Tuesday November 21st at 1.30pm in room A008, Jean-Louis Lanet from Inria Rennes will give a talk entitled “How Secure Containers in a Secure Element are Secure?”
Retrieving assets inside a secure element is a challenging task. The most attractive assets are the cryptographic keys stored into the Non Volatile Memory (NVM) area but also the algorithms executed. Thus, the condentiality of binary code embedded in that device in the Read Only Memory (ROM) must be protected. In some of the secure elements, a part of the instruction set is unknown and dynamically translated during the loading phase. We present a new approach for reversing a binary program when the Instruction Set Architecture (ISA) is partially unknown. Then, we discover many of the native functions that bypass several security checks accessing directly the resources leading to retrieve in plain text the assets. We demonstrate the ability to use them at the Java level to retrieve sensitive assets whatever the protections are like the firewall. Then, we suggest several possibilities to mitigate these attacks.