|
|
|
|
|
|
by qazitory
3180 days ago
|
|
|
I have some customers with a stronger threat model than 'physical access owns the secrets' for reasonably mundane 'IoT' products. IP protection / late-point differentiation / any as-a-service model requirements can bump you out of that category. Fault attacks themselves require exploiting the structure of whatever primitive you're targeting, so in that sense whilst 'everything is susceptible' isn't false, it really does vary quite a bit, and attack strategies can be really quite complex. Some fault attacks on block ciphers are effectively augmented differential cryptanalysis. In general you're not going to be able to take a library and be able to make any claims about protection against invasive or non-invasive SCA without first knowing about the hardware it will be run on, so agree that it's not usually meaningful to add countermeasures against aforementioned types of attacker. IMO applied crypto is at its hardest when you're close to bare metal and you have a physical attacker. |
|
|
It's a sort of intuitive Venn Diagram situation here, where we're capturing:
1. The subset of hardware products that are "IOT" devices
2. The subset of that that are security sensitive
3. The subset of that that must be secure against their custodians (an extremely narrowing step here)
4. The subset of those products that rely on cryptographic primitives in order to operate.
To put this in perspective: most automotive and industrial secure hardware elements don't make it all the way down to (4), and are compromised by plain ol' bog standard software security attacks.