Logical attacks on smart cards have been used for many years, but their attack potential is hindered by the processes used by issuers to verify the validity of code, in particular bytecode verification. More recently, the idea has emerged to combine logical attacks with a physical attack, in order to evade bytecode verification. We present practical work done recently on this topic, as well as some countermeasures that can be put in place against such attacks, and how they can be evaluated by security laboratories.
ForwardThis paper presents theoretical work 1 related to the development of attacks that combine logical attacks on the card's software with physical attacks on the card's hardware. This particular piece of work has been performed on Java Card-based smart cards. However, we will see that the new attacks can be applied to other platforms, and Java Card has mostly been chosen because it is the most common interoperable smart card application platform.