Cryptology ePrint Archive: Report 2017/828

Standardizing Bad Cryptographic Practice - A Teardown of the IEEE Standard for Protecting Electronic-design Intellectual Property

Animesh Chhotaray and Adib Nahiyan and Thomas Shrimpton and Domenic J Forte and Mark Tehranipoor

Abstract: We provide an analysis of IEEE standard P1735, which describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. We find a surprising number of cryptographic mistakes in the standard. In the most egregious cases, these mistakes enable attack vectors that allow us to recover the entire underlying plaintext IP. Some of these attack vectors are well-known, e.g. padding-oracle attacks. Others are new, and are made possible by the need to support the typical uses of the underlying IP; in particular, the need for commercial system-on-chip (SoC) tools to synthesize multiple pieces of IP into a fully specified chip design and to provide syntax errors. We exploit these mistakes in a variety of ways, leveraging a commercial SoC tool as a black-box oracle. In addition to being able to recover entire plaintext IP, we show how to produce standard-compliant ciphertexts of IP that have been modified to include targeted hardware Trojans. For example, IP that correctly implements the AES block cipher on all but one (arbitrary) plaintext that induces the block cipher to return the secret key. We outline a number of other attacks that the standard allows, including on the cryptographic mechanism for IP licensing. Unfortunately, we show that obvious “quick fixes” to the standard (and the tools that support it) do not stop all of our attacks. This suggests that the standard requires a significant overhaul, and that IP-authors using P1735 encryption should consider themselves at risk.

Category / Keywords: Digital rights management, Hardware security implementation, Best practices for EDA

Original Publication (in the same form): CCS-2017
DOI:
10.1145/3133956.3134040

Date: received 29 Aug 2017, last revised 25 Sep 2017

Contact author: chho58 at ufl edu

Available format(s): PDF | BibTeX Citation

Note: Remove Type3 fonts from draft.

Version: 20170925:142143 (All versions of this report)

Short URL: ia.cr/2017/828

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]