CWE-1300
Improper Protection of Physical Side Channels
Stable
2020-08-20
00h00 +00:00
00h00 +00:00
2025-04-03
00h00 +00:00
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Improper Protection of Physical Side Channels
The device does not contain sufficient protection
mechanisms to prevent physical side channels from exposing
sensitive information due to patterns in physically observable
phenomena such as variations in power consumption,
electromagnetic emissions (EME), or acoustic emissions.
CWE Description
An adversary could monitor and measure physical phenomena to detect patterns and make inferences, even if it is not possible to extract the information in the digital domain.
Physical side channels have been well-studied for decades in the context of breaking implementations of cryptographic algorithms or other attacks against security features. These side channels may be easily observed by an adversary with physical access to the device, or using a tool that is in close proximity. If the adversary can monitor hardware operation and correlate its data processing with power, EME, and acoustic measurements, the adversary might be able to recover of secret keys and data.
General Informations
Modes Of Introduction
ImplementationApplicable Platforms
Language
Class: Not Language-Specific (Undetermined)Operating Systems
Class: Not OS-Specific (Undetermined)Architectures
Class: Not Architecture-Specific (Undetermined)Technologies
Class: Not Technology-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Confidentiality | Read Memory, Read Application Data |
Observed Examples
| References | Description |
|---|---|
CVE-2022-35888 | Power side-channels leak secret information from processor |
CVE-2021-3011 | electromagnetic-wave side-channel in security-related microcontrollers allows extraction of private key |
CVE-2019-14353 | Crypto hardware wallet's power consumption relates to total number of pixels illuminated, creating a side channel in the USB connection that allows attackers to determine secrets displayed such as PIN numbers and passwords |
CVE-2020-27211 | Chain: microcontroller system-on-chip contains uses a register value stored in flash to set product protection state on the memory bus but does not contain protection against fault injection (CWE-1319), which leads to an incorrect initialization of the memory bus (CWE-1419) leading the product to be in an unprotected state. |
CVE-2013-4576 | message encryption software uses certain instruction sequences that allows RSA key extraction using a chosen-ciphertext attack and acoustic cryptanalysis |
CVE-2020-28368 | virtualization product allows recovery of AES keys from the guest OS using a side channel attack against a power/energy monitoring interface. |
CVE-2019-18673 | power consumption varies based on number of pixels being illuminated in a display, allowing reading of secrets such as the PIN by using the USB interface to measure power consumption |
Potential Mitigations
Phases : Architecture and DesignApply blinding or masking techniques to implementations of cryptographic algorithms.
Phases : Implementation
Add shielding or tamper-resistant protections to the device to increase the difficulty of obtaining measurements of the side-channel.
Detection Methods
Manual Analysis
Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230]. TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240].Effectiveness : Moderate
Manual Analysis
Post-silicon, perform full side-channel attacks (penetration testing) covering as many known leakage models as possible against test code.
Effectiveness : Moderate
Manual Analysis
Pre-silicon - while the aforementioned TVLA methods can be performed post-silicon, models of device power consumption or other physical emanations can be built from information present at various stages of the hardware design process before fabrication. TVLA or known side-channel attacks can be applied to these simulated traces and countermeasures applied before tape-out. Academic research in this field includes [REF-1231] [REF-1232] [REF-1233].
Effectiveness : Moderate
Vulnerability Mapping Notes
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
| CAPEC-ID | Attack Pattern Name |
|---|---|
| CAPEC-189 | Black Box Reverse Engineering An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds. |
| CAPEC-699 | Eavesdropping on a Monitor An Adversary can eavesdrop on the content of an external monitor through the air without modifying any cable or installing software, just capturing this signal emitted by the cable or video port, with this the attacker will be able to impact the confidentiality of the data without being detected by traditional security tools |
References
REF-1117
Introduction to differential power analysis and related attacksPaul Kocher, Joshua Jaffe, Benjamin Jun.
https://www.rambus.com/wp-content/uploads/2015/08/DPATechInfo.pdf
REF-1118
The EM Side-Channel(s)Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, Pankaj Rohatgi.
https://link.springer.com/content/pdf/10.1007/3-540-36400-5_4.pdf
REF-1119
RSA key extraction via low-bandwidth acoustic cryptanalysisDaniel Genkin, Adi Shamir, Eran Tromer.
https://www.iacr.org/archive/crypto2014/86160149/86160149.pdf
REF-1120
Power Analysis for CheapskatesColin O'Flynn.
https://media.blackhat.com/eu-13/briefings/OFlynn/bh-eu-13-for-cheapstakes-oflynn-wp.pdf
REF-1055
Data Remanence in Semiconductor DevicesPeter Gutmann.
https://www.usenix.org/legacy/events/sec01/full_papers/gutmann/gutmann.pdf
REF-1218
This Black Box Can Brute Force Crack iPhone PIN PasscodesGraham Cluley.
https://www.intego.com/mac-security-blog/iphone-pin-pass-code/
REF-1221
A Side Journey to TitanVictor Lomne, Thomas Roche.
https://web.archive.org/web/20210107182441/https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
REF-1228
A testing methodology for side-channel resistance validationGilbert Goodwill, Benjamin Jun, Josh Jaffe, Pankaj Rohatgi.
https://csrc.nist.gov/csrc/media/events/non-invasive-attack-testing-workshop/documents/08_goodwill.pdf
REF-1229
ISO/IEC 17825:2016: Testing methods for the mitigation of non-invasive attack classes against cryptographic modulesISO/IEC.
https://www.iso.org/standard/60612.html
REF-1230
Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AESCryptography Research Inc..
https://www.rambus.com/wp-content/uploads/2015/08/TVLA-DTR-with-AES.pdf
REF-1231
Towards efficient and automated side-channel evaluations at design timeDanilo Šijaˇci´, Josep Balasch, Bohan Yang, Santosh Ghosh, Ingrid Verbauwhede.
https://www.esat.kuleuven.be/cosic/publications/article-3204.pdf
REF-1232
Efficient simulation of EM side-channel attack resilienceAmit Kumar, Cody Scarborough, Ali Yilmaz, Michael Orshansky.
https://dl.acm.org/doi/pdf/10.5555/3199700.3199717
REF-1233
Pre-silicon Architecture Correlation Analysis (PACA): Identifying and Mitigating the Source of Side-channel Leakage at Gate-levelYuan Yao, Tuna Tufan, Tarun Kathuria, Baris Ege, Ulkuhan Guler, Patrick Schaumont.
https://eprint.iacr.org/2021/530.pdf
REF-1234
Power Analysis Attacks - Revealing the Secrets of Smart CardsElisabeth Oswald, Thomas Popp, Stefan Mangard.
https://link.springer.com/book/10.1007/978-0-387-38162-6
REF-1235
Side-Channel Attacks on the Yubikey 2 One-Time Password GeneratorDavid Oswald, Bastian Richter, Christof Paar.
https://www.emsec.ruhr-uni-bochum.de/media/crypto/veroeffentlichungen/2014/02/04/paper_yubikey_sca.pdf
REF-1239
How (not) to Use Welch's T-test in Side-Channel Security EvaluationsFrançois-Xavier Standaert.
https://eprint.iacr.org/2017/138.pdf
REF-1240
A Critical Analysis of ISO 17825 ('Testing methods for the mitigation of non-invasive attack classes against cryptographic modules')Carolyn Whitnall, Elisabeth Oswald.
https://eprint.iacr.org/2019/1013.pdf
REF-1285
Physical Security Attacks Against Silicon DevicesTexas Instruments.
https://www.ti.com/lit/an/swra739/swra739.pdf?ts=1644234570420
REF-1286
On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical AttacksLennert Wouters, Benedikt Gierlichs, Bart Preneel.
https://eprint.iacr.org/2022/328.pdf
REF-1368
mod_exp.vhttps://github.com/HACK-EVENT/hackatdac21/blob/b9ecdf6068445d76d6bee692d163fededf7a9d9b/piton/design/chip/tile/ariane/src/rsa/mod_exp.v#L46:L47
REF-1369
Fix CWE-1300https://github.com/HACK-EVENT/hackatdac21/blob/37e42f724c14b8e4cc8f6e13462c12a492778219/piton/design/chip/tile/ariane/src/rsa/mod_exp.v#L47:L51
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| Nicole Fern | Cycuity (originally submitted as Tortuga Logic) | 4.2 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Functional_Areas, Maintenance_Notes | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Observed_Examples, References | |
| CWE Content Team | MITRE | updated Demonstrative_Examples |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.