CWE-1300 Base Stable

Improper Protection of Physical Side Channels

This vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit measurable patterns in power usage, electromagnetic radiation,…

Définition

What is CWE-1300?

This vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit measurable patterns in power usage, electromagnetic radiation, or even sound emissions to uncover sensitive information like encryption keys.
Physical side-channel attacks work by monitoring the subtle, analog side effects of a device's operation. Even when digital data is perfectly secured, an attacker with physical access or nearby equipment can analyze fluctuations in power consumption, electromagnetic leaks, or acoustic noise. By correlating these physical patterns with the device's processing activity, secrets can be inferred without ever breaking the digital security directly. These attacks are a well-established threat, particularly against cryptographic operations. Protecting against them requires deliberate hardware and software design choices that obscure or eliminate the relationship between secret data processing and its physical manifestations. Without such countermeasures, devices remain vulnerable to key extraction and data theft from seemingly innocuous physical signals.
Impact réel

Real-world CVEs caused by CWE-1300

  • Power side-channels leak secret information from processor

  • electromagnetic-wave side-channel in security-related microcontrollers allows extraction of private key

  • Crypto hardware wallet's power consumption relates to total number of pixels illuminated, creating a side channel in the USB connection that allows attackers to determine secrets displayed such as PIN numbers and passwords

  • Chain: microcontroller system-on-chip contains uses a register value stored in flash to set product protection state on the memory bus but does not contain protection against fault injection (CWE-1319), which leads to an incorrect initialization of the memory bus (CWE-1419) leading the product to be in an unprotected state.

  • message encryption software uses certain instruction sequences that allows RSA key extraction using a chosen-ciphertext attack and acoustic cryptanalysis

  • virtualization product allows recovery of AES keys from the guest OS using a side channel attack against a power/energy monitoring interface.

  • power consumption varies based on number of pixels being illuminated in a display, allowing reading of secrets such as the PIN by using the USB interface to measure power consumption

Comment les attaquants l'exploitent

Parcours de l'attaquant étape par étape

  1. 1

    Consider a device that checks a passcode to unlock the screen.

  2. 2

    PIN numbers used to unlock a cell phone should not exhibit any characteristics about themselves. This creates a side channel. An attacker could monitor the pulses using an oscilloscope or other method. Once the first character is correctly guessed (based on the oscilloscope readings), they can then move to the next character, which is much more efficient than the brute force method of guessing every possible sequence of characters.

  3. 3

    Consider the device vulnerability CVE-2021-3011, which affects certain microcontrollers [REF-1221]. The Google Titan Security Key is used for two-factor authentication using cryptographic algorithms. The device uses an internal secret key for this purpose and exchanges information based on this key for the authentication. If this internal secret key and the encryption algorithm were known to an adversary, the key function could be duplicated, allowing the adversary to masquerade as the legitimate user.

  4. 4

    The code snippet provided here is part of the modular exponentiation module found in the HACK@DAC'21 Openpiton System-on-Chip (SoC), specifically within the RSA peripheral [REF-1368]. Modular exponentiation, denoted as "a^b mod n," is a crucial operation in the RSA public/private key encryption. In RSA encryption, where 'c' represents ciphertext, 'm' stands for a message, and 'd' corresponds to the private key, the decryption process is carried out using this modular exponentiation as follows: m = c^d mod n, where 'n' is the result of multiplying two large prime numbers.

  5. 5

    The vulnerable code shows a buggy implementation of binary exponentiation where it updates the result register (result_reg) only when the corresponding exponent bit (exponent_reg[0]) is set to 1. However, when this exponent bit is 0, the output register is not updated. It's important to note that this implementation introduces a physical power side-channel vulnerability within the RSA core. This vulnerability could expose the private exponent to a determined physical attacker. Such exposure of the private exponent could lead to a complete compromise of the private key.

Exemple de code vulnérable

Vulnerable Other

Consider a device that checks a passcode to unlock the screen.

Vulnérable Other
As each character of the PIN number is entered, a correct character exhibits one current pulse shape while an incorrect character exhibits a different current pulse shape.
Exemple de code sécurisé

Secure Other

PIN numbers used to unlock a cell phone should not exhibit any characteristics about themselves. This creates a side channel. An attacker could monitor the pulses using an oscilloscope or other method. Once the first character is correctly guessed (based on the oscilloscope readings), they can then move to the next character, which is much more efficient than the brute force method of guessing every possible sequence of characters.

Sécurisé Other
Rather than comparing each character to the correct PIN value as it is entered, the device could accumulate the PIN in a register, and do the comparison all at once at the end. Alternatively, the components for the comparison could be modified so that the current pulse shape is the same regardless of the correctness of the entered character.
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention

How to prevent CWE-1300

  • Architecture and Design Apply blinding or masking techniques to implementations of cryptographic algorithms.
  • Implementation Add shielding or tamper-resistant protections to the device to increase the difficulty of obtaining measurements of the side-channel.
Signaux de détection

How to detect CWE-1300

Manual Analysis Moderate

Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230]. TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240].

Manual Analysis Moderate

Post-silicon, perform full side-channel attacks (penetration testing) covering as many known leakage models as possible against test code.

Manual Analysis Moderate

Pre-silicon - while the aforementioned TVLA methods can be performed post-silicon, models of device power consumption or other physical emanations can be built from information present at various stages of the hardware design process before fabrication. TVLA or known side-channel attacks can be applied to these simulated traces and countermeasures applied before tape-out. Academic research in this field includes [REF-1231] [REF-1232] [REF-1233].

Correction automatique Plexicus

Plexicus détecte automatiquement CWE-1300 et ouvre une PR de correction en moins de 60 secondes.

Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.

Questions fréquentes

Frequently asked questions

Qu'est-ce que CWE-1300 ?

This vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit measurable patterns in power usage, electromagnetic radiation, or even sound emissions to uncover sensitive information like encryption keys.

Quelle est la gravité de CWE-1300 ?

MITRE n'a pas publié de note de probabilité d'exploitation pour cette faiblesse. Traitez-la comme un impact moyen jusqu'à ce que votre modèle de menace prouve le contraire.

Quels langages ou plateformes sont affectés par CWE-1300 ?

MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.

Comment puis-je prévenir CWE-1300 ?

Apply blinding or masking techniques to implementations of cryptographic algorithms. Add shielding or tamper-resistant protections to the device to increase the difficulty of obtaining measurements of the side-channel.

Comment Plexicus détecte et corrige CWE-1300 ?

Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-1300 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.

Où puis-je en savoir plus sur CWE-1300 ?

MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/1300.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.

Prêt quand vous l'êtes

Arrêtez de payer par développeur.
Commencez à fermer la boucle.

Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.