Automatic source code transformations for strengthening practical security of smart card applications

The availability of programmable cryptographic smart cards provides possibility to run application in significantly more secured environment then ordinary personal computer. Smart card platforms like Java Card or .NET allow to implement portable applications that can be run on different smart card hardware. Barriers for a skilled Java developer switching to the Java Card platform are relatively small – working applets can be written quickly. Unfortunately, the resulting overall security of the applet is strongly dependent on the implementation of the smart card operating system, related libraries, as well as physical resistance and information leakage of the underlaying hardware. Same Java Card applet may run securely on one smart card hardware platform, but be vulnerable on an other. Defenses implementable on the source code level for later case might exist, but such a situation is unfavorable for applet developer as multiple versions of applet must be maintained to support a wider range of smart cards (although all providing Java Card platform). In this paper we describe several practical attacks on modern smart cards, discuss possible defenses and propose a general framework for automatic replacement of vulnerable operations by safe equivalents. A code strengthening constructions can be also automatically inserted. Only one version of the applet is maintained for multiple different smart card hardware and personalization of source code is performed in in automated fashion. Practical implementation and examples of usage are presented and discussed.