Master Key Extraction via Fault Injection Attack

Description

Master Key Extraction via Fault Injection Attack

CWE

1240

CVE

27208

Attack Surfaces

SoloKey

Controller Implementation (MITRE EMB3D PID-11)

Debug Interface (MITRE EMB3D PID-15)

private key (MITRE EMB3D PID-12)

Attack Vectors

FA (MITRE EMB3D TID-105)

Defenses

Protection against Flawed Read-out Protection, Load Master Key into SRAM only when Needed, Do not Store the Master Key Permanently or Use SRAM2 as Storage, Improve Present Option Byte Verification during Device Initialization, Enforce a PIN Entry for All Functionality