Home test

Title here

Device Security Quiz

Part 1
Component identification

Name the components and identify whether they are relevant to hardware attacks.

Question 1.1: Name the component:(Required)
Question 1.2: Is this component likely to be relevant for an attack?(Required)
Question 2.1: Name the component:(Required)
Question 2.2: Is this component likely to be relevant for the attack?(Required)
Question 3.1: Name the component:(Required)
Question 3.2: Is this component likely to be relevant for the attack?(Required)
Question 4.1: Name the component:(Required)
Question 4.2: Is this component likely to be relevant for the attack:(Required)
Question 5.1: Name the component:(Required)
Question 5.2: Is this component likely to be relevant for the attack?(Required)
Part 2
Memory and attack techniques
Question 6: For a successful attack, which memory type does one need to tamper with, and why?(Required)
Question 7: Which of the following defines a successful buffer overflow attack?(Required)
Question 8: Which of the following defines a successful string formatting attack?(Required)
Part 3
Attack and defense mechanisms
Question 9: You are certain that your code is bug-free. However, with Fault Injection (FI), it is still possible to make your code exhibit wrong behavior (e.g., validate a wrong password). Please select all statements that apply.(Required)

Question 9: You are certain that your code is bug-free. However, with Fault Injection (FI), it is still possible to make your code exhibit wrong behavior (e.g., validate a wrong password). Please select all statements that apply. (5 points)

  • With FI attacks the password check can be skipped
  • It is usually required to have the firmware image of the system in order to perform an FI attack
  • It is not possible to detect FI attacks
  • To perform FI attacks you always need specialized equipment
  • It is not possible to perform a successful FI attack if we use an ASIL-D protected chip in our system, because it is tolerant to faults
Question 10: You are certain that your code is bug-free. However, with Side Channel Analysis (SCA) attacks it is still possible to learn the correct password. Please select all statements that apply.(Required)

Question 10: You are certain that your code is bug-free. However, with Side Channel Analysis (SCA) attacks it is still possible to learn the correct password. Please select all statements that apply. (5 points)

  • SCA attacks can cause the system to print out the password in some I/O line
  • For a successful SCA attack it is usually required to connect to some I/O line of the attacked system
  • It is typically not possible to detect SCA attacks
  • It is not possible to defend against SCA attacks because side channels always exist
  • It is not possible to perform SCA if we use an ASIL-D protected chip in our system, because of the system redundancy
Question 11: You are concerned about physical attacks such as PCB reverse engineering or replacing memory chips. Which of the below are countermeasures against physical attacks?(Required)

Question 11: You are concerned about physical attacks such as PCB reverse engineering or replacing memory chips. Which of the below are countermeasures against physical attacks? (5 points)

  • Intrusion sensors
  • Scramble memory
  • PUFs (Physical Unclonable Functions)
  • Secure boot
Question 12: You are concerned about implementation attacks such as buffer overflows or Fault Injection. Which of the below are countermeasures against implementation attacks?(Required)

Question 12: You are concerned about implementation attacks such as buffer overflows or Fault Injection. Which of the below are countermeasures against implementation attacks? (5 points)

  • Shielding/filtering
  • TEE (Trusted Execution Environment)
  • Cryptography: encryption, signatures, hashing, MACs
  • Add noise to power line (SCA)