Flaws in the IEEE P1735 standard that implements cryptographic protections for electronic designs can actually...
expose those designs to theft. What are the flaws, and how can such thefts be prevented?
Researchers at the University of Florida found flaws in IEEE standard P1735, which implements cryptographic protections that semiconductor companies use to protect their designs. These flaws expose intellectual property (IP) in plaintext, meaning unauthorized users can access the electronic design IP without access to a decryption key, and then open it up to IP theft.
Three different attacks make the IP theft possible: a padding oracle attack, a syntax oracle attack and a hardware Trojan attack.
Padding oracle attacks occur when the padding of plaintext prior to cipher block chaining encryption is improperly specified. The attack enables the use of an electronic design automation (EDA) tool as a decryption oracle, and then the decryption fails.
Syntax oracle attacks take advantage of syntax error messages received from the EDA tools that are exploited. Incorrect syntax is then used to correctly guess the content of a ciphertext.
The final way this vulnerability can enable IP theft is through hardware Trojan attacks, which happen when an oracle attack is used to access the ciphertext in plaintext. Comment lines and Verilog codes are injected into the IP block, and then the encryption key is generated. Another method for hardware Trojan attacks is to replace the plaintext with Trojan text encrypted with a random session key. The new ciphertext is encrypted and a digital envelope is generated.
The attacker can change the contents of the digital envelope by getting a new AES key in the key block. A new rights block for an EDA tool is maliciously created and used to modify licensing requirements, targeting the owner of the design licenses.
Electronic design IP licenses are vulnerable to man-in-the-middle attacks that could disclose the length of encrypted license messages in plaintext. Malicious changes to the length can truncate or expand license messages.
The research team at the University of Florida that found the flaws suggested in their paper that a possible solution is to include a non-padding scheme in the specification and "new APIs that the IP authors could use to create a digital envelope using the standardized authenticated encryption with associated data (AEAD) scheme." If this is done, decryption should not fail and IP theft can be avoided.
In its vulnerability note, US-CERT suggests that users apply vendor updates to their EDA software if and when hardware manufacturers make them available.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Disk and file encryption tools
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on ... Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading