Trust can be misplaced

Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the non-volatile memory area. Most of the researches try to obtain cryptographic keys through side-channel attacks or fault-injection attacks. Such cryptographic objects...

Full description

Saved in:
Bibliographic Details
Published in:Journal of cryptographic engineering 2017-04, Vol.7 (1), p.21-34
Main Authors: Idrissi, Noreddine El Janati El, Bouffard, Guillaume, Lanet, Jean-Louis, Hajji, Said El
Format: Article
Language:English
Subjects:
Circuits and Systems
Client server systems
Communications Engineering
Computer Communication Networks
Computer Science
Containers
Cryptography
Cryptography and Security
Cryptology
Data Structures and Information Theory
Embedded Systems
Networks
Operating Systems
Security
Smart cards
Special Section on Proofs 2015
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the non-volatile memory area. Most of the researches try to obtain cryptographic keys through side-channel attacks or fault-injection attacks. Such cryptographic objects are stored into secure containers. We demonstrate in this paper how one can use some characteristics of the Java Card platform to gain access to these assets. Such a smart card embeds a Firewall that provides isolation between applets from different clients (using the notion of security contexts). We exploit the client/server architecture of the intra-platform communication to lure a client application to execute within its security context, a hostile code written and called from another security context: the server security context. This attack shows the possibility for a trusted application to execute within its security context some hostile code uploaded previously by the server.
ISSN:2190-8508
2190-8516
DOI:10.1007/s13389-016-0142-5