The adversary uses disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior in electronic devices. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.
The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation.
Typical Likelihood of Exploit
Attacker Skills or Knowledge Required
Skill or Knowledge Level: High
Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required.
The relevant sensors and tools to detect and analyze fault/side-channel data from a system.
A tool capable of injecting fault/side-channel data into a system or application.
Solutions and Mitigations
Implement robust physical security countermeasures and monitoring.
Read application data
Bypass protection mechanism
An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, he or she has compromised the confidentiality of that application or information system data.
Execute unauthorized code or commands
If an adversary is able to inject data via a fault or side channel vulnerability towards malicious ends, the integrity of the application or information system will be compromised.
More information is available — Please select a different filter.
Page Last Updated or Reviewed:
July 31, 2017
Use of the Common Attack Pattern Enumeration and Classification dictionary and classification taxonomy, and the associated references from this website, are subject to the