52 Things: Number 39: What is the difference between a side-channel attack and a fault attack?
52件事:第39件:侧通道攻击和故障攻击之间的区别是什么? This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know To Do Cryptography': a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. We continue with our side-channel track and discuss the differences between a side-channel attack and a fault attack.这是一系列博客文章中的最新一篇,旨在解决“每个博士生在做密码学时应该知道的52件事”:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。我们继续我们的侧通道跟踪,并讨论侧通道攻击和故障攻击之间的区别。 Side-channel attacks (SCA) are a class of attacks in which an adversary attempts to deduce information about a targets computation by observing side-channel leakage (e.g. timing, power consumption, electromagnetic emanations, acoustic noise etc.).
侧信道攻击(SCA)是一类攻击,其中对手试图通过观察侧信道泄漏(例如定时、功耗、电磁发射、声学噪声等)来推断关于目标计算的信息。 Fault attacks (FA) are a class of attacks in which an adversary attempts to exploit the result of a faulty computation. The fault may be the result of a program/design bug (e.g. Intel's famous FDIV bug), or a fault induced directly by the adversary (e.g. power glitch, clock glitch, temperature variation, ion-beam injection etc.). 'The Sorcerer’s Apprentice Guide to Fault Attacks' gives a good overview for a few of the more hands-on techniques for fault injection.
故障攻击(FA)是一类对手试图利用错误计算结果的攻击。故障可能是程序/设计错误(如英特尔著名的FDIV错误),也可能是对手直接引发的故障(如电源故障、时钟故障、温度变化、离子束注入等)。”《魔法师学徒故障攻击指南》很好地概述了一些更实际的故障注入技术。 To sum up, the primary difference between the two is that SCAs exploit computation leakage and FAs exploit the result of erroneous computation. It's not a very insightful (or interesting) answer so perhaps a better question is to 'Discuss some similar approaches to side-channel and fault attacks'.
总之,两者之间的主要区别在于SCA利用计算泄漏,而FA利用错误计算的结果。这不是一个很有见地(或有趣)的答案,所以也许更好的问题是“讨论一些类似的侧通道和故障攻击方法”。 I'll discuss examples for three sub-classes for both SCAs and FAs: non-invasive, semi-invasive and invasive. Just as a side note, there may be some disagreement on the exact classification of non-invasive, semi-invasive and invasive attacks. These are my opinions and if you disagree, I invite you to take it up with my publisher.
我将讨论SCAs和FA的三个子类的示例:非侵入性、半侵入性和侵入性。顺便说一句,在非侵入性、半侵入性和侵入性攻击的确切分类上可能存在一些分歧。这些是我的观点,如果你不同意,我邀请你与我的出版商讨论。 Non-Invasive: 非侵入性: An attack is classed as non-invasive if the adversary has no physical contact with the target. I give solitary examples below but there are more out there.
如果对手与目标没有物理接触,则攻击被归类为非侵入性攻击。下面我只举几个例子,但还有更多的例子。 SCA: Timing attacks are arguable both the most applicable and the least invasive SCA vector. This can be partly attributed to the fact that timing attacks can be carried out remotely but also because they are easily introduced. Consider a large library such as OpenSSL that supports numerous platforms and a whole suite of crypto applications. Ensuring that all sensitive computation is programmed to be constant time for each individual platform quickly becomes cumbersome. Add to this that you will be fighting the compilers efforts to optimise your code makes it an uphill battle.
SCA:定时攻击是最适用的SCA载体,也是侵入性最小的SCA载体。这在一定程度上可以归因于定时攻击可以远程执行,但也因为它们很容易引入。考虑一个大型库,如OpenSSL,它支持许多平台和一整套加密应用程序。确保所有敏感计算都被编程为每个单独平台的恒定时间很快就会变得麻烦。此外,您还将与编译器进行斗争,以优化您的代码,这将是一场艰苦的战斗。 FA: Non-invasive fault attacks are somewhat less common as it requires the faulty behaviour to be triggered based on the input. One could possibly build an attack using the aforementioned Intel FDIV bug which will return an incorrect division result for one in every 9 billion random inputs. I can't seem to find any reference to a concrete attack so we'll take it on faith that it may be possible.
FA:非侵入性故障攻击不太常见,因为它需要根据输入触发故障行为。有人可能会使用前面提到的英特尔FDIV漏洞进行攻击,该漏洞将为每90亿个随机输入中的一个返回错误的除法结果。我似乎找不到任何具体攻击的说法,所以我们相信这是可能的。 Semi-Invasive: 半侵入性: An attack is classed as semi-invasive if the adversary has limited physical contact with the target. I give solitary examples below but there are more out there.
如果对手与目标的物理接触有限,则攻击被归类为半侵入性攻击。下面我只举几个例子,但还有更多的例子。 SCA: In a power analysis attack the adversary monitors the power consumption of a the target device during the computation of a secret datum. The theory behind the attack is that the dynamic power consumption will be (in some way) related to the data being processed. If the adversary can approximate this relationship then they may also be able to make deductions about the data being processed. This is arguably semi-invasive as the adversary would require a power tap to the target device which is not always available and so the adversary would need to modify the target.
SCA:在功率分析攻击中,对手在计算秘密数据期间监视目标设备的功耗。攻击背后的理论是,动态功耗将(在某种程度上)与正在处理的数据有关。如果对手能够近似这种关系,那么他们也可以对正在处理的数据进行推断。这可以说是半侵入性的,因为对手需要到目标设备的电源抽头,而目标设备并不总是可用的,因此对手需要修改目标。 FA: Clock and power glitch attacks aim to induce faulty behaviour in a target device by altering the target environment. Consider the clock input to a chip, this clock governs the speed at which the target device operates. The maximum clock rate of a device is bounded by the 'critical path' of the target which is the longest amount of time required for a combinatorial circuit to reach a stable state. Violation of this bound will trigger race conditions in the device and hence result in undefined behaviour. This makes glitch attacks somewhat unpredictable and sometimes hard to reproduce but incredibly effective!
FA:时钟和电源故障攻击旨在通过改变目标环境,在目标设备中引发故障行为。考虑到芯片的时钟输入,这个时钟控制着目标设备的工作速度。器件的最大时钟速率受目标的“关键路径”的限制,这是组合电路达到稳定状态所需的最长时间。违反此界限将触发设备中的竞争条件,从而导致未定义的行为。这使得小故障攻击有些不可预测,有时很难复制,但却非常有效! Invasive: 侵入性: An attack is classed as invasive if the adversary has unlimited resources and access the target.
如果对手拥有无限的资源并可以访问目标,则攻击被归类为入侵。 SCA: Probing SCAs use a direct tap on the data bus of a target device allowing an adversary to (almost directly) read off any information that goes across the bus. The target must be fully decapsulated and carefully examined to precisely target the secret data.
SCA:探测SCA使用对目标设备的数据总线的直接点击,允许对手(几乎直接)读取通过总线的任何信息。必须对目标进行完全解封和仔细检查,以精确定位机密数据。 FA: Probing FAs allow an adversary to completely change the behaviour of the target device. Once again, the target must be fully decapsulated and mapped out to accurately influence the behaviour but once this is done, adversary has the ability to re-wire the target and consequently alter its operation.
FA:探测FA允许对手完全改变目标设备的行为。同样,目标必须完全解封装并绘制地图,以准确影响行为,但一旦完成,对手就有能力重新连接目标,从而改变其行动。 Both SCA and FA have been demonstrated on real-world devices to devastating effect. There are, of course, several countermeasures devised to mitigate for these attacks but these will come up later in our '52 things' series.
SCA和FA已经在现实世界的设备上进行了演示,产生了毁灭性的效果。当然,有几种应对措施可以缓解这些攻击,但这些措施将在我们的“52件事”系列稍后介绍。 标签:39,target,攻击,SCA,52,FA,attack,adversary From: https://www.cnblogs.com/3cH0-Nu1L/p/18107524