CAPEC-622: Electromagnetic Side-Channel Attack |
Description In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing). This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack. Typical Severity Prerequisites
Proximal access to the device. |
Skills Required
[Level: Medium] Sophisticated attack, but detailed techniques published in the open literature. |
Consequences This table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.Scope | Impact | Likelihood |
---|
Confidentiality | Read Data | |
Mitigations
Utilize side-channel resistant implementations of all crypto algorithms. |
Strong physical security of all devices that contain secret key information. (even when devices are not in use) |
Content History Submissions |
---|
Submission Date | Submitter | Organization |
---|
2015-11-09 (Version 2.7) | CAPEC Content Team | The MITRE Corporation | | Modifications |
---|
Modification Date | Modifier | Organization |
---|
2018-07-31 (Version 2.12) | CAPEC Content Team | The MITRE Corporation | Updated Attack_Motivation-Consequences |
More information is available — Please select a different filter.
|