CWE-1278 – Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

Description

Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-693

Consequences

Confidentiality: Varies by Context

A common goal of malicious actors who reverse engineer ICs is to produce and sell counterfeit versions of the IC.

Potential Mitigations

Phase: Architecture and Design

Description: 

The cost of secret extraction via IC reverse engineering should outweigh the potential value of the secrets being extracted. Threat model and value of secrets should be used to choose the technology used to safeguard those secrets. Examples include IC camouflaging and obfuscation, tamper-proof packaging, active shielding, and physical tampering detection information erasure.

CVE References