Vulnerability Note VU#739007
IEEE P1735 implementations may have weak cryptographic protections
The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
CWE-310: Cryptographic Issues
The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Some of these attack vectors are well-known, such as padding-oracle attacks. Others are new, and are made possible by the need to support the typical uses of the underlying IP. In particular, the need for commercial electronic design automation (EDA) tools to synthesize multiple pieces of IP into a fully specified chip design and to provide HDL syntax errors. These flaws can be exploited by leveraging the commercial EDA tool as a black-box oracle. In addition to being able to recover entire plaintext IP, one can produce standard-compliant ciphertexts of IP that have been modified to include targeted hardware Trojans.
The following weaknesses in the P1735 standard were also identified and assigned CVE IDs:
While CVE-2017-13096 and CVE-2017-13097 are not explicitly discussed in the research paper, section 4.2 of the paper describes a similar attack method and mitigation. The Rights Block of the digital envelope contains the Key Block (encryption of AES key under RSA public key of the EDA tool provider) as well as access control and license requirements. An attacker with information about the IP may be able to select a new AES key and spoof a new Rights Block for an EDA tool that modifies or removes the original access control or licensing requirements specified by the original IP owner.
All CVE IDs above may extend to EDA tools that utilize the P1735 standard, or products designed with such EDA tools.
An adversary can recover electronic design IPs encrypted using the P1735 workflow, resulting in IP theft and/or analysis of security critical features, as well as the ability to insert hardware trojans into an encrypted IP without the knowledge of the IP owner. Impacts may include loss of profit and reputation of the IP owners as well as integrated circuits (ICs) with trojans that contain backdoors, perform poorly, or even fail completely. See the researcher's paper for full impact details.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AMD||Unknown||03 Nov 2017||03 Nov 2017|
|Cadence Design Systems||Unknown||29 Sep 2017||29 Sep 2017|
|Cisco||Unknown||03 Nov 2017||03 Nov 2017|
|IBM, INC.||Unknown||03 Nov 2017||03 Nov 2017|
|Intel Corporation||Unknown||03 Nov 2017||03 Nov 2017|
|Marvell Semiconductors||Unknown||03 Nov 2017||03 Nov 2017|
|Mentor Graphics||Unknown||29 Sep 2017||29 Sep 2017|
|National Instruments (NI)||Unknown||03 Nov 2017||03 Nov 2017|
|National Semiconductor Corporation||Unknown||03 Nov 2017||03 Nov 2017|
|NXP Semiconductors Inc.||Unknown||03 Nov 2017||03 Nov 2017|
|QUALCOMM Incorporated||Unknown||03 Nov 2017||03 Nov 2017|
|Samsung Semiconductor Inc.||Unknown||03 Nov 2017||03 Nov 2017|
|Synopsys||Unknown||29 Sep 2017||29 Sep 2017|
|Xilinx||Unknown||29 Sep 2017||29 Sep 2017|
|Zuken Inc.||Unknown||29 Sep 2017||29 Sep 2017|
CVSS Metrics (Learn More)
Thanks to Domenic Forte and Animesh Chhotaray for reporting this vulnerability and contributing to this document.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2017-13091 CVE-2017-13092 CVE-2017-13093 CVE-2017-13094 CVE-2017-13095 CVE-2017-13096 CVE-2017-13097
- Date Public: 01 Nov 2017
- Date First Published: 03 Nov 2017
- Date Last Updated: 09 Nov 2017
- Document Revision: 62
If you have feedback, comments, or additional information about this vulnerability, please send us email.