Hiding a fault enabled virus through code construction

• Published in: Journal of Computer Virology and Hacking Techniques Vol. 16; no. 2; pp. 103 - 124
• Main Authors: Hamadouche, Samiya, Lanet, Jean-Louis, Mezghiche, Mohamed
• Format: Journal Article
• Language: English
• Published: Paris Springer Paris 01.06.2020; Springer Nature B.V; Springer
• Subjects: Algorithms; Computer Science; Cryptography and Security; Embedded Systems; Original Paper; Search process; Smart cards; Viruses; Constraint satisfaction problem; Java Card bytecode; Backward code construction; Fault injection; Code desynchronization; Tree traversal
• ISSN: 2263-8733; 2263-8733
• DOI: 10.1007/s11416-019-00340-z

Smart cards are very secure devices designed to execute applications and store confidential data. Therefore, they become the target of many hardware and software attacks that aim to bypass their embedded security mechanisms in order to gain access to the sensitive stored data. Recently, a new kind of attacks called combined attacks has appeared. They aim to induce perturbations in the application’s execution environment. Thus, correct and legitimate application can be dynamically modified to become a hostile one after being loaded in the card using a fault injection. In this paper, we treat the problem from another angle: how to design an innocent looking code in such a way that it becomes intentionally hostile after being activated by a fault injection? We present an original approach of backward code construction based on constraints satisfaction and a tree traversal algorithm. After that, we propose a way to optimize the search process by introducing heuristics for a faster convergence towards more realistic solutions. This approach is implemented in a Trace Generator tool. Thereafter, we evaluate its capacity to generate the required solutions while giving a proof-of-concept of the code desynchronization technique.