Cette page est un brouillon appartenant à Driquet

Conseils de rédaction

→ N'hésitez pas à publier sur le brouillon un texte inachevé et à le modifier autant que vous le souhaitez.
→ Pour enregistrer vos modifications au brouillon, il est nécessaire de cliquer sur le bouton bleu : « Publier les modifications ». Il n'y a pas d'enregistrement automatique.

Si votre but est de publier un nouvel article, votre brouillon doit respecter les points suivants :

Respectez le droit d'auteur en créant un texte spécialement pour Wikipédia en français (pas de copier-coller venu d'ailleurs).
Indiquez les éléments démontrant la notoriété du sujet (aide).
Liez chaque fait présenté à une source de qualité (quelles sources – comment les insérer).
Utilisez un ton neutre, qui ne soit ni orienté ni publicitaire (aide).
Veillez également à structurer votre article, de manière à ce qu'il soit conforme aux autres pages de l'encyclopédie (structurer – mettre en page).

→ Si ces points sont respectés, pour transformer votre brouillon en article, utilisez le bouton « publier le brouillon » en haut à droite. Votre brouillon sera alors transféré dans l'espace encyclopédique.

Cet article est une ébauche concernant la sécurité informatique.

Vous pouvez partager vos connaissances en l’améliorant (comment ?) selon les recommandations des projets correspondants.

La sécurité des micro-ordinateurs peut être compromise par différents moyens.
Dans cet article sera décrit toutes les méthodes utilisées pour compromettre un système informatique grâce au matériel.

Invasive attacks[modifier | modifier le code]

Physical chemistry[modifier | modifier le code]

Memory[modifier | modifier le code]

Another way to reveal content of memory cells is to scan the surface of an active chip with a laser beam.
At each position of the laser, the current injected by the beam was measured. In this way, cells containing zeros could be distinguished from those containing ones.
This method is semi-invasive, as a decapsulation procedure has to be applied. As several points have to be scanned, the technique is rather slow.

This is a new method to produce a quick one-time snapshot of the state the memory cells are in.^[1]
This method makes use of a chemical reaction called electrolysis (chemical process which consists in converting electrical energy into liquid chemical energy containing ions^[2]). For this purpose, the chip has to be decapsulated and parts of the passivation must be removed.^[3]
The reaction shows the current state of the exposed memory cells. Thus, values processed in the static memory of a device can be read out by an attacker, including secret keys.^[1]
Exposing the top metal layer can be done with different procedures. Wet etching for removing the whole passivation or a laser cutter as well as a focused ion beam (FIB) for a selective removal can be used.^[1]

Data remanence problems affect not only obvious areas such as RAM and non-volatile memory cells but can also occur in other areas of the device through hot-carrier effects (which change the characteristics of the semiconductors in the device), electromigration which means physically move the atom to new locations (physically alter the device itself), and various other effects which are examined alongside the more obvious memory-cell remanence problems.^[4]

It is possible to analyse and recover data from these cells and from semiconductor devices in general long after it should (in theory) have vanished.^[5]

Power monitoring attack[modifier | modifier le code]

Integrated circuits are built out of individual transistors, which acts as voltage-controlled switches.
Current flows accross the transistor substrate qwhen charge is applied to (or removed from) the gate.
This current then delivers charge to the gates of other transistors, interconnect wires, and other circuit loads.
The motion of electric charge consumes power and produces electromagnetic radiation, both of which are externally detectable.
It is possible to easily identify macro-characteristics (such as microprocessor activity) by the simple monitoring of power consumption.^[6]

Simple Power Analysis[modifier | modifier le code]

In SPA attacks, an attacker directly observers a system's power consumption.
The amount of power consumed varies depending on the microprocessor instruction performed.
Large features such as DES rounds, RSA operations, etc. may be identified, since the operations performed by the microprocessor vary significantly during different parts of these operations.
SPA analysis can, for example, be used to break RSA implementations by revealing differences between multiplication and squaring operations.^[7]

Differential power analysis[modifier | modifier le code]

DPA attacks use statistical analysis and error correction techniques to extract information correlated of secret keys. Implemation of a DPA attack involves two phases: Data collection and data analysis.
Data collection for DPA may be performed by sampling a device's power consumption during cryptographic operations as a function of time.^[8]

DPA can be used to break implementations of almost any symmetric or asymmetric algorithm.^[9]

Non invasive attacks[modifier | modifier le code]

Acoustic emanations[modifier | modifier le code]

Keyboard[modifier | modifier le code]

Attacks against emanations caused by human typing have attracted interest in recent years. In particular, works showed that keyboard acoustic emanations do leak information that can be exploited to reconstruct the typed text.^[10]

PC keyboards, notebook keyboards are vulnerable to attacks based on differentiating the sound emanated by different keys.^[11]

This attack takes as input an audio signal containing a recording of a single word typed by a single person on a keyboard, and a dictionary of words. It is assume that the typed word is present in the dictionary. The aim of the attack is to reconstruct the original word from the signal.^[12]

Those attacks, taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters.^[13]

This attack is inexpensive because the other hardware required is a parabolic microphone and non-invasive because it does not require physical intrusion into the system.

The attack employs a neural network to recognize the key being pressed.^[11] It combine signal processing and efficient data structures and algorithms, to successfully reconstruct single words of 7-13 characters from a recording of the clicks made when typing them on a keyboard.^[12]

The sound of clicks can differ slightly from key to key, because the keys are positioned at different positions on the keyboard plate, although the clicks of different keys sound similar to the human ear.^[11]

On average, there were only 0.5 incorrect recognitions per 20 clicks, which shows the exposure of keyboard to the eavesdropping using this attack.^[14]

The attack is very efficient, taking under 20 seconds per word on a standard PC. A 90% or better success rate of finding the correct word for words of 10 or more characters, and a success rate of 73% over all the words tested.^[12]

In practice, a human attacker can typically determine if text is random. An attacker can also identify occasions when the user types user names and passwords.^[15] Short audio signals containing a single word, with seven or more characters long was considered. This means that the signal is only a few seconds long. Such short words are often chosen as a password.^[12] The dominant factors affecting the attack's success are the word length, and more importantly, the number of repeated characters within the word.^[12]

This is a procedure that makes it possible to efficiently uncover a word out of audio recordings of keyboard click sounds.^[16] More recently, extracting information out of an other type of emanations was demonstrated: acoustic emanations from mechanical devices such as dot-matrix printers.^[10]

Printer[modifier | modifier le code]

An attack that recovers what a dot-matrix printer processing English text is printing based on a record of the sound it makes, if the microphone is close enough to the printer. This attack recovers up to 72 % of printed words, and up to 95 % if knowledge about the text are done, with a microphone at a distance of 10cm from the printer.

After an upfront training phase, the attack is fully automated and uses a combination of machine learning, audio processing, and speech recognition techniques, including spectrum features, Hidden Markov Models and linear classification.

The fundamental reason why the reconstruction of the printed text works is that, the emitted sound becomes louder if more needles strike the paper at a given time. There is a correlation between the number of needles and the intensity of the acoustic emanation.

A training phase was conducted where words from a dictionary are printed and characteristic sound features of these words are extracted and stored in a database. The trained characteristic features was used to recognize the printed English text.
But, this task is not trivial. Major challenges include :
(i) Identifying and extracting sound features that suitably capture the acoustic emanation of dot-matrix printers;
(ii) Compensating for the blurred and overlapping features that are induced by the substantial decay time of the emanations;
(iii) Identifying and eliminating wrongly recognized words to increase the overall percentage of correctly identified words (recognition rate).

Electromagnetic[modifier | modifier le code]

Electromagnetic emanations have turned out to constitute a security threat to computer equipment.^[17]

Monitor[modifier | modifier le code]

The time-varying diffuse reflections of the light emitted by a CRT monitor can be exploited to recover the original monitor image.^[18]

This is a novel eavesdropping technique for spying at a distance on data that is displayed on an arbitrary computer screen, including the currently prevalent LCD monitors.
The technique exploits reflections of the screen’s optical emanations in various objects that one commonly finds in close proximity to the screen and uses those reflections to recover the original screen content. Such objects include eyeglasses, tea pots, spoons, plastic bottles, and even the eye of the user.
This attack can be successfully mounted to spy on even small fonts using inexpensive, off-the-shelf equipment (less than 1500 dollars) from a distance of up to 10 meters.
Relying on more expensive equipment allowed to conduct this attack from over 30 meters away, demonstrating that similar attacks are feasible from the other side of the street or from a close-by building.

Many objects that may be found at a usual workplace can be exploited to retrieve information on a computer’s display by an outsider.
Particularly good results were obtained from reflections in a user’s eyeglasses or a tea pot located on the desk next to the screen. Reflections that stem from the eye of the user also provide good results. However, eyes are harder to spy on at a distance because they are fast-moving objects and require high exposure times. Using more expensive equipment with lower exposure times helps to remedy this problem.

The reflections gathered from curved surfaces on close-by objects indeed pose a substantial threat to the confidentiality of data displayed on the screen. Fully invalidating this threat without at the same time hiding the screen from the legitimate user seems difficult, without using curtains on the windows or similar forms of strong optical shielding.
Most users, however, will not be aware of this risk and may not be willing to close the curtains on a nice day.

The reflection of an object, a computer display, in a curved mirror creates a virtual image that is located behind the reflecting surface.
For a flat mirror this virtual image has the same size and is located behind the mirror at the same distance as the original object.
For curved mirrors, however, the situation is more complex.^[17]

Temperature[modifier | modifier le code]

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard.^[19]

Many products do cryptographic and other security-related computations using secret keys or other variables that the equipment’s operator must not be able to read out or alter.
The usual solution is for the secret data to be kept in volatile memory inside a tamper-sensing enclosure.

Security processors typically store secret key material in static RAM, from which power is removed if the device is tampered with.
At temperatures below −20°C, the contents of SRAM can be ‘frozen’.

It is interesting to know the period of time for which a static RAM device will retain data once the power has been removed.
Low temperatures can increase the data retention time of SRAM to many seconds or even minutes.^[20]

Cache attack[modifier | modifier le code]

To increase the computational power, processors are generally equipped with a cache memory which decreases the memory access latency.
Unfortunately caches contain only a small portion of the application data and can introduce additional latency to the memory transaction in the case of a miss.
This involves also additional power consumption which is due to the activation of memory devices down in the memory hierarchy. The miss penalty has been already used to attack symmetric encryption algorithms, like DES.^[21]

The basic idea proposed in this paper is to force a cache miss while the processor is executing the AES encryption algorithm on a known plain text.^[22]

The attacks allow an unprivileged process to attack otherprocesses running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing and virtualization.^[23]

Timing attack[modifier | modifier le code]

Timing attacks enable an attacker to extract secrets maintained in a security system by observing the time it takes the system to respond to various queries.^[24]

Network timing[modifier | modifier le code]

SSH is designed to provide a secure channel between two hosts. Despite the encryption and authentication mechanisms it uses, SSH has [...] weaknesses.
In interactive mode, every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed, which leaks the inter-keystroke timing information of users’ typing.
A very simple statistical techniques suffice to reveal sensitive information such as the length of users’ passwords or even root passwords.
By using advanced statistical techniques on timing information collected from the network, the eavesdropper can learn significant information about what users type in SSH sessions.^[25]

Because the time it takes the operating system to send out the packet after the keypress is in general negligible comparing to the interkeystroke timing, this also enables an eavesdropper to learn the precise interkeystroke timings of users’ typing from the arrival times of packets.^[26]

Cryptographic attacks[modifier | modifier le code]

By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext.^[27] The attack can be treated as a signal detection problem. The signal consists of the timing variation due to the target exponent bit, and noise results from measurement inaccuracies and timing variations due to unknown exponent bits.
The properties of the signal and noise determine the number of timing measurements required to for the attack. Timing attacks can potentially be used against other cryptosystems, including symmetric functions.^[28]

Appendix[modifier | modifier le code]

A - Attack overview of a printer[modifier | modifier le code]

TODO ??

Références[modifier | modifier le code]

↑ ^{a b et c} Schmidt, 2008, p.284 Erreur de référence : Balise <ref> incorrecte : le nom « Schm1 » est défini plusieurs fois avec des contenus différents.
↑ Schmidt, 2008, p.285
↑ Schmidt, 2008, p.286
↑ Gutmann, p.1
↑ Gutmann, p.4
↑ Kocher, 1998, p.2
↑ Kocher, 1998, p.3
↑ Kocher, 1998, p.4
↑ Kocher, 1998, p.8
↑ ^{a et b} Berger, 2006, p.1 Erreur de référence : Balise <ref> incorrecte : le nom « [Ber1] » est défini plusieurs fois avec des contenus différents.
↑ ^{a b et c} Asonov, 2004, p.1 Erreur de référence : Balise <ref> incorrecte : le nom « [Aso1] » est défini plusieurs fois avec des contenus différents.
↑ ^{a b c d et e} Berger, 2006, p.2 Erreur de référence : Balise <ref> incorrecte : le nom « [Ber2] » est défini plusieurs fois avec des contenus différents.
↑ Zhuang, 2005, p.1
↑ Asonov, 2004, p.4
↑ Zhuang, 2005, p.4
↑ Berger, 2006, p.8
↑ ^{a et b} Compromising Reflections-or-How to Read LCD Monitors around the Corner Erreur de référence : Balise <ref> incorrecte : le nom « [Back2] » est défini plusieurs fois avec des contenus différents.
↑ Acoustic attacks on printers
↑ Halderman, 2008, p1
↑ Skorobogatov, 2002, p.3
↑ Bertoni, 2005, p.1
↑ Bertoni, 2005, p.3
↑ Shamir, 2005, p.1
↑ Brumley, 2003, p.1
↑ Song, 2001, p.1
↑ Song, 2001, p.2
↑ Kocher, 1996, p.1
↑ Kocher, 1996, p.9

Bibliographie[modifier | modifier le code]

(en) {{Article}} : paramètre « titre » manquant, paramètre « périodique » manquant, paramètre « date » manquant

Acoustic[modifier | modifier le code]

(en) D. Asonov, « Keyboard acoustic emanations », Security and Privacy,‎ 2004
(en) S. Chandrasekaran, « Keyboard acoustic emanations revisited », Proceedings of the 2003 ACM SIGMOD international conference on Management of data,‎ 2003
(en) Y. Berger, « Dictionary attacks using keyboard acoustic emanations », Proceedings of the 13th ACM conference on Computer and communications security,‎ 2006
(en) Michael Backes, « Acoustic Side-Channel Attacks on Printers », {{Article}} : paramètre « périodique » manquant, paramètre « date » manquant

Cache attack[modifier | modifier le code]

(en) Adi Shamir, « Cache Attacks and Countermeasures: The Case of AES », {{Article}} : paramètre « périodique » manquant,‎ 2005
(en) D. Page, « Partitioned cache architecture as a side-channel defence mechanism », {{Article}} : paramètre « périodique » manquant,‎ 2005TODO
(en) G. Bertoni, « AES Power Attack Based on Induced Cache Miss and Countermeasure », {{Article}} : paramètre « périodique » manquant,‎ 2005

Chemical[modifier | modifier le code]

(en) J. M Schmidt, « A Chemical Memory Snapshot », Smart Card Research and Advanced Applications,‎ 2008
(en) Peter Gutmann, « Data Remanence in Semiconductor Devices », {{Article}} : paramètre « périodique » manquant, paramètre « date » manquant (lire en ligne)

Electromagnetic[modifier | modifier le code]

(en) Mickael Backes, « Compromising Reflections-or-How to Read LCD Monitors around the Corner », IEEE Symposium on Security and Privacy,‎ 2008

Power analysis[modifier | modifier le code]

(en) Paul Kocher, « Introduction to differential power analysis and related attacks », {{Article}} : paramètre « périodique » manquant,‎ 1998
(en) Paul Kocher, « Differential Power Analysis », {{Article}} : paramètre « périodique » manquant,‎ 1998

Temperature[modifier | modifier le code]

(en) Sergei Skorobogatov, « Low temperature data remanence in static RAM », {{Article}} : paramètre « périodique » manquant,‎ juin 2002
(en) Alex Halderman, « Lest We Remember: Cold Boot Attacks on Encryption Keys », {{Article}} : paramètre « périodique » manquant,‎ 2008

Timing attacks[modifier | modifier le code]

(en) D. X Song, « Timing analysis of keystrokes and timing attacks on SSH », Proceedings of the 10th conference on USENIX Security Symposium, vol. 10,‎ 2001
(en) Paul Kocher, « Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems », Advances in Cryptology — CRYPTO ’96,‎ 1996
(en) David Brumley, « Remote timing attacks are practical », USENIX Security Symposium,‎ août 2003

Voir aussi[modifier | modifier le code]

Articles connexes[modifier | modifier le code]

Portail de la sécurité informatique

Vous êtes ici sur la page personnelle d’un utilisateur de Wikipédia en français.
Cette page ne fait pas partie de l’espace encyclopédique de Wikipédia.

Si vous avez accédé à cette page depuis un autre site que celui de Wikipédia en français, c’est que vous êtes sur un site miroir ou un site qui fait de la réutilisation de contenu. Cette page n’est peut-être pas à jour et l’utilisateur identifié n’a probablement aucune affiliation avec le site sur lequel vous vous trouvez. L’original de cette page se trouve à l'adresse suivante : https://fr.wikipedia.org/wiki/Utilisateur:Driquet/Sécurité informatique des micro-ordinateurs compromise par des défaillances matérielles.

[Schm1-1] {a b et c} Schmidt, 2008, p.284 Erreur de référence : Balise <ref> incorrecte : le nom « Schm1 » est défini plusieurs fois avec des contenus différents.

[Schm2-2] Schmidt, 2008, p.285

[Schm3-3] Schmidt, 2008, p.286

[Gut1-4] Gutmann, p.1

[Gut2-5] Gutmann, p.4

[[Koch2p2]-6] Kocher, 1998, p.2

[[Koch2p3]-7] Kocher, 1998, p.3

[[Koch2p4]-8] Kocher, 1998, p.4

[[Koch3p8]-9] Kocher, 1998, p.8

[[Ber1]-10] {a et b} Berger, 2006, p.1 Erreur de référence : Balise <ref> incorrecte : le nom « [Ber1] » est défini plusieurs fois avec des contenus différents.

[[Aso1]-11] {a b et c} Asonov, 2004, p.1 Erreur de référence : Balise <ref> incorrecte : le nom « [Aso1] » est défini plusieurs fois avec des contenus différents.

[[Ber2]-12] {a b c d et e} Berger, 2006, p.2 Erreur de référence : Balise <ref> incorrecte : le nom « [Ber2] » est défini plusieurs fois avec des contenus différents.

[[Zhu1]-13] Zhuang, 2005, p.1

[[Aso2]-14] Asonov, 2004, p.4

[[Zhu2]-15] Zhuang, 2005, p.4

[[Ber3]-16] Berger, 2006, p.8

[[Back2]-17] {a et b} Compromising Reflections-or-How to Read LCD Monitors around the Corner Erreur de référence : Balise <ref> incorrecte : le nom « [Back2] » est défini plusieurs fois avec des contenus différents.

[[Back1]-18] Acoustic attacks on printers

[Hald1p1-19] Halderman, 2008, p1

[Sko1p3-20] Skorobogatov, 2002, p.3

[Bert1p1-21] Bertoni, 2005, p.1

[Bert1p3-22] Bertoni, 2005, p.3

[sha1p1-23] Shamir, 2005, p.1

[[Brum1p1]-24] Brumley, 2003, p.1

[[Song1p1]-25] Song, 2001, p.1

[[Song1p2]-26] Song, 2001, p.2

[[Koch1p1]-27] Kocher, 1996, p.1

[[Koch1p9]-28] Kocher, 1996, p.9

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]