2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet609/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   605   606   607   608   609   610   611   612   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Smartcard Attacks 
Smartcards provide better authentication than passwords, especially when they’re com-
bined with another factor of authentication such as a personal identifi cation number (PIN). 
However, smartcards are also susceptible to attacks. A
side-channel attack
is a passive, 
noninvasive attack intended to observe the operation of a device. When the attack is suc-
cessful, the attacker can learn valuable information contained within the card, such as an 
encryption key. 
A smartcard includes a microprocessor, but it doesn’t have internal power. Instead, when 
a user inserts the card into the reader, the reader provides power to the card. The reader has 
an electromagnetic coil that excites electronics on the card. This provides enough power for 
the smartcard to transmit data to the reader. 
Side-channel attacks analyze the information sent to the reader. Sometimes they can 
measure the power consumption of a chip, using a power monitoring attack or differential 
power analysis attack, to extract information. In a timing attack, they can monitor the 
processing timings to gain information based on how much time different computations 

652
Chapter 14 

Controlling and Monitoring Access
require. Fault analysis attacks attempt to cause faults, such as by providing too little power 
to the card, to glean valuable information.
Summary of Protection Methods
The following list summarizes many security precautions that protect against access control 
attacks. However, it’s important to realize that this isn’t a comprehensive list of protections 
against all types of attacks. You’ll find additional controls that help prevent attacks covered 
throughout this book.
Control physical access to systems.
An old saying related to security is that if an attacker 
has unrestricted physical access to a computer, the attacker owns it. If attackers can gain 
physical access to an authentication server, they can steal the password file in a very 
short time. Once attackers have the password file, they can crack the passwords offline. 
If attackers successfully download a password file, all passwords should be considered 
compromised.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   605   606   607   608   609   610   611   612   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish