I was part of the team that defined the binary format that has been in use since the end of the 1990’s. The selected solution was not my preferred one, as I preferred a pre-linked version. At the time, everybody agreed that on-card verification was too ambitious, so this was never considered for Java Card […]
Category Archives: Java Card 2.x
Logical Attacks in the Java Card security landscape
Logical attacks on Java Card have been known for a long time, and they have also been a focus of a lot of academic research, which still continues today. Earlier this week at Cardis 2016, there have been two presentations on logical attacks. I will not discuss the details of the attacks that are being […]
Java Card software attacks
There have been two papers at SSTIC’16 that outline the limits of bytecode verification in the context of Java Card. One of the papers, by Guillaume Bouffard and Julien Lancia, describes a bug found in Oracle’s bytecode verifier through fuzzing (yes, it’s been fixed). The second one, by Jean Dubreuil, outlines several logical and combined […]
Inside Java Card: From APDUs to CAP File and Interoperability
As promised in the previous post, here are a few Java Card stories. Over the almost 20 years of Java Card history, many design decisions have been taken on the product: some successful, some less successful. Here are a few stories of these discussions/decisions. API vs. APDU Before Java Card, a smart card specification consisted […]
Java Card, a farewell
My Oracle story has ended, and with it my Java Card story, at least for now. I started working on the technology in February 1997, and I have never been very far from the technology for almost 20 years. However, Java Card is not in the scope of my next job, as I will focus […]
Fiction (maybe): Who will refuse to break a secure element?
Apple is refusing to break an iPhone for the FBI. I believe that they are right to do so, but also that this position isn’t that easy to stand for everybody. So, here is a little fiction (well, I think it is fiction) about this. The iPhone is a secure device, so the best way […]
The Off-Card Bytecode Verifier is fine, thank you!
REWRITTEN on 23 Nov. 2013. A few weeks ago, a friend sent me a link to the Cardis program, with the message “A bug in the verifier?”. Looking at the program, I saw a paper entitled Manipulating frame information with an Underflow attack undetected by the Off-Card Verifier, by Thales Communications and Security. This sounded […]
Chip to Cloud, day 2: Automated analysis of Java Card applets
This is a presentation by Jean-Baptiste Machemie, from the University of Limoges and a new project called Arya Security. The topic is automated analysis of Java Card applets, which is one of my favorite topics, and I am very happy to see interest from academia, as well as the emergence of companies who distribute such […]
Chip to Cloud, day 2: Java Card, 15 years later
Yes, this is my own session, so this is not really live. The idea is here to identify the most important events in the past 15 years of Java Card, and to take a look at the future. So, here are the selected events: 1996, Java on a smart card. That’s even more than 15 […]
The misuse of bytecode verification
Bytecode verification has been an interesting debate since the very beginning of Java Card. Back then, in 1997, Java was very much about Java applets, and the bytecode verifier was the essential piece of software that allowed untrusted code to run in a browser efficiently (i.e., without doing expensive runtime checks, and without having to […]