Julien Iguchi-Cartigny

Smart Card Research and Advanced Applications

Mathematical Algorithms.- The Polynomial Composition Problem in (?/n?)[X].- Enhance Multi-bit Spectral Analysis on Hiding in Temporal Dimension.- Secure Delegation of Elliptic-Curve Pairing.- Side Channel Analysis.- Side-Channel Leakage across Borders.- Designing a Side Channel Resistant Random Number Generator.- Simple Power Analysis on Exponentiation Revisited.- Atomicity Improvement for Elliptic Curve Scalar Multiplication.- Systems.- Key-Study to Execute Code Using Demand Paging and NAND Flash at Smart Card Scale.- Firewall Mechanism in a User Centric Smart Card Ownership Model.- Logical Attacks.- Combined Attacks and Countermeasures.- Attacks on Java Card 3.0 Combining Fault and Logical Attacks.- Fault Analysis.- Improved Fault Analysis of Signature Schemes.- When Clocks Fail: On Critical Paths and Clock Faults.- Privacy.- Modeling Privacy for Off-Line RFID Systems.- Developing Efficient Blinded Attribute Certificates on Smart Cards via Pairings.- On the Design and Implementation of an Efficient DAA Scheme.

Combined software and hardware attacks on the java card control flow

The Java Card uses two components to ensure the security of its model. On the one hand, the byte code verifier (BCV) checks, during an applet installation, if the Java Card security model is ensured. This mechanism may not be present in the card. On the other hand, the firewall dynamically checks if there is no illegal access. This paper describes two attacks to modify the Java Card control flow and to execute our own malicious byte code. In the first attack, we use a card without embedded security verifier and we show how it is simple to change the return address of a current function. In the second attack, we consider the hypothesis that the card embeds a partial implementation of a BCV. With the help of a laser beam, we are able to change the execution flow.

Developing a Trojan applets in a smart card

This paper presents a method to inject a mutable Java Card applet into a smart card. This code can on demand parse the memory in order to search for a given pattern and eliminate it. One of these key features is to bypass security checks or retrieve secret data from other applets. We evaluate the countermeasures against this attack and we show how some of them can be circumvented and we propose to combine this attack with others already known.

Localized Minimum-Energy Broadcasting for Wireless Multihop Networks with Directional Antennas

We propose several localized algorithms to achieve energy-efficient broadcasting in wireless multihop networks using directional antennas. Each node needs to know only geographic position of itself and its neighbors. Our first protocol is called DRBOP and it follows the one-to-one communication model to reach to all nodes in the relative neighborhood graph (RNG). Each node that receives a message for the first time from one of its RNG neighbors will rebroadcast it to each of its remaining RNG neighbors separately. The transmission power is adjusted for each transmission to the minimal necessary for reaching the particular neighbor. Next, we describe DLBOP, where RNG is replaced by the localized minimum spanning tree (LMST) graph which is a localized topology resembling the minimum spanning tree. We then observe that, for very dense networks, it is more energy-efficient to reach more than one neighbor at a time. A one-to-many protocol efficient for dense networks is proposed. We then describe an efficient localized protocol which adaptively switches (without any threshold) between one-to-one and one-to-many communication models and is efficient for both sparse and dense networks. Our simulation results show that for different energy models, the adaptive protocol is able to achieve a competitive performance to globalized algorithms while having a fully localized operation.

Checking the Paths to Identify Mutant Application on Embedded Systems

The resistance of Java Card against attack is based on software and hardware countermeasures, and the ability of the Java platform to check the correct behaviour of Java code (by using bytecode verification for instance). Recently, the idea to combine logical attacks with a physical attack in order to bypass bytecode verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified on-card using laser beam. Such applications become mutant applications, with a different control flow from the original expected behaviour. This internal change could lead to bypass control and protection and thus offer illegal access to secret data and operation inside the chip. This paper presents an evaluation of the ability of an application to become mutant and a new countermeasure based on the runtime check of the application control flow to detect the deviant mutations....

Hot updates for Java based smart cards

Systems need to be updated in order to correct vulnerabilities, fix bugs but also to enhance functionalities. Traditional software update mechanisms usually stop the software that need to be updated, apply the update then restart the system. However, this approach is not appropriate in critical systems such as banking or telecommunications.

Enhancing Fuzzing Technique for OKL4 Syscalls Testing

Virtual machine monitor is a hot topic in the embedded community. Apart from high end system, current processors for embedded systems do not have any instructions helping to virtualize an operating system. Based on this fact, most of the current hyper visors for embedded devices use the Para virtualization technique. This is the case of the OKL4 kernel which is based on the L4 micro-kernel and implements among other the Linux kernel as guest OS. We introduce our ongoing work for testing the security of OKL4. We have chosen to focus on the most low level OKL4 interface usable from an external actor: the system call API. Because all operating system components use directly or indirectly these system calls, a minor flaw at this level can impact in chain the entire system including a virtualized kernel. We have developed a model describing the OKL4 system calls. This model also contains all constraints applicable to a system call. Based on these models, we are working on a tool using the constraints to compute a reduced set of system call input values which are highly likely to generate flaws in OKL4 if they are not fully checked by the hypervisor.

Incremental Dynamic Update for Java-Based Smart Cards

One of the most appealing feature for multi-application smart cards is their ability to dynamically download or delete applications once the card has been issued. Applications can be updated by deleting old versions and loading the new ones. Nevertheless, for system components, the update is sligthly more complex because the systems never stop. Indeed, for smart cards based on Java called JavaCard, the virtual machine has a life cycle similar to the card because persistent objects are preserved after the communication sessions with the reader have expired. We present in this paper, our research in dynamic system components updating of JavaCard. Our technique requires a lot of off-card and on-card mechanisms. Our approach uses control flow graph to determine change between versions, a domain specific language to represent the change for minimization of the download overhead throughout the communication link with the card.

A security mechanism to increase confidence in m-transactions

Currently, NFC phones are coming in the handheld market, providing facilities to perform m-transactions. Obviously, this type of operation requires special security precautions. Indeed, a malicious code could intercept and hijack the system, even if there is a smart card. For example, the amount of the payment displayed in the terminal can be hijacked by an attacker to fool the user, or users credential can be stolen thanks to a keylogger (and thus malicious codes can perform unwanted m-transactions automatically). This paper describes a security mechanism based on a graphical Turing test to prevent m-transactions submission by malwares. Firstly it introduces current m-transactions solutions. Then it explains the security mechanism that we propose to tackle the problem of untrusted handheld devices. It also underlines a proof of concept we implemented, to test its feasibility on a SIM card. Finally, it gives information on performances corresponding to the implementation that we made.

Analysis Vulnerabilities in Smart Card Web Server

Since its beginning, smart cards have involved. They are used nowaday by million of users and provide more opportunities. You can integrate it a web server. Java Card 2.2 smart card Web Server does not support the TCP/IP protocol, a new communication protocol has been created between the card and the mobile : the BIP protocol (Bearer Independent protocol). This protocol managed the security of the communication, it should be flawless. To verify protocol security, we use fuzzing technic. Work on the fuzzing shown that many security flaws on application or protocol may be discovered when invalid data is injected. We use this method in black box with an accurate analysis on the BIP protocol to test its vulnerability to attacks. We will see its implementation have some differences with the specification.