PrepAway - Latest Free Exam Questions & Answers

Which of the following is not a side-channel attack?

A number of attacks can be performed against smart cards. Side-channel is a class of attacks that doesn’t try to compromise a flaw or weakness. Which of the following is not a side-channel attack?

PrepAway - Latest Free Exam Questions & Answers

A.
Differential power analysis

B.
Microprobing analysis

C.
Timing analysis

D.
Electromagnetic analysis

Explanation:
B: A noninvasive attack is one in which the attacker watches how something works and how it reacts in different situations instead of trying to “invade” it with more intrusive
measures. Examples of side-channel attacks are fault generation, differential power analysis, electromagnetic analysis, timing, and software attacks. These types of attacks are used to
uncover sensitive information about how a component works without trying to compromise any type of flaw or weakness. A more intrusive smart card attack is microprobing.
Microprobing uses needles and ultrasonic vibration to remove the outer protective material on the card’s circuits. Once this is complete, data can be accessed and manipulated by
directly tapping into the card’s ROM chips.
A is incorrect because differential power analysis (DPA) is a noninvasive attack. DPA involves examining the power emissions released during processing. By statistically analyzing
data from multiple cryptographic operations, for example, an attacker can determine the intermediate values within cryptographic computations. This can be done without any
knowledge of how the target device is designed. Thus, an attacker can extract cryptographic keys or other sensitive information from the card.
C is incorrect because a timing analysis is a noninvasive attack. It involves calculating the time a specific function takes to complete its task. They are attacks based on measuring
how much time various computations take to perform. For example, by observing how long it takes a smart card to transfer key information, it is sometimes possible to determine how
long the key is in this instance.
D is incorrect because electromagnetic analysis is a noninvasive attack that involves examining the frequencies emitted. All electric currents emit electromagnetic emanations. In
smart cards, the power consumptionand, therefore, the electromagnetic emanation fieldvaries as data is processed. An electromagnetic analysis attempts to make correlations
between the data and the electromagnetic emanations in an effort to uncover cryptographic keys or other sensitive information on the smart card.


Leave a Reply