Skip to main content
Conference Proceedings

Logical attacks on secured containers of the Java Card platform

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2017) 10146 LNCS 122-136
DOI: 10.1007/978-3-319-54669-8_8
3Citations
Citations of this article
2Readers
Mendeley users who have this article in their library.
Get full text

Abstract

The Java Card platform provides programmers with API classes that act as containers for cryptographic keys and PIN codes. This paper presents a first systematic evaluation of the security that these containers provide against logical attacks, for a number of cards from different manufacturers. Most cards we investigated do not appear to implement any integrity and confidentiality protection for these containers. For the cards that do, this paper presents new logical attacks that bypass these security measures. In particular, we show that the encryption of keys and PINs by the platform can be defeated using decryption functionality that the platform itself offers, so that logical attacks can still retrieve plaintext keys and PINs. We also investigate the possibilities for type confusion to access the global APDU buffer and the presence of undocumented bytecode instructions.

Cite

CITATION STYLE

APA

Volokitin, S., & Poll, E. (2017). Logical attacks on secured containers of the Java Card platform. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10146 LNCS, pp. 122–136). Springer Verlag. https://doi.org/10.1007/978-3-319-54669-8_8

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free