Classification of the attractiveness of an attack
In order to allow effective perimeter defense measures to be put in place, the attractiveness of an attack should be evaluated for each of the potential weaknesses of the system. This can be done in an objective mathematical manner using value analysis, in order to compute a prioritized list of probable attack targets. The scheme that is presented here is simplified, but it still allows us to make a relatively good estimate of the attractiveness of the various types of attack, and thus the probable lines of attack. Naturally, an attacker would normally choose an attack that requires the least effort and expense. The six criteria listed in Table 8.5 will consciously or unconsciously influence the attacker’s behavior. The lower the level of specific knowledge or skills required for an attack, the more attractive it is to an individual or an organization. Similarly, an attack that does not require the knowledge of any secrets is more attractive than one that requires many secrets to be known. This is not inconsistent with Kerckhoff’s principle, which says that security should depend only on the key and not on the cryptographic algorithm itself, since Kerckhoff’s principle does not mean that it is necessary to reveal everything about a system in order to make it secure. The presence of many secrets represents an enormous obstacle to mounting a successful attack.
Especially in the case of systematically searching for a key, the amount of time required plays an important role. The classic example is breaking a cryptographic algorithm using a brute-force attack that would require 10,000 years on average. No serious attack could be mounted on such a basis.

The attractiveness of an attack is equally dependent on the technical equipment required for the attack. This need not necessarily refer only to the purchase of equipment, since it may be sufficient to be able to rent the equipment or somehow acquire access to it. For example, a device that can generate and precisely position focused ion beams costs several hundred thousand euros, but such equipment can be rented by the day at research institutes, and some students can use this sort of equipment for free in their research work. The availability of the components to be attacked also strongly influences the attractiveness of a particular type of attack. For instance, you could attack a card-based electronic purse system either at home, by analyzing your own personal card and its card-specific keys, or at the system level by trying to analyze a security module with its system-wide master keys. The problem with the latter approach is that access to the security module is protected by multiple security measures. Incidentally, this is why smart cards for pay television are so strongly exposed to attack. An attacker can work undisturbed in his own living room, studying the communications and behavior of his smart card in order to try to duplicate them using a computer or a DIY electronic circuit, without being observed by anyone else and without any interference to his work. However, if he were to attempt to do the same thing with a smart card terminal in a supermarket, the cashier would immediately forbid any further experiments and thus interrupt his work. A good review of the subject of the security of electronic money with and without smart cards can be found in [BIS 96]. The final criterion, which is of decisive importance, is naturally the value of the result of the attacker’s efforts. His efforts must be rewarded, either in a monetary form or in the form of enhanced prestige. From this, it can for instance be concluded that various field trials of electronic purses are only at risk of being attacked by hackers and academic groups. There are far too few locations where the cards can be used, and the businesses are mostly too simple (bakers, kiosks and the like), for any significant amount of money to be gained from an attack.

.

.

.

.

.

.

.