| As a secure data processing and storage media,java card faces many kind of attacks which aim at brake through its hardware or software system.How to protect the card's secret information from evil extraction has been of great concern.A lot of protecting countermeasures had been published in the long attack and defense battle in the field of java card security.But these countermeasures are passive and independent from each other. Besides,the protecting efforts and coverage they provide are also limited.And what we talked above lead to the birth of the mechanism represented in this article.In this paper,first,we make a comprehensive introduction to what has been studied in the field of java card security. We summarize the kinds of attacks java card faces, among which pay particular attention to attacks toward JCVM. For each kind of attack,we concluded the existing countermeasures we can find in papers had been published until now and discussed the advantages and shortcomings in each countermeasure. And then,we introduced the concept of behavior analysis into the design of a complete secure java card system,we view each kind of card attack as a behavior,and manage to represent this behavior by several feature variables,so that the card can make a runtime classification when one particular attack is detected. We chose the SVM algorithm to do the classify part,and proposed that this new security mechanism will also be effective in the active defense of side channel attacks.Then, we designed a security system which is based on the secure mechanism and can be plugged in the JCVM,We separate the system into four parties: detection,trigger,classification and security decision.In order to compromise the card performance and the countermeasures,we adopt the grading safety control policy into the security decision component of the system. And at the last of this article,we proved the feasibility of this secure system by experiments. |
PDF Full Text Request