Chronicle of a Java Card death

Mozhdeh, Farhadi; Lanet, Jean‐Louis

doi:10.1007/s11416-016-0276-0

Cited by 7 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2, namely -modifying metadata (esp. of arrays), -'spoofing' references (by doing some pointer arithmetic), -using getstatic b, -using 'illegal' opcodes, in a variation of the attack of [9], and -accessing arbitrary objects as if they were arrays (effectively a generalisation of the attack with arrayCopyNonAtomic used in [5] 2 ).…”

Section: Discussionmentioning

confidence: 99%

“…The only paper in the literature that looks at secure containers is by Farhadi and Lanet [5]. Here an attack is presented to access the plaintext value of a 3DES key belonging to another applet.…”

Section: Background and Related Workmentioning

confidence: 99%

“…As noted in [5], ideally the encryption key would be stored in memory that would be hard or impossible for an attacker to access (e.g. in ROM or memory of the crypto co-processor).…”

Section: Retrieving Plaintext Des Keysmentioning

confidence: 99%

“…We found that the attack using arrayCopyNonAtomic did not work on any of the cards we had, so this seems an implementation-specific weakness of the particular card studied in[5].…”

mentioning

confidence: 93%

See 3 more Smart Citations

Logical Attacks on Secured Containers of the Java Card Platform

Volokitin¹,

Poll

2017

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

This publication is distributed under the terms of Article 25fa of the Dutch Copyright Act (Auteurswet) with explicit consent by the author. Dutch law entitles the maker of a short scientific work funded either wholly or partially by Dutch public funds to make that work publicly available for no consideration following a reasonable period of time after the work was first published, provided that clear reference is made to the source of the first publication of the work. This publication is distributed under The Association of Universities in the Netherlands (VSNU) 'Article 25fa implementation' pilot project. In this pilot research outputs of researchers employed by Dutch Universities that comply with the legal requirements of Article 25fa of the Dutch Copyright Act are distributed online and free of cost or other barriers in institutional repositories. Research outputs are distributed six months after their first online publication in the original published version and with proper attribution to the source of the original publication.You are permitted to download and use the publication for personal purposes. Please note that you are not allowed to share this article on other platforms, but can link to it. All rights remain with the author(s) and/or copyrights owner(s) of this work. Any use of the publication or parts of it other than authorised under this licence or copyright law is prohibited. Neither Radboud University nor the authors of this publication are liable for any damage resulting from your (re)use of this publication.If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the ma terial

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%

“…As noted in [5], ideally the encryption key would be stored in memory that would be hard or impossible for an attacker to access (e.g. in ROM or memory of the crypto co-processor).…”

Section: Retrieving Plaintext Des Keysmentioning

confidence: 99%

“…We found that the attack using arrayCopyNonAtomic did not work on any of the cards we had, so this seems an implementation-specific weakness of the particular card studied in[5].…”

mentioning

confidence: 93%

See 2 more Smart Citations