries, enable to provide both total code armouring and large scale polymorphic features at the same time. A simple 400 Kb of executable code enables to produce a binary code and around $2^{140}$ mutated forms natively while going far beyond the old concept of decryptor.

Cryptography and Security

ZHANG Dexue,GUO Li,FU Zhongqian,HE Li

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.10.100

2007-01-01

Abstract:Javacard is the development direction of smart card.Most of the Javacard systems use the software virtual machine to execute Javacard instruction.The system takes up a great deal of hardware resources,and it is unefficient.The resolution is to implement the hardware Javacard instruction processor.This paper describes a design of Javacard hardware processor based on microcode.

CP Yu,CS Choy,H Min,CF Chan,KP Pun

DOI: https://doi.org/10.1109/aspdac.2004.1337645

2005-01-01

Abstract:This paper presents the design of a low power 16-bit asynchronous java processor for contactless smart card. It can directly execute the java bytecodes in a subset of the instruction set defined in the Java Card Virtual Machine specification. [1] The remaining java bytecodes are handled by software routines. Also, we intend to use asynchronous circuit design technique to reduce the power consumption of the java processor core. It has been fabricated in a CMOS 0.35-um technology and the experimental result shows that it is suitable for the contactless smart card.

Michael Roland

DOI: https://doi.org/10.48550/arXiv.1601.05833

2016-01-22

Abstract:This report summarizes our findings regarding a severe weakness in implementations of the Open Mobile API deployed on several Android devices. The vulnerability allows arbitrary code coming from a specially crafted Android application package (APK) to be injected into and executed by the smartcard system service component (the middleware component of the Open Mobile API implementation). This can be exploited to gain elevated capabilities, such as privileges protected by signature- and system-level permissions assigned to this service. The affected source code seems to originate from the SEEK-for-Android open-source project and was adopted by various vendor-specific implementations of the Open Mobile API, including the one that is used on the Nexus 6 (as of Android version 5.1).

Cryptography and Security

Yonghong Bai,Liji Wu,Beibei Wang,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2014.7021163

2014-01-01

Abstract:A design of Java coprocessor used in IC bank card is presented in this paper. A 4Kb true dual port SRAM is used for stack to reduce data hazard. Two stack top registers keep same data with the top of stack, which can build a bypass that can handle the data hazard of pipeline. This Java coprocessor can execute 88 Java card instructions, with a size of 8185 gates at a clock of 125MHz.

Thilo Krachenfels,Tuba Kiyan,Shahin Tajik,Jean-Pierre Seifert

DOI: https://doi.org/10.48550/arXiv.2102.11656

2021-02-23

Cryptography and Security

Abstract:The security of modern electronic devices relies on secret keys stored on secure hardware modules as the root-of-trust (RoT). Extracting those keys would break the security of the entire system. As shown before, sophisticated side-channel analysis (SCA) attacks, using chip failure analysis (FA) techniques, can extract data from on-chip memory cells. However, since the chip's layout is unknown to the adversary in practice, secret key localization and reverse engineering are onerous tasks. Consequently, hardware vendors commonly believe that the ever-growing physical complexity of the integrated circuit (IC) designs can be a natural barrier against potential adversaries. In this work, we present a novel approach that can extract the secret key without any knowledge of the IC's layout, and independent from the employed memory technology as key storage. We automate the -- traditionally very labor-intensive -- reverse engineering and data extraction process. To that end, we demonstrate that black-box measurements captured using laser-assisted SCA techniques from a training device with known key can be used to profile the device for a later key prediction on other victim devices with unknown keys. To showcase the potential of our approach, we target keys on three different hardware platforms, which are utilized as RoT in different products.

WANG Tao,MAO Zhi-gang,YE Yi-zheng

DOI: https://doi.org/10.3321/j.issn:0372-2112.2000.11.020

2000-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:The paper proposes a hardware architecture for Java Card Virtual Machine. The Java Card Virtual Machine is the interface between Java language and smart card. It is very important for the development of IC card to exploit smart card which supports Java language. But the performance of the existing smart cards that have realized Java Card Virtual Machine is poor. In this paper a hardware architecture aiming at Java Card Virtual Machine is given which can execute directly the Java bytecodes and has adopted the mechanism of two instruction folding. This paper introduces the hardware architectures, including instruction set selection, module partition and its architecture, and the mechanism of two instruction executing concurrently is emphasized.

junwei he,liji wu,dongyi yang,ruikun bai,xiangmin zhang

2011-01-01

Abstract:The implementation of the Java Card Virtual Machine can be divided into 3 methods. First by the method of software, second by the method of hardware([1]) and third, by the method of cooperation between software and hardware. Java Card needs to run under low power consumption, specifically in the field of the contactless Java Card. In this paper, a low power Java CPU has been designed as the following: Java Card Virtual Machine have 185 instructions according to Virtual Machine Specification, Java Card Platform, version 3.0.1([2]), and translate each instruction of Java Card Virtual Machine into local instructions of the special CPU by assembly language. In order to implement a low power Java Card Virtual Machine, a special CPU has been used to reduce the power consumption instead of using a common CPU. In order to increase the speed and efficiency of translating, instruction classification and optimization of the Java Card Virtual Machine has been achieved, and a ROM Table is used to translate the Java Card instruction into local special CPU instruction. The instruction coding is presented, The novel Java CPU has been implemented by hardware and simulated.

Gauvain Tanguy Henri Gabriel Isidore Roussel-Tarbouriech,Noel Menard,Tyler True,Tini Vi,Reisyukaku

DOI: https://doi.org/10.48550/arXiv.1905.07643

2019-06-07

Abstract:We explain, step by step, how we strategically circumvented the Nintendo Switch's system security, from basic userland code execution, to undermining and exposing the secrets of the security co-processor. To this end, we've identified and utilized two distinct analysis procedures. The software-based analysis suffices for reverse-engineering the userland and operating system services, and is necessary for a general architectural understanding of the software systems in the Nintendo Switch. While this method is extremely powerful and provides significant leverage over the control of the system and its software security, a hardware-based method was devised, which employs analysis of the trusted bootstrap code in ROM. This strategy was essential for the goal of defeating the hardware root of trust. Together, these two vectors provide essential insight required to instance a chain of attacks, in order to gain ROP code execution from the context of a high-security mode of a secure co-processor of a running system, thus allowing us to demonstrate a multi-faceted approach on attacking secure, embedded devices in an unfamiliar and novel environment.

Cryptography and Security

李莹,殷中科,曹晓,邓水光

DOI: https://doi.org/10.3785/j.issn.1008-973X.2012.03.002

2012-01-01

Abstract:The security performance of the Schnorr signature protocol for JavaCard was analyzed in order to enhance security and improve the efficiency. A linear cryptanalysis scheme based on key-recovery attack against the signature protocol was presented, and the feasibility of the attacking method was proved by a case of successful attack. On this basis, a notion of security preprocessing was proposed, which is a linear detection based scheme. The linear detection random numbers and corresponding variables were stored in the special areas of JavaCard. This approach can avoid generation of random number and the complexity modular exponentiation when the digital signature is created in card. Security performance analysis result shows that the proposed scheme not only can promote the operation speed effectively with the same hardware platform and cryptography intensity, but also avoids a type of linear cryptanalysis.