• PDF / 333,874 Bytes
• 20 Pages / 439.37 x 666.142 pts Page_size
• 13 Downloads / 259 Views

DOWNLOAD

REPORT

Abstract. Smart cards are mostly deployed in security-critical environments in order to provide a secure and trusted access to the provisioned services. These services are delivered to a cardholder using the Service Provider’s (SPs) applications on his or her smart card(s). These applications are at their most vulnerable state when they are executing. There exist a variety of runtime attacks that can circumvent the security checks implemented either by the respective application or the runtime environment to protect the smart card platform, user and/or application. In this paper, we discuss the Java Runtime Environment and a potential threat model based on runtime attacks. Subsequently, we discussed the counter-measures that can be deployed to provide a secure and reliable execution platform, along with an evaluation of their effectiveness, incurred performance-penalty and latency.

1

Introduction

An application on a smart card relies on the Smart Card Runtime Environment (SCRT) for secure and reliable execution. An SCRT contains a library of Application Programming Interfaces (APIs) that provide a secure and reliable interface between the installed applications and on-card services. An SCRT is used in order to: 1. 2. 3. 4. 5.

Provide a secure and reliable program execution. Enforce an execution isolation and access to memory locations. Provide an interface to access cryptographic algorithms. Protect the platform and applications from malicious or ill-formed applications. Handle communication between applications and with external entities.

In early 2000, fault attacks became the modus operandi of adversaries to subvert the implemented cryptographic algorithms in the smart card industry. Since then the technology has evolved to counter these threats to some extent [3–5]. Althought, the full extent is not publically know, there has been a growing interest in fault injection and combined attacks [6–8] to subvert the protection mechanisms on a smart card. In combined attacks both the software (i.e. attacker’s application) and fault injection are used to achieve the objectives. In this paper, c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part II, LNCS 9327, pp. 541–560, 2015. DOI: 10.1007/978-3-319-24177-7 27

542

R.N. Akram et al.

we analyse the attacks that target the SCRT and provide counter-measures. The attacks we have considered in this paper are fault and combined attacks targetted at the SCRT. In this paper, we focus on Java Cards; therefore, we will constantly refer to the Java Card Runtime Environment (JCRE) and it is used synonymously with SCRT. The rationale is that the JCRE has an open specification as compared to alternatives such as Multos, and new attacks mostly target Java Cards. 1.1

Contributions of the Paper

In this paper, we propose and evaluate the following: 1. A JCRE protection framework referred to as the “Runtime Protection Mechanism (RPM)”. 2. Inclusion of the application developer’s security requirements at the compilation of the applicat

Recommend Documents

Runtime Code Polymorphism as a Protection Against Side Channel Attacks

172 70 748KB

Runtime Checking for Program Verification

182 64 356KB

Azure-SSIS Integration Runtime

208 17 18MB

Runtime Errors and Exceptions

168 27 11MB

Compositional Runtime Enforcement

191 7 20MB

Perturbing Smart Contract Execution Through the Underlying Runtime

176 20 32MB

Power Analysis Attacks Revealing the Secrets of Smart Cards

610 148 152MB

ROSMonitoring: A Runtime Verification Framework for ROS

323 47 65MB

Decentralized runtime enforcement for robotic swarms

159 45 818KB

Declarative Stream Runtime Verification (hLola)

166 72 17MB

BDDs for Representing Data in Runtime Verification

177 56 33MB

Runtime-Safety-Guided Policy Repair

175 106 33MB