CAPEC-622

Electromagnetic Side-Channel Attack
Bas
Draft
2015-11-09
00h00 +00:00
2018-07-31
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing). This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack.

Informations du CAPEC

Conditions préalables

Proximal access to the device.

Compétences requises

Sophisticated attack, but detailed techniques published in the open literature.

Atténuations

Utilize side-channel resistant implementations of all crypto algorithms.
Strong physical security of all devices that contain secret key information. (even when devices are not in use)

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-201

Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attack_Motivation-Consequences