{"id":963,"date":"2021-09-25T22:22:25","date_gmt":"2021-09-25T14:22:25","guid":{"rendered":"https:\/\/choson_steven.lifenet.com.tw\/?p=963"},"modified":"2023-03-29T11:16:39","modified_gmt":"2023-03-29T03:16:39","slug":"%e6%9c%80%e6%9c%89%e5%8f%af%e8%83%bd%e5%b0%8e%e8%87%b4%e6%95%b8%e6%93%9a%e6%b4%a9%e9%9c%b2%e7%9a%84%e9%87%9d%e5%b0%8d%e6%99%ba%e8%83%bd%e5%8d%a1%ef%bc%88smart-cards%ef%bc%89%e7%9a%84%e6%94%bb%e6%93%8a","status":"publish","type":"post","link":"https:\/\/choson.lifenet.com.tw\/?p=963","title":{"rendered":"\u6700\u6709\u53ef\u80fd\u5c0e\u81f4\u6578\u64da\u6d29\u9732\u7684\u91dd\u5c0d\u667a\u80fd\u5361\uff08smart cards\uff09\u7684\u653b\u64ca"},"content":{"rendered":"\n

\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210925\/201321603Nk48YiIrz.jpg\"
-\u5074\u4fe1\u9053\u653b\u64ca<\/p>\n\n\n\n

\u5074\u4fe1\u9053\u653b\u64ca(Side-channel attack)<\/strong>
\u53ea\u9700\u5728\u8a2d\u5099\u6216\u7cfb\u7d71\u9644\u8fd1\u653e\u7f6e\u5929\u7dda\u3001\u78c1\u63a2\u982d\u6216\u5176\u4ed6\u50b3\u611f\u5668\uff0c\u5373\u53ef\u5229\u7528\u5074\u4fe1\u9053\u3002\u9019\u5141\u8a31\u653b\u64ca\u8005\u6e2c\u91cf\u529f\u8017\u3001\u96fb\u58d3\u6ce2\u52d5\u6216\u5176\u4ed6\u5074\u4fe1\u9053\uff0c\u4f8b\u5982\u6eab\u5ea6\u6216\u8072\u97f3\u3002\u5074\u4fe1\u9053\u653b\u64ca\u53ef\u7528\u65bc\u5f9e\u667a\u80fd\u5361\u7b49\u8a2d\u5099\u4e2d\u63d0\u53d6\u5bc6\u9470\u3002\u5728\u73fe\u5be6\u4e16\u754c\u4e2d\uff0c\u9019\u5141\u8a31\u653b\u64ca\u8005\u52a0\u8f09\u6216\u91cd\u7f6e\u9918\u984d\u4e26\u63d0\u53d6\u6216\u91cd\u7f6e\u8a2d\u5099 PIN\u3002(\u534a\u5de5\u7a0b<\/a>)
\u901a\u904e\u5f9e\u7269\u7406\u5bc6\u78bc\u7cfb\u7d71\u6d29\u6f0f\u4fe1\u606f\u800c\u555f\u7528\u7684\u653b\u64ca\u3002\u53ef\u4ee5\u5728\u5074\u4fe1\u9053\u653b\u64ca\u4e2d\u5229\u7528\u7684\u7279\u5fb5\u5305\u62ec\u6642\u9593\u3001\u529f\u8017\u4ee5\u53ca\u96fb\u78c1\u548c\u8072\u767c\u5c04\u3002
\u4f86\u6e90\uff1aNIST \u8853\u8a9e\u8868<\/a>
\u5728 \u8a08\u7b97\u6a5f\u5b89\u5168<\/a>\u4e2d\uff0c \u65c1\u9053\u653b\u64ca \u662f\u57fa\u65bc\u5f9e \u8a08\u7b97\u6a5f\u7cfb\u7d71\u7684\u5be6\u65bd\u4e2d\u7372\u5f97\u7684\u4fe1\u606f\u7684\u4efb\u4f55\u653b\u64ca \uff0c\u800c\u4e0d\u662f\u5be6\u65bd\u7b97\u6cd5\u672c\u8eab\u7684\u5f31\u9ede\uff08\u4f8b\u5982 \u5bc6\u78bc\u5206\u6790<\/a> \u548c \u8edf\u9ad4\u932f\u8aa4<\/a>\uff09\u3002\u6642\u9593\u4fe1\u606f\u3001\u529f\u8017\u3001 \u96fb\u78c1 \u6d29\u6f0f\u751a\u81f3 \u8072\u97f3 \u90fd\u53ef\u4ee5\u63d0\u4f9b\u984d\u5916\u7684\u4fe1\u606f\u4f86\u6e90\uff0c\u53ef\u4ee5\u52a0\u4ee5\u5229\u7528\u3002
\u8cc7\u6599\u4f86\u6e90\uff1a\u7dad\u57fa\u767e\u79d1<\/a><\/p>\n\n\n\n

\u5167\u5bb9\u53ef\u5c0b\u5740\u5167\u5b58 (CAM) \u8868\u6ea2\u51fa\u653b\u64ca(Content addressable memory (CAM) table overflow attack)<\/strong>
\u7576 CAM \u8868\u6ea2\u51fa\u6642\uff0c\u4ea4\u63db\u96c6\u7dda\u5668\u53ef\u80fd\u6703\u964d\u7d1a\u70ba\u96c6\u7dda\u5668\u4ee5\u901a\u904e\u5411\u6240\u6709\u7aef\u53e3\u767c\u9001\u5e40\u4f86\u4fdd\u6301\u53ef\u7528\u6027\u3002\u9019\u6703\u5c0e\u81f4\u4e2d\u9593\u4eba\u60e1\u610f\u55c5\u63a2\u3002
CAM \u8868\u6ea2\u51fa\u653b\u64ca\u662f\u91dd\u5c0d\u7db2\u7d61\u4ea4\u63db\u6a5f\u57f7\u884c\u7684\u60e1\u610f\u884c\u70ba\uff0c\u5176\u4e2d\u5927\u91cf\u865b\u5047 MAC \u5730\u5740\u88ab\u767c\u9001\u5230\u4ea4\u63db\u6a5f\u3002\u9019\u7a2e\u6578\u64da\u6d2a\u6d41\u5c0e\u81f4\u4ea4\u63db\u6a5f\u8f49\u5132\u5176 CAM \u6578\u64da\u5eab\u8868\u4e2d\u7684\u6709\u6548\u5730\u5740\uff0c\u4ee5\u8a66\u5716\u70ba\u865b\u5047\u4fe1\u606f\u9a30\u51fa\u7a7a\u9593\u3002\u5728\u9019\u4e4b\u5f8c\uff0c\u4ea4\u63db\u6a5f\u7684\u9ed8\u8a8d\u884c\u70ba\u662f\u5411\u6240\u6709\u7aef\u53e3\u5ee3\u64ad\u6b63\u5e38\u7684\u79c1\u6709\u6d88\u606f\u3002
\u8cc7\u6599\u4f86\u6e90\uff1aCbtNuggets<\/a><\/p>\n\n\n\n

\u7aca\u807d\u653b\u64ca(Wiretapping Attack)<\/strong>
\u7aca\u807d\u662f\u5c0d\u96fb\u8a71\u3001\u96fb\u5831\u3001\u8702\u7aa9\u3001 \u50b3\u771f \u6216\u57fa\u65bc\u4e92\u806f\u7db2\u7684\u901a\u4fe1\u9032\u884c\u7684\u79d8\u5bc6\u96fb\u5b50\u76e3\u63a7 \u3002
\u7aca\u807d\u662f\u901a\u904e\u5728\u6709\u554f\u984c\u7684\u7dda\u8def\u4e0a\u653e\u7f6e\u4e00\u500b\u975e\u6b63\u5f0f\u5730\u7a31\u70ba\u932f\u8aa4\u7684\u76e3\u8996\u8a2d\u5099\u6216\u901a\u904e\u5176\u4ed6\u901a\u4fe1\u6280\u8853\u4e2d\u7684\u5167\u7f6e\u6a5f\u5236\u4f86\u5be6\u73fe\u7684\u3002
\u57f7\u6cd5\u5b98\u54e1\u53ef\u4ee5\u5229\u7528\u73fe\u5834\u76e3\u63a7\u6216\u9304\u97f3\u3002\u6578\u64da\u5305\u55c5\u63a2\u5668\u2014\u2014\u7528\u65bc\u6355\u7372\u5728\u7db2\u7d61\u4e0a\u50b3\u8f38\u7684\u6578\u64da\u7684\u7a0b\u5e8f\u2014\u2014\u662f\u4e00\u7a2e\u5e38\u7528\u7684\u73fe\u4ee3\u7aca\u807d\u5de5\u5177\u3002\u5404\u7a2e\u5176\u4ed6\u5de5\u5177\uff0c\u4f8b\u5982\u7aca\u807d\u6728\u99ac\uff0c\u7528\u65bc\u4e0d\u540c\u7684\u61c9\u7528\u7a0b\u5e8f\u3002
\u8cc7\u6599\u4f86\u6e90\uff1aTechTarget<\/a><\/p>\n\n\n\n

\u80cc\u8ca0\u5f0f\u653b\u64ca(Piggyback attack)<\/strong>
\u4e00\u500b \u80cc\u99b1\u5f0f\u653b\u64ca \u662f\u4e00\u7a2e\u6d3b\u5316\u5f62\u5f0f \u7aca\u807d \u7576\u653b\u64ca\u8005\u7372\u5f97\u901a\u904e\u6d3b\u52d5\u7684\u9593\u9694\u8a2a\u554f\u7cfb\u7d71\u4e2d\u7684\u5176\u4ed6\u7528\u6236\u7684\u5408\u6cd5\u9023\u63a5\u3002\u5b83\u4e5f\u88ab\u7a31\u70ba\u201c\u7dda\u9593\u653b\u64ca\u201d\u6216\u201c\u80cc\u8ca0\u5f0f\u9032\u5165\u7aca\u807d\u201d\u3002
\u5728\u5b89\u5168\u65b9\u9762\uff0c\u634e\u5e36\u6307\u7684\u662f\u7576\u67d0\u4eba\u8207\u53e6\u4e00\u500b\u88ab\u6388\u6b0a\u9032\u5165\u9650\u5236\u5340\u57df\u7684\u4eba\u4e00\u8d77\u6a19\u8a18\u6642\uff0c\u8a72\u8853\u8a9e \u5728\u6b64\u4e0a\u4e0b\u6587\u4e2d\u9069\u7528\u65bc \u8a08\u7b97\u6a5f\u7db2\u8def<\/a>\u3002
\u8cc7\u6599\u4f86\u6e90\uff1a\u7dad\u57fa\u767e\u79d1<\/a><\/p>\n\n\n\n

\u53c3\u8003
\u4e86\u89e3\u5074\u4fe1\u9053\u653b\u64ca<\/a>
ARP \u548c CAM \u8868<\/a>
\u80cc\u8ca0\u5f0f\u653b\u64ca<\/a>
\u4fdd\u8b77\u5716\u7247\u5b58\u6a94\u548c\u901a\u4fe1\u7cfb\u7d71 (PACS)\uff1a\u91ab\u7642\u4fdd\u5065\u884c\u696d\u7684\u7db2\u7d61\u5b89\u5168<\/a><\/p>\n\n\n\n

\u8cc7\u6599\u4f86\u6e90\uff1a\u00a0Wentz Wu QOTD-20210811<\/a><\/p>\n\n\n\n

PS:\u6b64\u6587\u7ae0\u7d93\u904e\u4f5c\u8005\u540c\u610f\u520a\u767b \u4e26\u4e14\u6388\u6b0a\u53ef\u4ee5\u7ffb\u8b6f\u6210\u4e2d\u6587<\/p>\n","protected":false},"excerpt":{"rendered":"

-\u5074\u4fe1\u9053\u653b\u64ca \u5074\u4fe1\u9053\u653b\u64ca(Side-channel attack)\u53ea\u9700\u5728\u8a2d\u5099\u6216\u7cfb\u7d71\u9644\u8fd1\u653e\u7f6e\u5929\u7dda\u3001\u78c1\u63a2\u982d\u6216\u5176\u4ed6\u50b3 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-963","post","type-post","status-publish","format-standard","hentry","category-cisspcertified-information-systems-security-professional"],"_links":{"self":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/963","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=963"}],"version-history":[{"count":2,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/963\/revisions"}],"predecessor-version":[{"id":2770,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/963\/revisions\/2770"}],"wp:attachment":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}