|
|
A perpetrator can attempt to manipulate a cryptomodule in order to read secret codes, alter the codes or even alter vital security parameters. A cryptomodule can be manipulated in various ways, for example it can contain:
. Other examples of such attacks include:
When the cryptomodule is manipulated, the perpetrator will usually try to conceal the attack so that the user believes the cryptomodule to be working correctly at first glance, although it is actually in an insecure state. There are, nevertheless, also destructive attacks in which perpetrators consciously resign themselves to destroying the cryptomodule, for example if they wish to obtain information on how the cryptomodule functions or read the cryptographic code.
A perpetrator can attempt to attack the cryptomodule at the user's site or steal it. If the user's site is poorly protected, the manipulation may be performed extremely rapidly and may thereby remain unnoticed for a long time. By stealing cryptomodules, a perpetrator can obtain important information on how a component can most easily be manipulated. The stolen components can be used to obtain sensitive information such as codes, software or knowledge of hardware security mechanisms. However, the stolen component can also be used to fake an authentic cryptomodule.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: July 1999 |