Cryptography Reference
In-Depth Information
Table 17.1 Comparison of
global and local attacks
features
Feature
Global
Local
Invasive
no
yes
Cost in equipment
low
high
Required expertise
low
high
Easiness of detectability
yes
no
Controllability in space
no
yes
Controllability in time
yes
yes
something that will induce a fault, such as a laser beam, a particle source, or strong
eddy currents.
Table 17.1 compares global and local attacks according to different features. The
goal of this table is to define the contexts in which one or the other type of attack
best applies.
The advantage of global attacks is that they can be conducted on devices with
little preparation. Typically, in the case of a device such as a smart card, all the ports
(data, control and power inputs) are under the control of an attacker. This means
that the component is ready to be mounted on a test platform without any further
customization. Proposals to have smart cards be autonomous in terms of energy
(thanks to micro-batteries [373] or photovoltaic coupling [128]) do exist; however,
they fail to protect against active attacks. Module-level encapsulation (e.g. Sishell and
ACSIP solutions proposed by Axalto) does deny access to the chip surface, but still
leaves the input/output ports unprotected. In the case of autonomous components,
such as those present in a printed circuit board (PCB), global attacks will require
that they be unsoldered so that they can be placed in a testing environment. But in
both cases, an attack can be carried out irrespective of any chemical preparation.
However, such a delicate operation is mandatory for most local attacks since they
require the device to be physically close to the source of perturbation. Using the
terminology coined by Skorobogatov, global attacks are referred to as “noninvasive”
whereas local attacks are qualified as “semi-invasive” [377]. This latter term signifies
that local attacks require a chip to be depackaged but do not require electrical contact
with its metal surface. Active probing and circuit editing with a focused ion beam
(FIB) tool are two examples of “invasive” attacks.
As discussed in [397, Sect. 1], blasting a device with photons using white light
flashes can be considered a global attack, although it requires access to the surface of
a microprocessor. Indeed, a flash bulb does not allow an attacker to focus the optical
energy precisely, as opposed to a laser beam. However, the article [361] explains
that the surface of a chip can be made opaque by covering it with dark ink. Then, by
simply scratching the thin ink film off any zones of interest, an attacker can make sure
that light enters into a device by only this local opening. Therefore, in the following,
we will consider light injections as out of the scope of global attacks.
As global attacks are less sophisticated than local ones, they also involve low-cost
equipment. Most of them are indeed commercially available as off-the-shelf tools
for functional debugging or conformance testing. The level of expertise required to
 
Search WWH ::




Custom Search