CAPEC-624: Hardware Fault Injection

Meta Stable 严重程度: High 攻击可能性: Low

CAPEC版本: 3.9

更新日期: 2023-01-24

攻击模式描述

The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.

前提条件

  • Physical access to the system
  • The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation.

所需技能

High Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required.

所需资源

后果影响

影响范围: Confidentiality

技术影响: Read Data

说明: An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, has compromised the confidentiality of that application or information system data.

影响范围: Integrity

技术影响: Execute Unauthorized Commands

说明: If an adversary is able to inject data via a fault or side channel vulnerability towards malicious ends, the integrity of the application or information system will be compromised.

缓解措施

Implement robust physical security countermeasures and monitoring.

关键信息

CAPEC ID: CAPEC-624

抽象级别: Meta

状态: Stable

典型严重程度: High

攻击可能性: Low

相关CWE弱点
CWE-1247 CWE-1248 CWE-1256 CWE-1319 CWE-1332 CWE-1334 CWE-1338 CWE-1351
返回列表