Publications

Below is a list of my publications. My main publications are available from DBLP database. For most of papers, a link is provided to the on-line version. Alternatively, I will happy to send you a copy available on request.

Book Chapter

  1. La Sécurité Logique

    Guillaume Barbu, Guillaume Bouffard, and Julien Iguchy-Cartigny - Les Cartes à puce (2013)

Journal Articles

  1. Noreddine El Janati El Idrissi, Guillaume Bouffard, Jean-Louis Lanet, and Said El Hajji - Journal of Cryptographic Engineering (2017)

    Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the non volatile memory (NVM) area. Most of the researches try to obtain cryptographic keys through side channel attacks or fault injection attacks. Such cryptographic objects are stored into secure containers. We demonstrate in this paper how one can use some characteristics of the Java Card platform to gain access to these assets. Such a smart card embeds a Firewall that provides isolation between applets from different clients (using the notion of security contexts). We exploit the client/server architecture of the intra platform communication to lure a client application to execute within its security context, a hostile code written and called from another security context: the server security context. This attack shows the possibility for a trusted application to execute within its security context some hostile code uploaded previously by the server.

  2. Guillaume Bouffard, and Jean-Louis Lanet - Computers and Security (2015)

    Recently, researchers published several attacks on smart cards. Among these, software attacks are the most affordable, they do not require specific hardware (laser, EM probe, etc.). Such attacks succeed to modify a sensitive system element which offers access to the smart card assets. To prevent that, smart card manufacturers embed dedicated countermeasures that aim to protect the sensitive system elements. We present a generic approach based on a Control Flow Transfer (CFT) attack to modify the Java Card program counter. This attack is built on a type confusion using the couple of instructions jsr/ret. Evaluated on different Java Cards, this new attack is a generic CFT exploitation that succeeds on each attacked cards. We present several countermeasures proposed by the literature or implemented by smart card designers and for all of them we explain how to bypass them. Then, we propose to use Attack Countermeasure Tree to develop an effective and affordable countermeasure for this attack.

  3. Guillaume Bouffard, Bhagyalekshmy N. Thampi, and Jean-Louis Lanet - IJTMCC (2014)

    Security and attacks are two sides of the same coin in smart card industry. Smart cards are subjected to different types of attacks to gain the assets stored in it and can cause security issues. It is necessary to identify and exploit these attacks and implement appropriate countermeasures to mitigate their effects. Fault attacks are one among them and can introduce abnormal behaviour on the smart card environment. Some redundancies are necessary to recognise this problem. In this work we propose an automatic method to obtain control flow redundancy using a security automaton to mitigate laser based fault attacks and hence implement a smart card countermeasure based on the combination of static analysis and dynamic monitoring method. This is a very cost effective approach which can identify and mitigate the effects of fault attacks in a more efficient way.

  4. Guillaume Bouffard, and Jean-Louis Lanet - Journal Computer Virology and Hacking Techniques (2014)

    Attacks on smart cards can only be based on a black box approach where the code of cryptographic primitives and operating system are not accessible. To perform hardware or software attacks, a white box approach providing access to the binary code is more effi- cient. In this paper, we propose a methodology to discover the romized code whose access is protected by the virtual machine. It uses a hooked code in an indirection table. We gained access to real processor, thus allowing us to run a shell code written in 8051 assembler language. As a result, this code has been able to dump completely the ROM of a Java Card operating system. One of the issues is the possibility to reverse the cryptographic algorithm and all the embedded countermeasures. Finally, our attack is evaluated on different cards from distinct manufacturers.

  5. Jean Dubreuil, Guillaume Bouffard, Bhagyalekshmy N. Thampi, and Jean-Louis Lanet - IJSSE (2013)

    One of the challenges for smart card deployment is the security interoperability. A smart card resistant to an attack on a given platform should be able to guarantee the same behavior on another platform. But the current implementations do not comply with this requirement. In order to improve such standardization we propose a framework based on annotations with an external pre-processing to switch the Java Card Virtual Machine (JCVM) into a secure mode by activating a set of countermeasures. An example has been proposed in this paper for implementing a countermeasure against type confusion with a fault attack. Smart cards are often the target of software, hardware or combined attacks. In recent days most of the attacks are based on fault injection which can modify the behavior of applications loaded onto the card, changing them into mutant applications. This countermeasure requires a transformation of the original program byte codes which remain semantically equivalent. It needs a modification of the JCVM which stays backward compatible and a dedicated framework to deploy these applications. Thus, the proposed platform can resist to a fault enabled mutant.

International Conferences with Review and Proceeding

  1. Thomas Trouchkine, Guillaume Bouffard, and Jessy Clediere - In Information Security Theory and Practice - 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 10-11, 2019 (2019)

    Recently, several Fault Attacks (FAs) which target modern Central Processing Units (CPUs) have been emerged. These attacks are studied from a practical point of view and, due to the modern CPUs complexity, the underlying fault effect is usually unknown. In this article, we focus on the characterization of a perturbation (the fault model) on modern CPU. For that, we introduce the first approach to characterize the fault model on modern CPU from the Instruction Set Architecture (ISA) level to the micro-architectural level. This fault model helps at determining which micro-architecture elements are disrupted and how. Our fault model aims at finding original attack paths and designed efficient countermeasures. To confront our approach to real modern CPUs, we apply our approach on ARM and x86 architectures CPUs, mainly on the BCM2837 (the Raspberry Pi model B CPU) and an Intel Core i3.

  2. Julien Lancia, and Guillaume Bouffard - In Smart Card Research and Advanced Applications - 14th International Conference, CARDIS 2015, Bochum, Germany, November 4-6, 2015. Revised Selected Papers (2015)

    The Byte Code Verifier (BCV) is one of the most important security element in the Java Card environment. Indeed, embedded applets must be verified prior installation to prevent ill-formed applet loading. In this article, we disclose a flaw in the Oracle BCV which affects the applet linking process and can be exploited on real world Java Card smartcards. We describe our exploitation of this flaw on a Java Card implementation that enables injecting and executing arbitrary native malicious code in the communication buffer from a verified applet. This native execution allows snapshotting the smart card memory with OS rights.

  3. Guillaume Bouffard, Michael Lackner, Jean-Louis Lanet, and Johannes Loinig - In Smart Card Research and Advanced Applications - 13th International Conference, CARDIS 2014, Paris, France, November 5-7, 2014. Revised Selected Papers (2014)

    Several logical attacks against Java based smart card have been published recently. Most of them are based on the hypothesis that the type verification was not performed, thus allowing to obtain dynamically a type confusion. To mitigate such attacks, typed stack have been introduced on recent smart card. We propose here a new attack path for performing a type confusion even in presence of a typed stack. Then we propose using a Fault Tree Analysis a way to design efficiently counter measure in a top down approach. These counter measures are then evaluated on a Java Card virtual machine.

  4. Jean-Louis Lanet, Guillaume Bouffard, Rokia Lamrani, Ranim Chakra, Afef Mestiri, Mohammed Monsif, and Abdellatif Fandi - In Smart Card Research and Advanced Applications - 13th International Conference, CARDIS 2014, Paris, France, November 5-7, 2014. Revised Selected Papers (2014)

    Nowadays several papers have shown the ability to dump the EEPROM area of several Java Cards leading to the disclosure of already loaded applet and data structure of the card. Such a reverse engineering process is costly and prone to errors. Currently no tool are available to help this process. We propose here an approach to find in the raw data obtained after a dump, the area containing the code and the data. Then, once the code area has been identified, we propose to rebuilt the original binary Cap file in order to be able to obtain the source code of the applet stored in the card.

  5. Guillaume Bouffard, Tom Khefif, Jean-Louis Lanet, Ismael Kane, and Sergio Casanova Salvia - In 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS), La Rochelle, France, October 23-25, 2013 (2013)

    Java Card specification allows to load applications after the post-issuance. Each application to be installed into the card is verified by a Byte Code Verifier which ensures that the application is in compliance with the Java security rules. The Java Card linking process is divided in to two steps. The first one is done off-card by the Java Card toolchain. The second one is realized during the appli- cation installation to resolve each token by an internal reference. In this paper, we focus on the off-card linker, espe- cially the conversion part between a Java-Class item and a Java Card-Cap token. For that, we provide mali- cious export files which will be used by the converter. This malicious API provides the same behavior as the original one for the user. With this attack, we are able to confuse the Java Card linker.

  6. Guillaume Bouffard, Bhagyalekshmy N. Thampi, and Jean-Louis Lanet - In Computer Safety, Reliability, and Security - 32nd International Conference, SAFECOMP 2013, Toulouse, France, September 24-27, 2013. Proceedings (2013)

    In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use a Fault Tree Analysis. This method used in safety analysis helps to understand and implement all the desirable and undesirable events existing in this domain. We apply this method to Java Card vulnerability analysis. We define the properties that must be ensured: integrity and confidentiality of smart card data and code. By modeling the conditions, we discovered new attack paths to get access to the smart card contents. Then we introduce a new security api which is proposed to mitigate the undesirable events defined in the tree models.

  7. Guillaume Bouffard, Bhagyalekshmy N. Thampi, and Jean-Louis Lanet - In Security in Computing and Communications - International Symposium, SSCC 2013, Mysore, India, August 22-24, 2013. Proceedings (2013)

    Abstract. Security and interoperability issues are increasing in smart card domain and it is important to analyze these issues carefully and implement appropriate countermeasures to mitigate them. Security issues involve attacks on smart cards which can lead to their abnormal behavior. Fault attacks are the most important among them and they can affect the program execution, smart card memory, etc. Detecting these abnormalities requires some redundancies, either by another code execution or by an equivalent representation. In this paper, we propose an automatic method to provide this redundancy using a security automaton as the main detection mechanism. This can enforce some trace properties on a smart card application, by using the combination of a static analysis and a dynamic monitoring. The security officer specifies the fragments of the code that must be protected against fault attacks and a program transformer produces an equivalent program that mesh a security automaton into the code according to the security requirements.

  8. Jean Dubreuil, Guillaume Bouffard, Jean-Louis Lanet, and Julien Cartigny - In Seventh International Conference on Availability, Reliability and Security, Prague, ARES 2012, Czech Republic, August 20-24, 2012 (2012)

    Smart card are often the target of software or hardware attacks. For instance the most recent attacks are based on fault injection which can modify the behavior of applications loaded in the card, changing them as mutant application. In this paper, we propose a new protection mechanism which makes application to be less prone to mutant generation. This countermeasure requires a transformation of the original program byte codes which remains semantically equivalent. It requires a modification of the Java Virtual Machine which remains backward compatible and a dedicated framework to deploy the applications. Hence, our proposition improves the ability of the platform to resist to Fault Enabled Mutant.

  9. Guillaume Bouffard, and Jean-Louis Lanet - In Cryptography and Security: From Theory to Applications - Essays Dedicated to Jean-Jacques Quisquater on the Occasion of His 65th Birthday (2012)

    Java Card is a kind of smart card that implements one of the two editions, “Classic Edition” or “Connected Edition”, of the standard Java Card 3.0 [7]. Such a smart card embeds a virtual machine which interprets codes already romized with the operating system or downloaded after issuance. Due to security reasons, the ability to download code into the card is controlled by a protocol defined by Global Platform. This protocol ensures that the owner of the code has the necessary authorization to perform the action. Java Card is an open platform for smart cards, i.e. able of loading and executing new applications after issuance. Thus, different applications from different providers run in the same smart card. Thanks to type verification, byte codes delivered by the Java compiler and the converter (in charge of giving a compact representation of class files) are safe, i.e. the loaded application is not hostile to other applications in the Java Card. Furthermore, the Java Card firewall checks permissions between applications in the card, enforcing isolation between them.

  10. Tiana Razafindralambo, Guillaume Bouffard, and Jean-Louis Lanet - In Data and Applications Security and Privacy XXVI - 26th Annual IFIP WG 11.3 Conference, DBSec 2012, Paris, France, July 11-13,2012. Proceedings (2012)

    Smart cards are the safer device to execute cryptographic algorithms. Applications are verified before being loaded into the card. Recently, the idea of combined attacks to bypass byte code verification has emerged. Indeed, correct and legitimate Java Card applications can be dynamically modified on-card using a laser beam to become mutant applications or fault enabled viruses . We propose a framework for manipulating binary applications to design viruses for smart cards. We present development, experimentation and an example of this kind of virus.

  11. Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N. Thampi, and Jean-Louis Lanet - In Recent Trends in Computer Networks and Distributed Systems Security - International Conference, SNDS 2012, Trivandrum, India, October 11-12, 2012. Proceedings (2012)

    Off late security problems related to smart cards have seen a significant rise and the risks of the attack are of deep concern for the industries. In this context, smart card industries try to overcome the anomaly by implementing various countermeasures. In this paper we discuss and present a powerful attack based on the vulnerability of the linker which could change the correct byte code into malicious one. During the attack, the linker interprets the instructions as tokens and are able to resolve them. Later we propose a countermeasure which scrambles the instructions of the method byte code with the Java Card Program Counter (jpc). Without the knowledge of jpc used to decrypt the byte code, an attacker cannot execute any malicious byte code. By this way we propose security interoperability for different Java Card platforms.

  12. Guillaume Bouffard, Jean-Louis Lanet, Jean-Baptiste Machemie, Jean-Yves Poichotte, and Jean-Philippe Wary - In Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Leuven, Belgium, September 14-16, 2011, Revised Selected Papers (2011)

    The ability of Java Cards to withstand attacks is based on software and hardware countermeasures, and on the ability of the Java platform to check the correct behavior of Java code (by using byte code verification). Recently, the idea of combining logical attacks with a physical attack in order to bypass byte code verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified on-card using a laser beam. Such applications become mutant applications, with a different control flow from the original expected behaviour. This internal change could lead to bypass controls and protections and thus offer illegal access to secret data and operations inside the chip. This paper presents an evaluation of the application ability to become mutant and a new countermeasure based on the runtime checks of the application control flow to detect the deviant mutations.

  13. Guillaume Bouffard, Julien Iguchi-Cartigny, and Jean-Louis Lanet - In Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Leuven, Belgium, September 14-16, 2011, Revised Selected Papers

    The Java Card uses two components to ensure the security of its model. On the one hand, the byte code verifier (BCV) checks, during an applet installation, if the Java Card security model is ensured. This mechanism may not be present in the card. On the other hand, the firewall dynamically checks if there is no illegal access. This paper describes two attacks to modify the Java Card control flow and to execute our own malicious byte code. In the first attack, we use a card without embedded security verifier and we show how it is simple to change the return address of a current function. In the second attack, we consider the hypothesis that the card embeds a partial implementation of a BCV. With the help of a laser beam, we are able to change the execution flow.

National Conferences with Review and Proceeding

  1. Guillaume Bouffard, and Léo Gaspard - In Symposium sur la sécurité des technologies de l’information et des communications (SSTIC) (2018)

    In the world of Java Cards, the Firewall guarantees the segregation of applet data and ensures the integrity and confidentiality of each application. In order to be independent from the microcontroller, most Java Card Virtual Machine (JCVM) implementations are not designed to use hardware-based mechanisms. In this article, we describe how the Memory Protection Unit (MPU) can be used to segregate each Java Card applet from the Operating System and device drivers. Even if our contribution is designed to fit a specific hardware-based mechanism, our JCVM architecture can be reused for a microcontroller without MPU.

  2. Julien Lancia, and Guillaume Bouffard - In Symposium sur la sécurité des technologies de l’information et des communications (SSTIC) (2016)

    The Byte Code Verifier (BCV) is one of the most important security element in the Java Card environment. Indeed, embedded applets must be verified prior installation to prevent ill-formed applet loading. At the CARDIS 2015 conference, we disclosed a flaw in the Oracle BCV which affects the applet linking process and can be exploited on real world Java Card smart cards. In this article, we present how this vulnerability had be found and our exploitation of this flaw on a Java Card implementation that enables injecting and executing arbitrary native malicious code in the communication buffer from a verified applet. This attack was evaluated on several Java Card implementations with black box approach. As we cannot evaluate the effect of the control flow transfer, we develop a generic function which can be executed from any bytes which compound itself.

  3. Guillaume Bouffard, and Jean-Louis Lanet - In Symposium sur la sécurité des technologies de l’information et des communications (SSTIC) (2014)

    La carte à puce est aujourd’hui considérée comme étant un système sécurisé. Toutefois, il est possible, via certains types d’attaques, d’obtenir de l’information. Dans cet article, nous présentons comment ces informations ont permis de découvrir l’implémentation utilisée par une carte à puce pour appeler du code natif depuis le monde Java Card. Une fois ce mécanisme appréhendé, nous l’avons exploité pour exécuter notre propre code natif. Ce code, exécuté avec les droits du système d’exploitation, nous a permis de lire la mémoire ROM et ainsi obtenir tous les secrets de la carte attaquée. Une évaluation de cette attaque sur des cartes de modèles différents est présentée en conclusion.

  4. Guillaume Bouffard, Mathieu Lassale, Sergio Ona Domene, Hanan Tadmori, and Jean-Louis Lanet - In 8ème Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d’Information (SAR-SSI) (2013)

    La carte à puce est un objet contenant des informations sensibles. Les attaques par injection de faute sont les plus difficiles à se prémunir. La surveillance du flot d’exécution par la machine virtuelle est un des mécanisme permettant de s’en protéger. Nous intégrons dans l’interpréteur Java Card un automate de sécurité permettant de garantir une politique de sécurité. Nous montrons comment une optimisation permet d’obtenir une solution efficace tant dans son utilisation mémoire que dans la surcharge de calcul.

  5. Samiya Hamadouche, Guillaume Bouffard, Jean-Louis Lanet, Bruno Dorsemaine, Bastien Nouhant, Alexandre Magloire, and Arnaud Reygnaud - In Seventh Conference on Network and Information Systems Security (SAR-SSI) (2012)

    Smart card is the safest device to execute cryptographic algorithms. Recent cards have the ability to download programs after issuance. These applications are verified before being loaded in the card. Recently, the idea of combining logical attacks with a physical attack in order to bypass byte code verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified inside the card using a laser beam. Such applications become mutant applications. We propose here to go a step further in designing explicit viruses for smart cards. In order to generate efficient viruses we need to retrieve information concerning the linking process in the card. We have developed and experimented on most of the Java Card publicly available this generic attack. We present an example of virus using the result of this attack.

  6. Matthieu Barreaud, Guillaume Bouffard, Nassima Kamel, and Jean-Louis Lanet - In C&ESAR (2011)

    The fuzzing is a technique which allows to generate invalid, unexpected, or random data to supply them in the various inputs of the software or the protocol to be tested. That allows to find situations not expected by the programmers and sometimes to influence the functioning of the target. Our work aims to check implementations of the HTTP protocol in smart card embedded web servers. For that, we have used the fuzzing method to found vulnerabilities and compliance of this sort of web server. Moreover, working on black box forced us to use PyHAT to collect a maximum of information of the target features. Thus, we can reduce the amount of properties to analyze. Our fuzzing program is based on the Peach framework adapted to our needs. Then, with data model and state model of the target, Peach will generate the fuzzing data. We have also defined mutators to represent the mutations types used. Results generated by logs files are finally automatically analyzed to understand the behavior of the application and to detect if some fuzzed data succeed to take up vulnerabilities.

  7. Agnès Cristèle Noubissi, Ahmadou Al Khary Sere, Julien Iguchi-Cartigny, Jean-Louis Lanet, Guillaume Bouffard, and Julien Boutet - In Majecstic (2009)

    We present in this article our research dealing with faults attacks and logical attacks on smart cards, especially on Java Card. We introduce by presenting Java Card and its security mechanisms, then we present the types of attacks carried out on smart cards and we present some countermeasures for these attacks and in particular those faults attacks. And we finish with the presentation of our work on the tool of manipulation of a file format of Java Card and other proposals for countermeasures on faults attacks.

Conferences without Proceeding

  1. Problems and state of the art of faults injection on Systems on Chip

    Thomas Trouchkine, Guillaume Bouffard, David El Baze, and Jessy Clédière - PHISIC 2018 workshop (2018)
  2. Anis Bkakria, Guillaume Bouffard, Julien Iguchy-Cartigny, and Jean-Louis Lanet - e-Smart 2011 (2011)

    In the smart card world, Java Card plays an important role. To communicate with this type of card, which complies to the ISO7816 specification you should use a specific library. Indeed, this kind of library must implement high level functions, which follows the Global Platform (GP) specification (authentication protocols, applet installation process, etc.), and should be interfaced with another library to handle CAP files like the Cap File Manipulator Java-library. Therefore, we developed an open-source Java-library: OPAL, for Open Platform Access Library, which complies with the Global Platform specification. This library provides the full-support of the Java Card applets life cycle and smart card management. Moreover, to exchange data with a Java Card, we must implement Secure Channel Protocols (SCP) to pass the authentication step. GP defines three secure channels: SCP01, SCP02 and SCP03. These protocols provide a secure communication channel between a card and an entity which manages it. SCP01 is deprecated but still used. It uses a challenge-response authentication. When this challenge is a success, three security levels are used to exchange data (no security level, signed data or cypher and signed data). In order to improve the SCP01 security, SCP02 uses a mutual authentication, different computation methods and a new security level. The host ensures integrity of the received card data. Finally, the last improvement is SCP03 which reuses the SCP01 and SCP02 security levels in addition to a new security level which guarantees that the exchanged data are confidential. With OPAL, we would like to provide a Java-library which is fully compliant with GP. Futhermore, GP has defined a new authentication protocol, named Remote Application Management over HTTP. This draft uses an application provider which manages the applet and smart card life cycle using the HTTP protocol. Indeed, OPAL can receive a HTTP POST request sent by the Remote Administration Server and extract the included APDU command. Afterwards, OPAL sends the APDU command via the SCP02 protocol to the card and receives its response. Thus, the response is encapsulated in a HTTP POST request in order to send it to the Remote Administration Server.

  3. Matthieu Barreaud, Guillaume Bouffard, Julien Iguchy-Cartigny, and Jean-Louis Lanet - Crypto’puces 2011 (2011)

    L’apparition des serveurs web embarquées dans les cartes à puce facilite le développement d’applications. Celles-ci sont proches des servlets (applications avec un serveur web) et se basent sur le modèle HTTP connu de nombreux développeurs. Le serveur peut-être aussi bien utilisé de l’extérieur, via la connexion du téléphone (GSM, 3G, etc.), pour toutes les phases d’administration ou bien, via l’interface du téléphone, pour fournir des services utilisateurs. Nous allons ici nous intéresser au modèle Java Card 2.2 WebServer Edtion. Afin de communiquer avec ce serveur web, un fournisseur de service peut envoyer des trames HTTP au téléphone mobile – ou toutes autres interfaces entre la carte et le fournisseur de service. Ces trames sont ensuite encapsulées via le protocole BIP 2 pour être envoyées à la carte (U)SIM. L’étude et la validité de ce protocole a été un de nos sujets de recherche précédent. Dans la continuité de ce travail, nous avons choisi de vérifier le protocole HTTP. L’implémentation de ce type de serveur doit être sécurisée afin de garantir l’éxécution des commandes sensibles. Toutefois, les contraintes spécifiques au monde de l’embarquée force à avoir un systéme complet de l’ordre de quelques kilo-octets. De ce fait, les optimisations effectuées peuvent contribuer à la présence de vulnérabilités. Pour vérifier la conformité et la robustesse de l’implémentation, nous avons choisi d’utiliser le fuzzing qui est une technique de recherche d’erreurs d’implémentation logicielle par l’injection de données invalides. Cette méthode utilise un modèle de données représentant la grammaire et un modèle symbolisant l’automate à état du protocole à fuzzer. Notre outil d’analyse permet de caractériser le serveur web embarquée dans la carte et ainsi de réduire l’arbre des possibilités du modèle de données du protocole HTTP. Cet outil est une solution pour toutes personnes souhaitant vérifier la sécurité du protocole HTTP embarqué. Les premiers résultats expérimentaux seront présentés lors de la conférence.

Tutorial

  1. Guillaume Bouffard - Worskshop on the Security of Software/Hardware Interfaces (2019)

    Modern CPUs are daily use in our smartphone and several IoT devices. These components compute more and more sensitive data. However, they are only designed to prevent software attacks. Recently, few publications focus on breaking modern CPUs from hardware layout. In this presentation, we will see how hardware security in modern CPU is also important than software security and why should be take in account.

  2. Attacks against the Java Card Platform

    Guillaume Bouffard - CryptoBG International Summer School (2015)

Thesis

  1. Guillaume Bouffard - (2014) - Award Prix de thèse de l’action du CNRS Objets intelligents sécurisés et Internet des objets

    Smart cards are the keystone of various applications which we daily use: pay money for travel, phone, etc. To improve the security of this device with a friendly development environment, the Java technology has been designed to be embedded in a smart card. Introduce in the mid-nineties, this technology becomes nowadays the leading application platform in the world. As a smart card embeds critical information, evil-minded people are interested to attack this device. In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use the Fault Tree Analysis. This method used in safety analysis helps to understand and implement all the desirable and undesirable events existing in this domain. We apply this method to Java Card vulnerability analysis. We define the properties that must be ensured: integrity and confidentiality of smart card data and code. During this thesis, we focused on the integrity property, especially on the code integrity. Indeed, a perturbation on this element can break each other properties. By modelling the conditions, we discovered new attack paths to get access to the smart card contents. We introduce new countermeasures to mitigate the undesirable events defined in the tree models.

  2. Guillaume Bouffard - (2010)

    This document describes the work done during the internship for my master degree Information Technologies Security and Cryptography at the University of Limoges, France, carried out with Technicolor at the Technicolor Security and Content Protection Laboratories at Rennes, France. This internship aims to protect the sensitive piece of code of a binary exe- cutable without application source code knowledge. A sensitive piece of code of a binary application is a set of the most uses instructions. In order to protect this binary part, I extracted this sensitive piece of code of the binary application and I replaced with that provides a way to communicate to a dongle. On this dongle, the extracted protected instructions are putted and executed. Thus, to correctly execute a protected application, the user needs a dongle which con- tains the missed part of the executed application. After a short presentation of the context and the company, I will present each step to my internship. In a first time, I will describe how to find the sensitive binary part of an executable program. When this part is found, I will try to translate this piece of code in another language to protect it. Next, I will modify the binary application, without the source code, to change the protected piece of code by a set of instructions designed to communicate to the dongle containing the extracted piece of code. That will take us to a proof of concept. To conclude, I will sum up the completed objectives, the possible improvements and the difficulties I have encountered.