Attacks by survey

In Cryptanalyse, a attacks by survey is what one describes as invasive Attaque, i.e. the implementation of this one can deteriorate, to even destroy the circuit (Cryptoprocesseur) to analyze.

The principle of an attack per survey (called probing attack ) is of espionner the electric activity of an electronics component of the circuit by positioning a probe sufficiently close to known as composing. In the scientific literature, to measure the evolution of the state of an equipotential of a drunk (a “wire”) is a typical example of attack per survey.

By collecting data of this manner, the attacker can be able to deduce all or part of the secrecy from the cryptographic circuit.

Practical application

In this section, we make the assumption that attacker wants espionner data bus (with statistical data which circulates there), in order to establish a whole of quantified texts, thus facilitating the Cryptanalyse.

Few laboratories can be allowed to set up this type of attack, because it requires very sophisticated and expensive material.

First of all the circuit should be prepared to be analyzed. It often should be soaked in the Acétone, then “to scrape” its surface (generally covered with a chemical coating) to expose the metal roadbases (metal 6 or 7 for the smartcards). In the recommendations of the submicronic manufactoring processes of the manufacturers, it is known as to put the possible buses more “high” among the material layers. That makes it possible the attacker not to have to penetrate too deeply in the circuit, and makes thus possible the survey. Indeed, if the buses were placed on the level of metal 3 for example, it would be necessary to cross 4 layers of metal for espionner, with a very strong probability of destroying the cryptoprocessor before even beginning truly handling.

Once the finished preparations, the survey can start. For that it is necessary to very approach close to equipotential with espionner a metal point (typically in Tungstène) which reacts in the passing of a bit on this one (in fact a change or not of state). With a very rigorous Oscilloscope sufficiently precise and timing, one can thus determine the bits forwarding by the bus. To note all the same that it is not (at present) possible of espionner several equipotential simultaneously: this technique is too complex to set up.

For the moment this type of attack has a primarily theoretical interest, because to suppose that the attacker has such a control of the environment is an extremely strong assumption (possibility of handling the material as it hears it, access to material of very expensive measurement, etc).

Random links:

Sit of Alésia | Jean Philippe Raymond Dorsner | Bavayia Montana | International airport of Monastir Habib-Bourguiba | Paved sector | Paperinik

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org