Hiding a fault enabled virus through code construction

Abstract

Smart cards are very secure devices designed to execute applica-tions and store confidential data. Therefore, they become the target of manyhardware and software attacks that aim to bypass their embedded securitymechanisms in order to gain access to the sensitive stored data. Recently, anew kind of attacks called combined attacks has appeared. They aim to induceperturbations in the application’s execution environment. Thus, correct andlegitimate application can be dynamically modified to become a hostile one af-ter being loaded in the card using a fault injection. In this paper, we treat theproblem from another angle: how to design an innocent looking code in sucha way that it becomes intentionally hostile after being activated by a fault in-jection? We present an original approach of backward code construction basedon constraints satisfaction and a tree traversal algorithm. After that, we pro-pose a way to optimize the search process by introducing heuristics for a fasterconvergence towards more realistic solutions.We implement this approach inaTrace Generatortool; thereafter evaluate its capacity to generate the re-quired solutions while giving a proof-of-concept of the code desynchronizationtechnique