< retour aux séminaires

Jean-Louis LANET, Université de Limoges (équipe Smart Secure Device) et INRIA Rennes (High Security Labs)

Theme: Software attacks against Java Cards, seven years of continuous security improvements
Date: Mercredi 17 décembre 2014 - 10 h 45, Laboratoire TIMA - Salle T312


Smart cards have been considered for a long time a secure container for storing secret data and executing programs that manipulate them without leaking any information.
In the last decade a new form of attack that uses the hardware has been intensively studied.
We suggested to pay attention also to cheaper attacks that use only software.
We demonstrated through several proof of concepts that such an approach should be a threat under some hypotheses.
We have been able to execute self-modifying code, return address programming and so on.
Recently we demonstrated that the strong hypothesis can be relaxed thanks to combined attacks.
Then all the already published attacks should have been a threat but the industry increased the counter measures to mitigate each of the published attacks.