Exécuter une analyse statique (SAST) sur le code source à la recherche du motif non sécurisé dans le flux de données.
CWE-1255 Variante Brouillon
Comparison Logic is Vulnerable to Power Side-Channel Attacks
This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage…
Définition
What is CWE-1255?
This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations.
Attackers can exploit this weakness by measuring a device's real-time power draw while it validates security tokens, like passwords or cryptographic keys. If the comparison logic isn't designed to consume consistent power regardless of the input, each guess creates a unique power signature. Observing these tiny variations allows an attacker to distinguish correct from incorrect character guesses, effectively turning power consumption into a data leak.
Unlimited retry mechanisms dramatically worsen this issue, giving attackers repeated opportunities to measure and compare power traces. To prevent this, developers must implement constant-time comparison algorithms that execute identical operations and power patterns for all inputs, alongside strict rate-limiting on authentication attempts to block the gradual reconstruction of secrets through side-channel analysis.
Impact réel
Real-world CVEs caused by CWE-1255
-
CMAC verification vulnerable to timing and power attacks.
Comment les attaquants l'exploitent
Parcours de l'attaquant étape par étape
- 1
Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.
- 2
Since the algorithm uses a different number of 1's and 0's for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.
- 3
Among various options for mitigating the string comparison is obscuring the power consumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.
- 4
This code demonstrates the transfer of a secret key using Serial-In/Serial-Out shift. It's easy to extract the secret using simple power analysis as each shift gives data on a single bit of the key.
- 5
This code demonstrates the transfer of a secret key using a Parallel-In/Parallel-Out shift. In a parallel shift, data confounded by multiple bits of the key, not just one.
Exemple de code vulnérable
Vulnerable C
Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.
static nonvolatile password_tries = NUM_RETRIES;
do
```
while (password_tries == 0) ; // Hang here if no more password tries
password_ok = 0;
for (i = 0; i < NUM_PW_DIGITS; i++)
if (GetPasswordByte() == stored_password([i])
password_ok |= 1; // Power consumption is different here
else
password_ok |= 0; // than from here
end
if (password_ok > 0)
password_tries = NUM_RETRIES;
break_to_Ok_to_proceed
password_tries--;
while (true)
// Password OK Exemple de code sécurisé
Secure C
Among various options for mitigating the string comparison is obscuring the power consumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.
static nonvolatile password_tries = NUM_RETRIES;
do
```
while (password_tries == 0) ; // Hang here if no more password tries
password_tries--; // Put retry code here to catch partial retries
password_ok = 0;
for (i = 0; i < NUM_PW_DIGITS; i++)
if (GetPasswordByte() == stored_password([i])
password_ok |= 0x10; // Power consumption here
else
password_ok |= 0x01; // is now the same here
end
if ((password_ok & 1) == 0)
password_tries = NUM_RETRIES;
break_to_Ok_to_proceed
while (true)
// Password OK What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention
How to prevent CWE-1255
- Architecture and Design The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check.
- Architecture and Design Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result.
- Architecture and Design An additional potential mitigation is to add random data to each crypto operation then subtract it out afterwards. This is highly effective but costly in performance, area, and power consumption. It also requires a random number generator.
- Implementation If the architecture is unable to prevent the attack, using filtering components may reduce the ability to implement an attack, however, consideration must be given to the physical removal of the filter elements.
- Integration During integration, avoid use of a single secret for an extended period (e.g. frequent key updates). This limits the amount of data compromised but at the cost of complexity of use.
Signaux de détection
How to detect CWE-1255
Exécuter des tests de sécurité applicative dynamique (DAST) contre le point de terminaison en ligne.
Surveiller les journaux runtime pour détecter des traces d'exception inhabituelles, des entrées malformées ou des tentatives de contournement d'autorisation.
Revue de code : signaler tout nouveau code qui traite les entrées de cette surface sans utiliser les helpers du framework validés.
Plexicus détecte automatiquement CWE-1255 et ouvre une PR de correction en moins de 60 secondes.
Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.
Questions fréquentes Qu'est-ce que CWE-1255 ?
Quelle est la gravité de CWE-1255 ?
Quels langages ou plateformes sont affectés par CWE-1255 ?
Comment puis-je prévenir CWE-1255 ?
Comment Plexicus détecte et corrige CWE-1255 ?
Où puis-je en savoir plus sur CWE-1255 ?
Frequently asked questions
Qu'est-ce que CWE-1255 ?
This vulnerability occurs when a device's power consumption is monitored during security checks, allowing attackers to deduce secret reference values by analyzing subtle differences in energy usage during comparison operations.
Quelle est la gravité de CWE-1255 ?
MITRE n'a pas publié de note de probabilité d'exploitation pour cette faiblesse. Traitez-la comme un impact moyen jusqu'à ce que votre modèle de menace prouve le contraire.
Quels langages ou plateformes sont affectés par CWE-1255 ?
MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.
Comment puis-je prévenir CWE-1255 ?
The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check. Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result.
Comment Plexicus détecte et corrige CWE-1255 ?
Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-1255 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.
Où puis-je en savoir plus sur CWE-1255 ?
MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/1255.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.
Faiblesses associées
Weaknesses related to CWE-1255
CWE-1300 Parent
Improper Protection of Physical Side Channels
This vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit…
CWE-1259 Pair
Improper Restriction of Security Token Assignment
This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly secure its Security Token mechanism. These tokens control which…
Prêt quand vous l'êtes
Arrêtez de payer par développeur.
Commencez à fermer la boucle.
Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.