Riscure, profile picture
Uploaded byRiscure
1,184 views

Java Card Security

This document discusses Java Card security. It begins with an overview of Java Card and its benefits, including being interoperable, secure, supporting multiple applications, and being dynamically updatable. It then covers Java Card applet lifecycles, concepts like verification, loading, firewalls and atomicity, compares Java Card to Java, analyzes risks like denial of service and privacy invasion, demonstrates attacks like using Trojan code and firewall type confusion, and concludes that while threats exist, security measures can counteract them and Java Card security is attainable.

Embed presentation

Downloaded 13 times
Java Card Security Marc Witteman, Riscure witteman@riscure.com 26 February 2004, 9:00 AM San Francisco
Overview What is Java Card? Life cycle Concepts Risk analysis Attacks Securing Java Card
What is Java Card? A Java Card is a smart card running a small Java based Operating System that can dynamically be upgraded. Chip hardware JavaCard OS (Runtime Environment and Mngt functions) Applet 1 Applet 2 Applet 3
Java Card Benefits (according to SUN) Interoperable Applets run on any Java Card Secure Inherent security of the Java language enhanced with new concepts like applet firewall and atomicity Multi-Application Capable Multiple applications can co-exist securely on a single smart card. Dynamic Post-issuance applet downloading. Open Developers benefit from object-oriented programming, and off-the-shelf Java development tools. Compatible with Existing Standards ISO7816, EMV, Global Platform and ETSI.
Main Java Card application areas today Financial Smart Credit / Debit E-Purses Loyalty programs Mobile Communication Infotainment Business support Network optimizers
Java Card Applet Life Cycle Applet development Applet deployment Appl. design Writ e code Java source Compile byte code Convert CAP file CAP file Verify Upload Install AppletExecutable Load File
Java Card concepts and innovations Verification How can mobile code be trusted? Loading How can the code origin be trusted? Firewall How to allow secure applet interactions? Atomicity How to protect data consistency?
Concepts: Verification What is a CAP file actually? What can an ill-formed applet do? How important is byte code verification? What can the Java Card Off-Card Verifier do? Catch: Beware of code changes between verification and running!
Concepts: Card Management Card management frameworks Global Platform / GSM SIM data download Management actions loading, installation, personalization, deletion Secure protocols electronic signatures, encryption Catch: Side channel attacks on the Java Card platform may retrieve or bypass card management keys!
Concepts: Firewall Applet firewall allows controlled sharing All applet interactions go through the firewall Server applets can authenticate client applets Object ownership prevents unauthorized access Catch: An applet becomes vulnerable if the virtual machine does not carefully implement all firewall rules
Concepts: Atomicity Smart cards operate in an unfriendly environment Consistency of data is crucial to reliability and security Atomic operations Transaction mechanism: — beginTransaction — commitTransaction — abortTransaction Catch: keeping a reference to a deleted object can break the entire platform security
Java Card vs Java Security is better No dynamic class loading No threading Applet firewall Applet sources controlled Security is worse No on-board byte code verifier No sandbox Applets are persistent Uploading A comparison between Java Card and Java Conceptual security is better and worse!
Java Card risks Annoyance Denial of service Invasion of privacy System modification
Java card threats Verified applet abuses feature Trojan code example Verified applet exploits bug Ill-formed applet attack Dangling reference demo Firewall type confusion demo
Attack example: Trojan code Applet developer hides small Trojan in useful applet to steal a PIN code of a cell phone Applet performs some meaningful action, e.g. Traffic info At some stage the applet misleads the user by asking the PIN After PIN insertion it is leaked by SMS, and the applet continues
Demo: Firewall type confusion Two applets communicate through firewall Binary incompatibility between server and client A reference to a byte array is set to another object Runtime allows arbitrary reading & writing! DEMONSTRATION on Java Card reference implementation
Fragments of type confusion code // class that stores a short where arrays may store their length public class Fake { public short size = 0x7FFF; }; // Server implementation of ‘confuse’ method public Fake confuse( Fake fake ) { return fake; } // Interface definition that client uses is different: public byte[] confuse ( Fake fake ); // Client binds byte array reference ‘array’ to object ‘fake’ byte[] array = sio.confuse( fake ); // size of ‘array’ now set to 0x7FFF (32K !!!)
Demo: Dangling reference Applet creates object within transaction Transaction is aborted, object deleted Reference was not cleared, now dangling! New object created, dangling reference confused! Runtime allows arbitrary reading & writing! DEMONSTRATION on recent commercial Java Card!
Fragments of dangling reference code // start a transaction JCSystem.beginTransaction(); // allocate short byte array array = new byte[2]; // abort transaction, array object must be deleted JCSystem.abortTransaction(); // create new object of different class to fill the emptied space Fake fake = new Fake(); // try to reuse the memory // if ‘array’ not cleared, its size may now be set to 0x7FFF (32K !!!)
Java Card Security Measures Java Card source code review CAP file verification and Code signing Loading security JCRE verification
Conclusion Java Card is a significant step forward Realistic threats exist also for Java Card Off-card verification is more risky than it seems Java card issuers can and should take specific measures to counter act the threats Java Card Security is attainable
Thanks! Want to know more? Email to: witteman@riscure.com or visit: www.riscure.com Articles available on Smart Card and Java Card security

More Related Content

PDF
Software Attacks on Hardware Wallets
byRiscure
 
PDF
Bypassing Secure Boot using Fault Injection
byRiscure
 
PDF
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
byRiscure
 
PDF
Riscure Assurance for Premium Content at a glance
byRiscure
 
PDF
CheapSCAte: Attacking IoT with less than $60
byRiscure
 
PDF
PEW PEW PEW: Designing Secure Boot Securely
byNiek Timmers
 
PDF
Fault Injection on Automotive Diagnosis Protocols
byRiscure
 
PPTX
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
byBlueHat Security Conference
 
Software Attacks on Hardware Wallets
byRiscure
 
Bypassing Secure Boot using Fault Injection
byRiscure
 
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
byRiscure
 
Riscure Assurance for Premium Content at a glance
byRiscure
 
CheapSCAte: Attacking IoT with less than $60
byRiscure
 
PEW PEW PEW: Designing Secure Boot Securely
byNiek Timmers
 
Fault Injection on Automotive Diagnosis Protocols
byRiscure
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
byBlueHat Security Conference
 

What's hot

PPTX
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
byBlueHat Security Conference
 
PPTX
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
byBlueHat Security Conference
 
PPTX
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
byKevin Fealey
 
PPTX
Practical Security Assessments of IoT Devices and Systems
byOllie Whitehouse
 
PPTX
Securing the continuous integration
byIrene Michlin
 
PDF
Renato Rodrigues - Security in the wild
byDevSecCon
 
PPTX
Static Analysis Security Testing for Dummies... and You
byKevin Fealey
 
PPTX
Making Security Agile
byOleg Gryb
 
PDF
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
byPriyanka Aash
 
PPTX
Seminar V2
byMoustafa Najm
 
PDF
BlueHat v18 || Go build a tool - best practices for building a robust & e...
byBlueHat Security Conference
 
PDF
Writing ICS Vulnerability Analysis
byDigital Bond
 
PPTX
Havex Deep Dive (English)
byDigital Bond
 
PDF
Gone in a flash pdf
byAndrewRJamieson
 
KEY
Security Code Review: Magic or Art?
bySherif Koussa
 
PDF
Myths and Misperceptions of Open Source Security
byBlack Duck by Synopsys
 
PPTX
Runtime Analysis on Mobile Applications (February 2017)
bySandeep Jayashankar
 
PDF
Evaluating iOS Applications
byiphonepentest
 
PDF
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
byiphonepentest
 
PDF
IoT Security – It’s in the Stars! 16_9 v201605241355
byAndrewRJamieson
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
byBlueHat Security Conference
 
BlueHat v17 || Raising the Bar: New Hardware Primitives for Exploit Mitigations
byBlueHat Security Conference
 
Automating Your Tools: How to Free Up Your Security Professionals for Actual ...
byKevin Fealey
 
Practical Security Assessments of IoT Devices and Systems
byOllie Whitehouse
 
Securing the continuous integration
byIrene Michlin
 
Renato Rodrigues - Security in the wild
byDevSecCon
 
Static Analysis Security Testing for Dummies... and You
byKevin Fealey
 
Making Security Agile
byOleg Gryb
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
byPriyanka Aash
 
Seminar V2
byMoustafa Najm
 
BlueHat v18 || Go build a tool - best practices for building a robust & e...
byBlueHat Security Conference
 
Writing ICS Vulnerability Analysis
byDigital Bond
 
Havex Deep Dive (English)
byDigital Bond
 
Gone in a flash pdf
byAndrewRJamieson
 
Security Code Review: Magic or Art?
bySherif Koussa
 
Myths and Misperceptions of Open Source Security
byBlack Duck by Synopsys
 
Runtime Analysis on Mobile Applications (February 2017)
bySandeep Jayashankar
 
Evaluating iOS Applications
byiphonepentest
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
byiphonepentest
 
IoT Security – It’s in the Stars! 16_9 v201605241355
byAndrewRJamieson
 

Similar to Java Card Security

PPT
java-card20232024999999999999999999999999999999999999999999999999999999999999...
byouahibakellou
 
PDF
Eric java card-basics-140314
byEric Vétillard
 
PDF
Атаки на платформу Java Card с использованием вредоносных апплетов
byPositive Hack Days
 
PDF
First Steps with Java Card
byEric Vétillard
 
PPT
Technical Overview of Java Card
byAnshuman Sinha
 
PDF
jCardSim – Java Card is simple!
byMikhail Dudarev
 
PDF
Tu dresden 290404_jcop
bypri18saini
 
PPT
Java card technology
byKeerthi Thomas
 
PPT
Java card technology
byKeerthi Thomas
 
PDF
SECURE FILE MANAGEMENT SYSTEM FOR JAVA CARDS
byijfcstjournal
 
PDF
Advanced Java
byHossein Mobasher
 
PDF
Java Card 2.x FAQ (2001)
byJulien SIMON
 
PPT
Java card technology
byAmol Kamble
 
PPTX
JAVA CARD BY SAIKIRAN PANJALA
bySaikiran Panjala
 
PDF
verification_slides
byAlessio Parzian
 
PPTX
Javacard
bySamiksha90
 
ODP
Tollas Ferenc - Java security
byveszpremimeetup
 
PDF
Java Platform Security Architecture
byRamesh Nagappan
 
PPTX
Smart Cards, ePassports, and open source
byMartijn Oostdijk
 
PDF
Security in Java
bySiddharth Coontoor
 
java-card20232024999999999999999999999999999999999999999999999999999999999999...
byouahibakellou
 
Eric java card-basics-140314
byEric Vétillard
 
Атаки на платформу Java Card с использованием вредоносных апплетов
byPositive Hack Days
 
First Steps with Java Card
byEric Vétillard
 
Technical Overview of Java Card
byAnshuman Sinha
 
jCardSim – Java Card is simple!
byMikhail Dudarev
 
Tu dresden 290404_jcop
bypri18saini
 
Java card technology
byKeerthi Thomas
 
Java card technology
byKeerthi Thomas
 
SECURE FILE MANAGEMENT SYSTEM FOR JAVA CARDS
byijfcstjournal
 
Advanced Java
byHossein Mobasher
 
Java Card 2.x FAQ (2001)
byJulien SIMON
 
Java card technology
byAmol Kamble
 
JAVA CARD BY SAIKIRAN PANJALA
bySaikiran Panjala
 
verification_slides
byAlessio Parzian
 
Javacard
bySamiksha90
 
Tollas Ferenc - Java security
byveszpremimeetup
 
Java Platform Security Architecture
byRamesh Nagappan
 
Smart Cards, ePassports, and open source
byMartijn Oostdijk
 
Security in Java
bySiddharth Coontoor
 

More from Riscure

PDF
PEW PEW PEW: Designing Secure Boot Securely
byRiscure
 
PDF
Lowering the bar: deep learning for side-channel analysis
byRiscure
 
PDF
Efficient Reverse Engineering of Automotive Firmware
byRiscure
 
PDF
Riscure Introduction
byRiscure
 
PDF
Practical Differential Fault Attack on AES
byRiscure
 
PDF
How to secure electronic passports
byRiscure
 
PDF
How multi-fault injection breaks the security of smart cards
byRiscure
 
PDF
Why is it so hard to make secure chips?
byRiscure
 
PDF
How to secure HCE
byRiscure
 
PDF
Why are we still vulnerable to Side Channel Attacks?
byRiscure
 
PDF
Controlling PC on ARM using Fault Injection
byRiscure
 
PDF
Defeating RSA Multiply-Always and Message Blinding Countermeasures
byRiscure
 
PDF
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
byRiscure
 
PEW PEW PEW: Designing Secure Boot Securely
byRiscure
 
Lowering the bar: deep learning for side-channel analysis
byRiscure
 
Efficient Reverse Engineering of Automotive Firmware
byRiscure
 
Riscure Introduction
byRiscure
 
Practical Differential Fault Attack on AES
byRiscure
 
How to secure electronic passports
byRiscure
 
How multi-fault injection breaks the security of smart cards
byRiscure
 
Why is it so hard to make secure chips?
byRiscure
 
How to secure HCE
byRiscure
 
Why are we still vulnerable to Side Channel Attacks?
byRiscure
 
Controlling PC on ARM using Fault Injection
byRiscure
 
Defeating RSA Multiply-Always and Message Blinding Countermeasures
byRiscure
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
byRiscure
 

Recently uploaded

PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
API-First Architecture in Financial Systems
bycyy111112
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 

Java Card Security

  • 1.
    Java Card Security MarcWitteman, Riscure witteman@riscure.com 26 February 2004, 9:00 AM San Francisco
  • 2.
    Overview What is JavaCard? Life cycle Concepts Risk analysis Attacks Securing Java Card
  • 3.
    What is JavaCard? A Java Card is a smart card running a small Java based Operating System that can dynamically be upgraded. Chip hardware JavaCard OS (Runtime Environment and Mngt functions) Applet 1 Applet 2 Applet 3
  • 4.
    Java Card Benefits(according to SUN) Interoperable Applets run on any Java Card Secure Inherent security of the Java language enhanced with new concepts like applet firewall and atomicity Multi-Application Capable Multiple applications can co-exist securely on a single smart card. Dynamic Post-issuance applet downloading. Open Developers benefit from object-oriented programming, and off-the-shelf Java development tools. Compatible with Existing Standards ISO7816, EMV, Global Platform and ETSI.
  • 5.
    Main Java Cardapplication areas today Financial Smart Credit / Debit E-Purses Loyalty programs Mobile Communication Infotainment Business support Network optimizers
  • 6.
    Java Card AppletLife Cycle Applet development Applet deployment Appl. design Writ e code Java source Compile byte code Convert CAP file CAP file Verify Upload Install AppletExecutable Load File
  • 7.
    Java Card conceptsand innovations Verification How can mobile code be trusted? Loading How can the code origin be trusted? Firewall How to allow secure applet interactions? Atomicity How to protect data consistency?
  • 8.
    Concepts: Verification What isa CAP file actually? What can an ill-formed applet do? How important is byte code verification? What can the Java Card Off-Card Verifier do? Catch: Beware of code changes between verification and running!
  • 9.
    Concepts: Card Management Cardmanagement frameworks Global Platform / GSM SIM data download Management actions loading, installation, personalization, deletion Secure protocols electronic signatures, encryption Catch: Side channel attacks on the Java Card platform may retrieve or bypass card management keys!
  • 10.
    Concepts: Firewall Applet firewallallows controlled sharing All applet interactions go through the firewall Server applets can authenticate client applets Object ownership prevents unauthorized access Catch: An applet becomes vulnerable if the virtual machine does not carefully implement all firewall rules
  • 11.
    Concepts: Atomicity Smart cardsoperate in an unfriendly environment Consistency of data is crucial to reliability and security Atomic operations Transaction mechanism: — beginTransaction — commitTransaction — abortTransaction Catch: keeping a reference to a deleted object can break the entire platform security
  • 12.
    Java Card vsJava Security is better No dynamic class loading No threading Applet firewall Applet sources controlled Security is worse No on-board byte code verifier No sandbox Applets are persistent Uploading A comparison between Java Card and Java Conceptual security is better and worse!
  • 13.
    Java Card risks Annoyance Denialof service Invasion of privacy System modification
  • 14.
    Java card threats Verifiedapplet abuses feature Trojan code example Verified applet exploits bug Ill-formed applet attack Dangling reference demo Firewall type confusion demo
  • 15.
    Attack example: Trojancode Applet developer hides small Trojan in useful applet to steal a PIN code of a cell phone Applet performs some meaningful action, e.g. Traffic info At some stage the applet misleads the user by asking the PIN After PIN insertion it is leaked by SMS, and the applet continues
  • 16.
    Demo: Firewall typeconfusion Two applets communicate through firewall Binary incompatibility between server and client A reference to a byte array is set to another object Runtime allows arbitrary reading & writing! DEMONSTRATION on Java Card reference implementation
  • 17.
    Fragments of typeconfusion code // class that stores a short where arrays may store their length public class Fake { public short size = 0x7FFF; }; // Server implementation of ‘confuse’ method public Fake confuse( Fake fake ) { return fake; } // Interface definition that client uses is different: public byte[] confuse ( Fake fake ); // Client binds byte array reference ‘array’ to object ‘fake’ byte[] array = sio.confuse( fake ); // size of ‘array’ now set to 0x7FFF (32K !!!)
  • 18.
    Demo: Dangling reference Appletcreates object within transaction Transaction is aborted, object deleted Reference was not cleared, now dangling! New object created, dangling reference confused! Runtime allows arbitrary reading & writing! DEMONSTRATION on recent commercial Java Card!
  • 19.
    Fragments of danglingreference code // start a transaction JCSystem.beginTransaction(); // allocate short byte array array = new byte[2]; // abort transaction, array object must be deleted JCSystem.abortTransaction(); // create new object of different class to fill the emptied space Fake fake = new Fake(); // try to reuse the memory // if ‘array’ not cleared, its size may now be set to 0x7FFF (32K !!!)
  • 20.
    Java Card SecurityMeasures Java Card source code review CAP file verification and Code signing Loading security JCRE verification
  • 21.
    Conclusion Java Card isa significant step forward Realistic threats exist also for Java Card Off-card verification is more risky than it seems Java card issuers can and should take specific measures to counter act the threats Java Card Security is attainable
  • 22.
    Thanks! Want to knowmore? Email to: witteman@riscure.com or visit: www.riscure.com Articles available on Smart Card and Java Card security