Title :
Analysis Vulnerabilities in Smart Card Web Server
Author :
Barreaud, Matthieu ; Iguchi-Cartigny, Julien ; Lanet, Jean-Louis
Author_Institution :
XLIM/DMI/SSD, Limoges, France
Abstract :
Since its beginning, smart cards have involved. They are used nowaday by million of users and provide more opportunities. You can integrate it a web server. Java Card 2.2 smart card Web Server does not support the TCP/IP protocol, a new communication protocol has been created between the card and the mobile : the BIP protocol (Bearer Independent protocol). This protocol managed the security of the communication, it should be flawless. To verify protocol security, we use fuzzing technic. Work on the fuzzing shown that many security flaws on application or protocol may be discovered when invalid data is injected. We use this method in black box with an accurate analysis on the BIP protocol to test its vulnerability to attacks. We will see its implementation have some differences with the specification.
Keywords :
Internet; Java; computer network security; file servers; protocols; smart cards; BIP protocol; Java Card 2.2; bearer independent protocol; communication protocol; communication security management; fuzzing technic; protocol security verification; smart card Web server; Driver circuits; Gold; Irrigation; Protocols; Smart cards; Web servers; XML;
Conference_Titel :
Network and Information Systems Security (SAR-SSI), 2011 Conference on
Conference_Location :
La Rochelle
Print_ISBN :
978-1-4577-0735-3
DOI :
10.1109/SAR-SSI.2011.5931388
