CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

CWE Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (4.1)  
ID

CWE-1278: Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

Weakness ID: 1278
Abstraction: Base
Structure: Simple
Status: Incomplete
Presentation Filter:
+ Description
Secrets stored in hardware can be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.
+ Extended Description

The physical structure of the hardware, if viewed at high enough magnification and resolution, can reveal the functionality and data stored inside. Typical steps in IC reverse engineering involve removing the chip packaging (decapsulation) then using various imaging techniques ranging from non-invasive (high resolution x-ray microscopy) to invasive techniques involving removing IC layers and imaging each layer using a scanning electron microscope.

The goal of such activities is to recover secret keys, unique device identifiers, and proprietary code and circuit designs embedded in hardware that the attacker has been unsuccessful at accessing through other means. These secrets may be stored in non-volatile memory or in the circuit netlist. Memory technologies such as masked ROM are easier to extract secrets from than One-time Programmable (OTP) memory.

+ Relationships

The table(s) below shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

+ Relevant to the view "Research Concepts" (CWE-1000)
NatureTypeIDName
ChildOfPillarPillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.693Protection Mechanism Failure
+ Relevant to the view "Hardware Design" (CWE-1194)
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1195Manufacturing and Life Cycle Management Concerns
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1208Cross-Cutting Problems
+ Modes Of Introduction

The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.

PhaseNote
Architecture and DesignThis weakness can manifest during this phase if the designer fails to account for efforts to leverage IC imaging techniques to access unauthorized information within the product.
+ Applicable Platforms
The listings below show possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

Class: Language-Independent (Undetermined Prevalence)

Operating Systems

Class: OS-Independent (Undetermined Prevalence)

Architectures

Class: Architecture-Independent (Undetermined Prevalence)

Technologies

Class: Technology-Independent (Undetermined Prevalence)

+ Common Consequences

The table below specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.

ScopeImpactLikelihood
Confidentiality

Technical Impact: Varies by Context

A common goal of malicious actors who reverse engineer ICs is to produce and sell counterfeit versions of the IC.
+ Demonstrative Examples

Example 1

Consider a SoC design that embeds a secret key in read-only memory (ROM). The key is baked into the design logic itself meaning it cannot be modified after fabrication and is identical for all ICs. An attacker in possession of the IC can decapsulate and delayer the chip. After imaging the layers, computer vision algorithms or manual inspection of the circuit features can locate the ROM and reveal the value of the key bits as encoded in the visible circuit structure of the ROM.

+ Potential Mitigations

Phase: Architecture and Design

Cost of effort to extract secrets via IC reverse engineering should outweigh the potential value of the secrets being disclosed. Appropriate technologies should be chosen to store design secrets based on threat model and secret value. Examples include IC camoflaging and obfuscation, tamper-proof packaging, active shielding, and circuitry to erase sensitive data upon detection of physical tampering.
+ Notes

Maintenance

This entry is still under development and will continue to see updates and content improvements.
+ References
[REF-1092] Shahed E. Quadir, Junlin Chen, Domenic Forte, Navid Asadizanjani, Sina Shahbazmohamadi, Lei Wang, John Chandy and Mark Tehranipoor. "A Survey on Chip to System Reverse Engineering". <https://dl.acm.org/doi/pdf/10.1145/2755563>.
+ Content History
+ Submissions
Submission DateSubmitterOrganization
2020-05-20Nicole FernTortuga Logic
More information is available — Please select a different filter.
Page Last Updated: June 25, 2020