Good , Bad and Ugly Design of Java Card Security Master ’ s

Java Cards are widely used to provide a way of running Java applets on a smart card. The widespread use of the Java Card platform makes it a target for a security research. Attacks on the Java Card platform is an interesting research topic and a lot of studies of physical, logical and combined attacks were published in the last years. This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well. The thesis first presents an extensive overview of the state-of-the-art logical attacks on the Java Card platform, including type confusion techniques, binary incomparable libraries, stack underflow and the transaction mechanism abuse. The attacks were implemented and evaluated using a number of Java Cards. The thesis then presents a number of new attacks targeting secured cryptographic key containers provided by the Java Card API as well as attacks on the implementation of OwnerPIN class. The study revealed that most of the cards do not implement any protection of the keys and PIN counters and just store it as a plaintext. Some cards do protect cryptographic containers, by encrypting it with a card-specific key, but we present an attack that bypasses the countermeasure. Additionally, we study illegal opcodes implemented by some of the Java Card virtual machines. The illegal opcodes first were studied by executing it on the card and observing the produced outputs and then the reverse engineering of the emulator of the card was used to find out the purpose of the illegal opcodes. Finally, a number of countermeasures implemented on the Java Card virtual machines are discussed and new countermeasures against discovered vulnerabilities are proposed.