Simulateur d'Attaques Hardware sur Carte à Puce, 2009. ,
The EM Side???Channel(s), Cryptographic Hardware and Embedded Systems -CHES, p.2945, 2002. ,
DOI : 10.1007/3-540-36400-5_4
Power Analysis Tutorial. Rapport technique, 2011. ,
Power Analysis, What Is Now Possible..., Lecture Notes in Computer Science, p.489502, 1976. ,
DOI : 10.1007/3-540-44448-3_38
Automatic Integration of, 2003. ,
Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007), p.92102, 2007. ,
DOI : 10.1109/FDTC.2007.12
Tamper resistance-a cautionary note, Second USENIX Workshop on Electronic Commerce, 1996. ,
Low cost attacks on tamper resistant devices, 5th International Workshop Security Protocols, pp.125136-85, 1997. ,
DOI : 10.1007/BFb0028165
Outils d'aide à la recherche de vulnérabilités dans l'implantation d'applications embarquées sur carte à puce, pp.77-145, 2009. ,
Formal Verication of Security Properties of Smart Card Embedded Source Code, 2005. ,
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures, 2002. ,
DOI : 10.1007/3-540-36400-5_20
Cartes à puces : Les nouvelles frontières, 2010. ,
A weakest precondition approach to active attacks analysis, Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS '09, pp.5971-76, 2009. ,
DOI : 10.1145/1554339.1554348
The sorcerer's apprentice guide to fault attacks, Proceedings of the IEEE, vol.94, issue.2, p.370382, 2006. ,
Assembly-Level preinjection analysis for improving fault injection eciency, 5th European conference on Dependable Computing -EDCC, EDCC'05, p.246262, 2005. ,
Cité en page 119 ,
Attacks on Java Card 3.0 Combining Fault and Logical Attacks, Smart Card Research and Advanced Application. 9th IFIP WG 8.8/11.2 International Conference, p.148163, 2010. ,
DOI : 10.1007/978-3-642-12510-2_11
URL : https://hal.archives-ouvertes.fr/hal-00692165
Rapport technique, CEA LIST and INRIA, Preliminary Design (v 1.4). (Cité en pages 111 et 113, 2009. ,
Frama-C : Framework for Modular Analysis of C. CEA-LIST and INRIA-Futurs, 2012. ,
La sécurité des cartes bancaires http://www.bibmath.net/crypto/ moderne/cb.php3 [En ligne, 2012. ,
Secure Computer Systems : Unied Exposition and Multics Interpretation. Rapport technique MTR-2997, The MITRE Corp, 1975. ,
Pycparser tool for parsing C code ligne, En, 2012. ,
Attack model for verication of interval security properties for smart card C codes, 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security PLAS'10, pp.112-158, 2010. ,
Simulating physical attacks in smart card C codes : the jump attack case, pp.46-169, 2011. ,
High level model of control ow attacks for smart card functional security, 7th International Conference on Availability, Reliability and Security AReS 2012, pp.46-143 ,
Integrity Considerations for Secure Computer Systems. Rapport technique , MITRE Corp, 1977. ,
Dierential Fault Analysis of Secret Key Cryptosystems, Advances in Cryptology -CRYPTO, p.513525, 1997. ,
Formal verication of a memory model for C-like imperative languages, ICFEM'05 : 7th International Conference on Formal Engineering Methods, p.280299, 2005. ,
Formal Verication of a C Compiler Front- End, International Symposium on Formal Methods -FM, p.460475, 2006. ,
Sign Change Fault Attacks on Elliptic Curve Cryptosystems, editeurs, Fault Diagnosis and Tolerance in Cryptography, Lecture Notes in Computer Science, vol.4236, p.3652, 2006. ,
Les cartes à puce sans contact se généralisent . Le Figaro, 2011. ,
API-level attacks on embedded systems, Computer, vol.34, issue.10, p.6775, 2001. ,
DOI : 10.1109/2.955101
On the Importance of Checking Cryptographic Protocols for Faults, Journal of Cryptology, vol.14, issue.2, p.101119, 2001. ,
DOI : 10.1007/3-540-69053-0_4
Cours carte à puce EMV, 2008. ,
pdf [En ligne ; consulté le 05-août-2012]. (Cité en page 18 ,
Cours carte à puce http://cedric.cnam.fr/~bouzefra/ cours/cours_SEM/Cartes_Bouzefrane_partie1.pdf [En ligne, 2009. ,
Sphinx Python Documentation Generator, 2012. ,
Post Memory CorruptionMemory Analysis, Black Hat, 2011. ,
Smart Card APDU Analysis, Black Hat, p.8, 2008. ,
En ligne ; consulté le 05-août-2012]. (Cité en page 18 ,
Analyse des eets d'attaques par fautes et conception sécurisée sur plate-forme recongurable, 2009. ,
Generation of an error set that emulates software faults based on eld data, Proceedings of the The Twenty-Sixth Annual International Symposium on Fault-Tolerant Computing (FTCS '96), FTCS '96, p.304, 1996. ,
Passive and Active Combined Attacks on AES -Combining Fault Attacks and Side Channel Analysis Naccache et I. Verbauwhede, editeurs, Fault Diagnosis and Tolerance in Cryptography, p.1019, 2010. ,
De la sécurité physique des crypto-systèmes embarqués, 2007. ,
A Quick Benchmark : Gzip vs. Bzip2 vs. LZMA, 2005. ,
Side Channel Cryptanalysis of a Higher Order Masking Scheme, P. Paillier et I. Verbauwhede, editeurs, Cryptographic Hardware and Embedded Systems -CHES, p.2844, 2007. ,
DOI : 10.1007/978-3-540-74735-2_3
Abstract Interpretation : A Unied Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints ,
www.commoncriteriaportal.org/files/supdocs/CCDB-2009-03-001.pdf [En ligne ; consulté le 05-août-2012], p.10, 2009. ,
Frama-C's value analysis plug-in. Rapport technique, CEA LIST, 2010. http://frama-c.com/download/value-analysis-Boron-20100401.pdf [En ligne ,
Fan-C, a Frama-C plug-in for data ow verication, Embedded Real Time Software and Systems ERTS, pp.2012-177 ,
Side Channel Attacks and Countermeasures for Embedded Systems, Black Hat, 2007. ,
Taster, a Frama-C plug-in to enforce Coding Standards, Embedded Real Time Software and Systems ERTS, pp.2010-177 ,
A lattice model of secure information flow, Papers from Fifth ACM Symposium on Operating Systems Principles, p.236243, 1976. ,
DOI : 10.1145/360051.360056
Secure Smartcard Design against Laser Fault Injection, 4th Workshop on Fault Diagnostic and Tolerance in Cryptography, 2007. ,
La carte à puce Master's thesis, 2000. ,
Software Visualization and Model Generation. Engineer, p.112, 2006. ,
Low cost fault injection method for security characterization Secure ICs design issues, 2009. ,
Revue expérimentale des techniques d'injection de fautes, Journée Sécurité GDR SoC-SiP, pp.2010-86, 2010. ,
Graphviz and Dynagraph ??? Static and Dynamic Graph Drawing Tools, Graph Drawing Software, p.127148, 2003. ,
DOI : 10.1007/978-3-642-18638-7_6
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.96.3776
Improving security using extensible lightweight static analysis, IEEE Software, vol.19, issue.1, p.4251, 2002. ,
DOI : 10.1109/52.976940
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.23.8576
CToAssemblyTranslation.htm [En ligne ; consulté le 05-août-2012]. (Cité en page 38 ,
Évaluation par simulation de la sécurité des circuits face aux attaques par faute. These, 2008. ,
Goanna???A Static Model Checker, Formal Methods : Applications and Technology, p.297300, 2006. ,
DOI : 10.1007/978-3-540-70952-7_20
Journée sécurité : Sécurité des systèmes embarqués, 2011. ,
Fault Attacks on Java Card, p.85, 2005. ,
Electromagnetic Analysis : Concrete Results, Cryptographic Hardware and Embedded Systems -CHES, p.251261, 2001. ,
Basics of Fault Attacks, Fault Diagnosis and Tolerance in Cryptography, 2004. ,
A Survey on Fault Attacks ,
DOI : 10.1007/1-4020-8147-2_11
Attaques de cryptosystèmes embarqués et contre-mesures associées, 2007. ,
Smart Cards in Hostile Environments, 2000. ,
Security Policies and Security Models, 1982 IEEE Symposium on Security and Privacy, p.1120, 1982. ,
DOI : 10.1109/SP.1982.10014
The knowledge complexity of interactive proof systems, SIAM Journal on Computing, vol.18, issue.1, p.186208, 1989. ,
Evaluating Software Systems via Fault- Injection and Reliability, Availability and Serviceability (RAS) Metrics and Models Thesis proposal, Science, 2007. ,
Software package for producing plots, charts and graphics from data, 2012. ,
Silicon-level Solutions to Counteract Passive and Active Attacks, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, p.317, 2008. ,
DOI : 10.1109/FDTC.2008.18
URL : https://hal.archives-ouvertes.fr/hal-00311431
Architecture et CAO pour crypto-processeurs sécurisés, GDR SoC- SiP, pp.26-86, 2007. ,
SPEC CPU2006 benchmark descriptions, ACM SIGARCH Computer Architecture News, vol.34, issue.4, 2006. ,
DOI : 10.1145/1186736.1186737
Visualizing Information Flow through C Programs Automated Security Analysis Project C Information Flow Tool ( Cift ), Workshop on Systems Software Verication USENIX Association. (Cité en page 187, 2010. ,
On White-Box Cryptography, Proceedings of the 1st International Conference Security of Information and Networks, p.712, 2008. ,
Introduction to dierential power analysis, Journal of Cryptographic Engineering, vol.1, pp.527-2011 ,
Timing Attacks on Implementations of Die-Hellman, RSA, DSS, and Other Systems, Lecture Notes in Computer Science, vol.1109, pp.104113-104140, 1996. ,
Design principles for tamperresistant smartcard processors, USENIX Workshop on Smartcard Technology, p.920, 1999. ,
Attack???Defense Trees and Two-Player Binary Zero-Sum Extensive Form Games Are Equivalent, Proceedings of the First international conference on Decision and game theory for security -GameSec, Ga- meSec'10, p.245256, 2010. ,
DOI : 10.1007/978-3-642-17197-0_17
SoftViz : A Run-time Software Visualization Environment, 2004. ,
Un framework de fuzzing pour cartes à puce : application aux protocoles EMV, Symposium sur la Sécurité des Technologies de l'Information et des Communications, pp.18-44, 2011. ,
Compromission d'une application bancaire JavaCard par attaque logicielle, Symposium sur la Sécurité des Technologies de l'Information et des Communications, pp.2012-87, 2012. ,
Are Smart Cards the Ideal Domain for Applying Formal Methods, First International Conference of B and Z Users -ZB, pp.363373-52, 2000. ,
DOI : 10.1007/3-540-44525-0_21
Computer Security from a Programming Language and Static Analysis Perspective, European Symposium on Programming, 2003. ,
DOI : 10.1007/3-540-36575-3_1
URL : https://hal.archives-ouvertes.fr/hal-01499938
Exploiting type systems and static analyses for smart card security, Construction and Analysis of Safe, Secure, and Interoperable Smart Devices -CASSIS, p.172191, 2004. ,
Early Analysis of Fault-based Attack Eects in Secure Circuits, IEEE Transactions on Computers, vol.56, issue.10, p.14311434, 2007. ,
Fonctionnement interne d'un microprocesseur, 1999. ,
VisAA : Visual Analyzer for Assembler, Logic and Automata, p.221225, 2008. ,
URL : https://hal.archives-ouvertes.fr/hal-00315768
SmartCM a smart card fault injection simulator, 2011 IEEE International Workshop on Information Forensics and Security, pp.16-2011, 2011. ,
DOI : 10.1109/WIFS.2011.6123124
URL : https://hal.archives-ouvertes.fr/hal-00685220
On the emulation of software faults by software fault injection, Proceeding International Conference on Dependable Systems and Networks. DSN 2000, pp.417426-144, 2000. ,
DOI : 10.1109/ICDSN.2000.857571
Non-deterministic games and program analysis: An application to security, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158), p.443452, 1999. ,
DOI : 10.1109/LICS.1999.782639
Game theory meets network security and privacy, ACM Computing Surveys, vol.45, issue.3, 2012. ,
DOI : 10.1145/2480741.2480742
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.172.9249
Verication of JAVA CARD Applets Behavior with Respect to Transactions and Card Tears, 2006. ,
A tool for static C/C++ code analysis, 2012. http:// sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Main_Page [En ligne, 2012. ,
Selinux : Nsa's open source security enhanced linux, 2004. ,
Decoding Pay TV (European Scrambling Systems), FAQ2.HTM [En ligne, 1995. ,
Playing Inside the Black Box : Using Dynamic Instrumentation to Create Security Holes, Parallel Processing Letters, vol.11, issue.23, p.267280, 2001. ,
Generating formal specications for security-critical applications -A model-driven approach, Workshop on Software Engineering for Secure Systems -ICSE, IWSESS '09, p.6874, 2009. ,
Slicing for Security of Code, Trusted Computing -Challenges and Applications -TRUST, p.133142, 2008. ,
DOI : 10.1007/978-3-540-68979-9_10
Advanced compiler design and implementation, 1998. ,
Chip and PIN is Broken, 2010 IEEE Symposium on Security and Privacy, pp.433446-433462, 2010. ,
DOI : 10.1109/SP.2010.33
Enforcing Robust Declassication, Workshop on Computer Security Foundations -CSFW, p.172186, 2004. ,
DOI : 10.1109/csfw.2004.1310740
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.147.2865
Understanding and visualizing full systems with data ow tomography, Architectural Support for Programming Languages and Operating Systems -ASPLOS, p.211221, 2008. ,
Valgrind : a framework for heavyweight dynamic binary instrumentation, Programming Language Design and Implementation -PLDI, PLDI'07, p.89100, 2007. ,
Sécurisation de processeurs vis-à-vis des attaques par faute et par analyse de la consommation, 2011. ,
The YogiProject : Software Property Checking via Static Analysis and Testing Tools and Algorithms for the Construction and Analysis of Systems - TACAS, Lecture Notes in Computer Science, vol.5505, pp.178181-139, 2009. ,
Fault Attacks and Countermeasures, 2005. ,
A Toolkit for Addressing HCI Issues in Visual Language Environments, 2005 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC'05), p.145152, 2005. ,
DOI : 10.1109/VLHCC.2005.11
URL : https://hal.archives-ouvertes.fr/inria-00107339
Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model, 2007 IEEE Symposium on Security and Privacy (SP '07), p.149163, 2007. ,
DOI : 10.1109/SP.2007.10
Combining Information Theory and Side Channels to Break Secure Implementations, 2009. ,
Side Channel Attacks, 2002. ,
ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smart Cards, Lecture Notes in Computer Science, vol.2140, 2001. ,
DOI : 10.1007/3-540-45418-7_17
Eddy current for Magnetic Analysis with Active Sensor, 2002. ,
How to Explain Zero-Knowledge Protocols to Your Children, Lecture Notes in Computer Science, vol.435, p.628631, 1989. ,
High Level Fault Injection for Attack Simulation in Smart Cards, 13th Asian Test Symposium, ATS '04, p.118121, 2004. ,
Language-based information-ow security, IEEE Journal on Selected Areas in Communications, vol.21, issue.1, p.519, 2003. ,
On a new way to read data from memory, First International IEEE Security in Storage Workshop, p.6569, 2002. ,
Veried formal security models for multiapplicative smart cards, Journal of Computer Security, vol.10, issue.4, 2002. ,
Evaluation of Countermeasures Against Fault Attacks on Smart Cards, International Journal of Security and Its Applications, vol.5, issue.2, pp.2011-145 ,
URL : https://hal.archives-ouvertes.fr/hal-00685237
Securing Android-Powered Mobile Devices Using SELinux, IEEE Security & Privacy Magazine, vol.8, issue.3, p.3644, 2010. ,
DOI : 10.1109/MSP.2009.144
The geometry of innocent esh on the bone : return-into-libc without function calls (on the x86, Conference on Computer and communications Security, CCS '07, p.552561, 2007. ,
Optical Fault Induction Attacks, Cryptographic Hardware and Embedded Systems -CHES, pp.212-240, 2002. ,
DOI : 10.1007/3-540-36400-5_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.9.5680
Semi-invasive attacks A new approach to hardware security analysis, 2005. ,
Optical Fault Masking Attacks In Workshop on Fault Diagnosis and Tolerance in Cryptography, Fault Diagnosis and Tolerance in Cryptography, IEEE Computer Society, p.2329, 2010. ,
Stressing Security Requirements : Exploiting the Flaw Hypothesis Method with Deviational Techniques, Symposium on Requirements Engineering for Information Security, pp.2005-143, 2005. ,
2010-Tarnovsky-DeconstructProcessor-video.m4v [En ligne ,
How to Make Smartcards Resistant to Hackers' Lightsabers ? Tuyls, editeur, Foundations for Forgery-Resilient Cryptographic Hardware, pp.18-2010, 2010. ,
Vércation de politiques de sécurité par analyse de programmes, 1999. ,
Doxygen : Source code documentation generator tool, 2008. ,
Practical Optical Fault Injection on Secure Microcontrollers, Workshop on Fault Diagnosis and Tolerance in Cryptography, p.9199, 2011. ,
The Fault Attack Jungle -A Classication Model to Guide You, Workshop on Fault Diagnosis and Tolerance in Cryptography, p.38, 2011. ,
A Formal Security Model of the Inneon SLE 88 Smart Card Memory Managment, 8th European Symposium on Research in Computer Security -ESORICS, p.217234, 2003. ,
Cryptanalysis of a provably secure CRT-RSA algorithm, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, p.9297, 2004. ,
DOI : 10.1145/1030083.1030097
http://en.wikipedia.org/wiki/EMV# Vulnerabilities [En ligne, 2012. ,
http://en.wikipedia.org/wiki/George_Hotz [En ligne, 2012. ,
Norme Iso 14443 http://en.wikipedia.org/wiki/ISO/IEC_14443 [En ligne, 2012. ,
PathCrawler: Automatic Generation of Path Tests by Combining Static and Dynamic Analysis, Fifth European Dependable Computing Conference, p.281292, 2005. ,
DOI : 10.1007/11408901_21
Cité en page 52 ,
est le seul système de porte-monnaie électronique utilisé en France en 2011 Il peut être matérialisé sur une carte bancaire ou sur une carte dédiée à cet usage. Les montants concernés par les transactions sont de l'ordre de la petite monnaie (distributeur, automate, café, musique, boulangerie, journal, parcmètre, etc ,
Multiple Operating System") est un système d'exploitation qui permet à l'aide d'une machine virtuelle d'éxécuter plusieurs applications diérentes de manière sécurisée sur la même carte à puce ,
anglais Subscriber Identity Module) est une puce contenant un microcontrôleur et de la mémoire Elle est utilisée en téléphonie mobile pour stocker les informations spéciques à l'abonné d'un réseau mobile, en particulier pour les réseaux de type GSM ou UMTS ,
Vim à partir d'un template par Olivier Commowick . La fonte utilisée pour les listing est DejaVu Sans Mono. Le glossaire a été créé à partir de Wikipédia. Les images proviennent de http ,