Sensitive Information in Resource Not Removed Before Reuse

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

Description

When resources are released, they can be made available for reuse. For example, after memory is de-allocated, an operating system may make the memory available to another process, or disk space may be reallocated when a file is deleted. As removing information requires time and additional resources, operating systems do not usually clear the previously written information.

Even when the resource is reused by the same process, this weakness can arise when new data is not as large as the old data, which leaves portions of the old data still available. Equivalent errors can occur in other situations where the length of data is variable but the associated data structure is not. If memory is not cleared after use, the information may be read by less trustworthy parties when the memory is reallocated.

This weakness can apply in hardware, such as when a device or system switches between power, sleep, or debug states during normal operation, or when execution changes to different users or privilege levels.

Demonstrations

The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.

Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.

Example One

This example shows how an attacker can take advantage of an incorrect state transition.

Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible.

During the transition from A to B, the device does not scrub the memory.

After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys.

For transition from state A to state B, remove information which should not be available once the transition is complete.

Example Two

The following code calls realloc() on a buffer containing sensitive data:

cleartext_buffer = get_secret();...
cleartext_buffer = realloc(cleartext_buffer, 1024);
...
scrub_memory(cleartext_buffer, 1024);

There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data.

Example Three

The following example code is excerpted from the AES wrapper/interface, aes0_wrapper, module of one of the AES engines (AES0) in the Hack@DAC'21 buggy OpenPiton System-on-Chip (SoC). Note that this SoC contains three distinct AES engines. Within this wrapper module, four 32-bit registers are utilized to store the message intended for encryption, referred to as p_c[i]. Using the AXI Lite interface, these registers are filled with the 128-bit message to be encrypted.

module aes0_wrapper #(...)(...);
...
always @(posedge clk_i)

  begin

    if(~(rst_ni && ~rst_1)) //clear p_c[i] at reset

      begin

        start <= 0;
        p_c[0] <= 0;
        p_c[1] <= 0;
        p_c[2] <= 0;
        p_c[3] <= 0;
        ...

      end

    else if(en && we)

      case(address[8:3])

        0:

          start  <= reglk_ctrl_i[1] ? start  : wdata[0];

        1:

          p_c[3] <= reglk_ctrl_i[3] ? p_c[3] : wdata[31:0];

        2:

          p_c[2] <= reglk_ctrl_i[3] ? p_c[2] : wdata[31:0];

        3:

          p_c[1] <= reglk_ctrl_i[3] ? p_c[1] : wdata[31:0];

        4:

          p_c[0] <= reglk_ctrl_i[3] ? p_c[0] : wdata[31:0];

        ...

      endcase

    end // always @ (posedge wb_clk_i)

  endmodule

The above code snippet [REF-1402] illustrates an instance of a vulnerable implementation of the AES wrapper module, where p_c[i] registers are cleared at reset. Otherwise, p_c[i]registers either maintain their old values (if reglk_ctrl_i[3]is true) or get filled through the AXI signal wdata. Note that p_c[i]registers can be read through the AXI Lite interface (not shown in snippet). However, p_c[i] registers are never cleared after their usage once the AES engine has completed the encryption process of the message. In a multi-user or multi-process environment, not clearing registers may result in the attacker process accessing data left by the victim, leading to data leakage or unintentional information disclosure.

To fix this issue, it is essential to ensure that these internal registers are cleared in a timely manner after their usage, i.e., the encryption process is complete. This is illustrated below by monitoring the assertion of the cipher text valid signal, ct_valid [REF-1403].

module aes0_wrapper #(...)(...);
...
always @(posedge clk_i)

  begin

    if(~(rst_ni && ~rst_1)) //clear p_c[i] at reset

      ...

    else if(ct_valid) //encryption process complete, clear p_c[i]

      begin

        p_c[0] <= 0;
        p_c[1] <= 0;
        p_c[2] <= 0;
        p_c[3] <= 0;

      end

    else if(en && we)

      case(address[8:3])
      ...
      endcase

    end // always @ (posedge wb_clk_i)

  endmodule

Secure Development

Cloud Architecture

Project Consulting

Common Weaknesses

OWASP Top Ten

Contact Us

Office Locations