Home > CAPEC List > CAPEC-624: Fault Injection (Version 2.11)  

CAPEC-624: Fault Injection

 
Fault Injection
Definition in a New Window Definition in a New Window
Attack Pattern ID: 624
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

The adversary uses disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior in electronic devices. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.

+ Alternate Terms

Term: Side-Channel Attack

+ Attack Prerequisites
  • Physical access to the system

  • The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Low

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required.

+ Resources Required

The relevant sensors and tools to detect and analyze fault/side-channel data from a system.

A tool capable of injecting fault/side-channel data into a system or application.

+ Solutions and Mitigations

Implement robust physical security countermeasures and monitoring.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Read memory
Read application data
Bypass protection mechanism
Hide activities
An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, he or she has compromised the confidentiality of that application or information system data.
Integrity
Execute unauthorized code or commands
If an adversary is able to inject data via a fault or side channel vulnerability towards malicious ends, the integrity of the application or information system will be compromised.
+ Other Notes

Considerable effort on the part of the adversary is often required in order to detect and analyze fault/side channel data.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Alternate_Terms, Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Other_Notes, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_SeverityInternal
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_PrerequisitesInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017