Home > CAPEC List > CAPEC-622: Electromagnetic Side-Channel Attack (Version 2.11)  

CAPEC-622: Electromagnetic Side-Channel Attack

 
Electromagnetic Side-Channel Attack
Definition in a New Window Definition in a New Window
Attack Pattern ID: 622
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing).

This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack.

+ Attack Prerequisites
  • Proximal access to the device.

+ Typical Severity

Low

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Medium

Sophisticated attack, but detailed techniques published in the open literature.

+ Solutions and Mitigations

Utilize side-channel resistant implementations of all crypto algorithms.

Strong physical security of all devices that contain secret key information. (even when devices are not in use)

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Read application data
Derive sensitive information about encrypted data. For mobile devices, depending on which keys are compromised, the attacker may be able to decrypt VOIP communications, impersonate the targeted caller, or access the enterprise VPN server.
+ Technical Context
Architectural Paradigms
Mobile
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017