CAPEC-622: Electromagnetic Side-Channel Attack
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing). This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack.
前提条件
- Proximal access to the device.
所需技能
后果影响
影响范围: Confidentiality
技术影响: Read Data
说明: Derive sensitive information about encrypted data. For mobile devices, depending on which keys are compromised, the attacker may be able to decrypt VOIP communications, impersonate the targeted caller, or access the enterprise VPN server.
缓解措施
Utilize side-channel resistant implementations of all crypto algorithms.
Strong physical security of all devices that contain secret key information. (even when devices are not in use)