The exclusive promotional activities on JCOP J3H145 card and Feitian R301 Smartcard Reader are in full swing. Please check this page for details.

why does java card still has security risks being attacked?

JavaCard Applet Development Related Questions and Answers.
newbiecat
Posts: 15
Joined: Thu Apr 19, 2018 6:43 am
Points :140
Contact:

why does java card still has security risks being attacked?

Post by newbiecat » Tue Apr 24, 2018 8:35 am

Hello,everyone. I am a newbie in smart card or java card field. As I know that the applet has been converted to the special byte codes of java card platform according JCVM (java card virtual machine) specification descriptions. And byte codes run in a sandbox under the controls of JCRE(java card runtime environment) .
But I am confused why byte code can attack this VM system.How to do that? Could anyone explain it briefly?
Many thanks.

bhavatar
Posts: 1
Joined: Wed Apr 25, 2018 11:53 am
Points :8
Contact:

Re: why does java card still has security risks being attacked?

Post by bhavatar » Thu May 10, 2018 5:06 am

When a smart card is running, different instructions will be executed. Different power consumption can be performed, and different software or hardware modules maybe have different characteristics. Detecting of these power consumption, it could probably presume the smart card chip software or hardware module which is working currently. For example, operating of the memory of smart card IC, resulting in differences of the charging and discharging of the capacitor. This technology is so-called SPA (Simple power analysis). Through high-precision instruments, even a tiny power consumption could be detected. So even though with Java Card or Smart Card technologies, there are still potential risks of leading to the information leakage. The physical method can analyze the storage content of a smart card.
Laser attacking can disrupt the normal execution order of instruction. The high-level language codes were compiled into the Assembly, some insecurity codes may be produced. Poorly applets codes which are probably another reason why attackers can easily obtain the crucial information such as keys of a smart card.
Limited to my technology level, maybe some descriptions are not accurate enough, hope all above could help you.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 9 guests

JavaCard OS : Disclaimer