Java Card or How to Cope with the New Security Issues Raised by Open Cards?

In this paper, we aim to discuss various threats raised by Java Cards at various levels of the system. First, we address the Java Card platform security itself, from the chip security features to the Java Card virtual machine. Next, we expose how to deal with application security which is a standard problem for smart card manufacturers but a quite new one for third party Java developers beginning to code Java Card applets. We also present the security offered by the card environment, i.e., how to securely download code on cards. Finally, we highlight the security issues coming from objects sharing inside the card and we present a few hints to prevent faults in smart card software. 1 New open smart card systems Multiapplication smart cards are getting more and more attractive for numerous good reasons. Users are willing to reduce the number of cards in their wallets, issuers want to decrease the time-to-market, the development, infrastructure and deployment costs or to update/add applications after card issuance. In addition multiapplication smart cards allow commercial synergies between partners and can lead to new business opportunities. A credit card with an electronic purse and a frequent flyer application is a classical example of a multiapplication smart card. A few operating systems have been proposed to manage multiapplicative smart cards, namely Java Card, Multos and more recently Smart Card for Windows. In this paper we will focus on Java Card and exhibit examples for this platform, but some results can apply to any multiapplicative platform. Security is always a big concern for smart cards, but the issue is getting more intense with multiapplicative platforms and post issuance code downloading. In this paper, we aim to discuss various threats raised by Java Cards at various levels of the system. First, we address the Java Card platform security itself, from the chip security features to the Java Card virtual machine. Next, we expose how to deal with application security which is a standard problem for smart card manufacturers but a quite new one for third party Java developers beginning to code Java Card applets. We also present the security offered by the card environment, i.e., how to securely download code on cards. Finally, we highlight the security issues coming from objects sharing inside the card and we present a few hints to prevent faults in smart card software.