Page 285 - AWSAR 2.0
P. 285

  “There comes the attacker, who plays the role of a magician. He/she can use some predictions to find the secret information within this black-box, in front of your eyes, without your consent, like a real magician. All these black- box algorithms have stronger cryptographic properties; hence
it is difficult to break using direct
methods. There, they have to
use some tricks and act as a
magician,” I added.
“As much as I know, these digitization techniques are secured,’’ he tried to prove his point and be on the safe side.
“Obviously, the real world
has many possibilities to attack
these black-box algorithms,
than the actual theoretical
model. Assume that the password is of 8 characters, which can be encrypted with 1024 bit cryptographic algorithms like RSA. One of the major threats is the device with which these algorithms are executed called, the environment. We assume the environment to be safe and that is exactly where the attack can be implanted,” I responded. “See this
Fig.,” I pointed him to another image on my phone. “Smart cards that we use are electronic devices
and they are used to perform some black-box computations, which require some time and energy. They work in specific environments. During the execution of these algorithms, an attacker can induce faults which can affect
the output. This part is called Fault Injection. The attacker can then monitor the change at the output side (shown in black color) and make some assumptions about the secret information. This technique is called Fault Exploitations. Together with fault injection and exploitation, these attacks are called Fault Attacks,” I added.
“What are these faults and how are they injected?”
he asked with anxiety showing in his eyes. “That’s the interesting part. The attacker induces errors or faults into the target devices using one of the many tampering techniques, such as by varying the power supply or device temperature, by making use of electromagnetic fields or by using focused ion beams. All these fault injection techniques can affect the execution of black-box algorithms in one way
or another.
For example, by varying any of these,
card readers can change the output, even in your presence. The attacker can easily attack the cards many times before legitimate transactions. Hence, these attacks can be easily mounted in reality.
Ms. Keerthi K. || 261
   The attacker induces errors or faults into the target devices using one of the many tampering techniques, such as by varying the power supply or device temperature, by making use of electromagnetic fields or by using focused ion beams.
   













































































   283   284   285   286   287