Cryptology ePrint Archive: Report 2017/828

Standardizing Bad Cryptographic Practice - A Teardown of the IEEE Standard for Protecting Electronic-design Intellectual Property

Animesh Chhotaray and Adib Nahiyan and Thomas Shrimpton and Domenic J Forte and Mark Tehranipoor

Abstract: We provide an analysis of IEEE standard P1735, which describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. We find a surprising number of cryptographic mistakes in the standard. In the most egregious cases, these mistakes enable attack vectors that allow us to recover the entire underlying plaintext IP. Some of these attack vectors are well-known, e.g. padding-oracle attacks. Others are new, and are made possible by the need to support the typical uses of the underlying IP; in particular, the need for commercial system-on-chip (SoC) tools to synthesize multiple pieces of IP into a fully specified chip design and to provide syntax errors. We exploit these mistakes in a variety of ways, leveraging a commercial SoC tool as a black-box oracle. In addition to being able to recover entire plaintext IP, we show how to produce standard-compliant ciphertexts of IP that have been modified to include targeted hardware Trojans. For example, IP that correctly implements the AES block cipher on all but one (arbitrary) plaintext that induces the block cipher to return the secret key. We outline a number of other attacks that the standard allows, including on the cryptographic mechanism for IP licensing. Unfortunately, we show that obvious “quick fixes” to the standard (and the tools that support it) do not stop all of our attacks. This suggests that the standard requires a significant overhaul, and that IP-authors using P1735 encryption should consider themselves at risk.

Category / Keywords: Digital rights management, Hardware security implementation, Best practices for EDA

Original Publication (with minor differences): CCS 2017

Date: received 29 Aug 2017, last revised 12 Dec 2017, withdrawn 16 Jul 2018

Contact author: teshrim at ufl edu

Available format(s): (-- withdrawn --)

Note: The paper was withdrawn for non-scientific reasons, and the results in this paper are correct. Please see CERT Vulnerability Note VU#739007 for the ramifications of our findings.

Version: 20180716:133213 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]