The notion of defensive virtual machine is a bit awkward. The official presentation of the Java (Card) Virtual Machine describes it as inherently secure, so the notion of defensive is a bit contradictory with this message. In fact, the notion of defensive virtual machine is the result of a long process: Virtual machines usually present […]
Category Archives: Security
Cloning e-passports
Bruce Shneier has pointed to another article on the security of e-passports. This one focuses on cloning, but contrarily to a previous article, which simply mentioned that cloning was possible (which is natural, since nothing is done to avoid it), the authors now look for ways to actually exploit the cloned passports. The ideas are […]
An efficient sensitive section API
e-Smart, day 3. Benoît Gonzalvo is from Gemalto’s security group, and he also participates to the Java Card Forum’s security work. The issue is to protect against attacks (side-channel observation or fault induction) [Gon06]. The two current approaches are: Protecting the whole VM, which is secure but potentially very slow. Protecting the application code, which […]
Designing chips against fault induction
e-Smart, day 1. The title of the talk by ST’s Christophe Tremlet was very appealing [Tre06]; the talk was interesting, but a bit under my expectations (the problem is not completely solved). Nevertheless, Christophe gave a very nice and interesting presentation of fault induction attacks, showing the different parameters that can be acted upon at […]
e-passport security
There have been several posts on Bruce Schneier’s blog about e-passports, including a recent one. Bruce’s views are interesting, and he raises interesting issues about RFID on passports. On the other hand, the comments posted on this post and related ones, show that there are lots of misunderstandings about the technology. Of course, this is […]
Java Card cards are less secure than native cards
This argument is often used by Java Card foes, often in conjunction to the “Java Card is slow” argument. The statement is effective, because most people don’t even bother to look deeper into its meaning. Here, we do not look at detailed figures and analyses, but we do look at possible reasons why this statement […]