search menu icon-carat-right cmu-wordmark

CERT Coordination Center

IEEE P1735 implementations may have weak cryptographic protections

Vulnerability Note VU#739007

Original Release Date: 2017-11-03 | Last Revised: 2017-11-09

Overview

The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.

Description

CWE-310: Cryptographic Issues

The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Some of these attack vectors are well-known, such as padding-oracle attacks. Others are new, and are made possible by the need to support the typical uses of the underlying IP. In particular, the need for commercial electronic design automation (EDA) tools to synthesize multiple pieces of IP into a fully specified chip design and to provide HDL syntax errors. These flaws can be exploited by leveraging the commercial EDA tool as a black-box oracle. In addition to being able to recover entire plaintext IP, one can produce standard-compliant ciphertexts of IP that have been modified to include targeted hardware Trojans.

Design of complex electronics design intellectual property (IP) involves multiple IP owners. To prevent rogue entities in the design flow from stealing their IPs, they use the P1735 IEEE standard to provide confidentiality and access control. The standard not only recommends poor cryptographic choices, it is vague/silent on security critical decisions.

The following CVE IDs were assigned to document weaknesses in the P1735 standard as described in the researcher's paper.

    • CVE-2017-13091: improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle.
    • CVE-2017-13092: improperly specified HDL syntax allows use of an EDA tool as a decryption oracle
    • CVE-2017-13093: modification of encrypted IP cyphertext to insert hardware trojans.
    • CVE-2017-13094: modification of the encryption key and insertion of hardware trojans in any IP.
    • CVE-2017-13095: modification of a license-deny response to a license grant.

The following weaknesses in the P1735 standard were also identified and assigned CVE IDs:
    • CVE-2017-13096: modification of Rights Block to remove or relax access control.
    • CVE-2017-13097: modification of Rights Block to remove or relax license requirement.

While CVE-2017-13096 and CVE-2017-13097 are not explicitly discussed in the research paper, section 4.2 of the paper describes a similar attack method and mitigation. The Rights Block of the digital envelope contains the Key Block (encryption of AES key under RSA public key of the EDA tool provider) as well as access control and license requirements. An attacker with information about the IP may be able to select a new AES key and spoof a new Rights Block for an EDA tool that modifies or removes the original access control or licensing requirements specified by the original IP owner.

All CVE IDs above may extend to EDA tools that utilize the P1735 standard, or products designed with such EDA tools.

Impact

An adversary can recover electronic design IPs encrypted using the P1735 workflow, resulting in IP theft and/or analysis of security critical features, as well as the ability to insert hardware trojans into an encrypted IP without the knowledge of the IP owner. Impacts may include loss of profit and reputation of the IP owners as well as integrated circuits (ICs) with trojans that contain backdoors, perform poorly, or even fail completely. See the researcher's paper for full impact details.

Solution

Apply an update

Developers of EDA software can apply suggested fixes from the researcher's paper.

Users may apply a vendor update to their EDA software, as it becomes available. More vendor information is available below.

Vendor Information

739007
 
Affected   Unknown   Unaffected

AMD

Notified:  November 03, 2017 Updated:  November 03, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    Cadence Design Systems

    Notified:  September 29, 2017 Updated:  September 29, 2017

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Cisco

      Notified:  November 03, 2017 Updated:  November 03, 2017

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        IBM, INC.

        Notified:  November 03, 2017 Updated:  November 03, 2017

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          Intel Corporation

          Notified:  November 03, 2017 Updated:  November 03, 2017

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            Marvell Semiconductors

            Notified:  November 03, 2017 Updated:  November 03, 2017

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              Mentor Graphics

              Notified:  September 29, 2017 Updated:  September 29, 2017

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                NXP Semiconductors Inc.

                Notified:  November 03, 2017 Updated:  November 03, 2017

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  National Instruments (NI)

                  Notified:  November 03, 2017 Updated:  November 03, 2017

                  Status

                    Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    National Semiconductor Corporation

                    Notified:  November 03, 2017 Updated:  November 03, 2017

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor References

                      QUALCOMM Incorporated

                      Notified:  November 03, 2017 Updated:  November 03, 2017

                      Status

                        Unknown

                      Vendor Statement

                      No statement is currently available from the vendor regarding this vulnerability.

                      Vendor References

                        Samsung Semiconductor Inc.

                        Notified:  November 03, 2017 Updated:  November 03, 2017

                        Status

                          Unknown

                        Vendor Statement

                        No statement is currently available from the vendor regarding this vulnerability.

                        Vendor References

                          Synopsys

                          Notified:  September 29, 2017 Updated:  September 29, 2017

                          Status

                            Unknown

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor References

                            Xilinx

                            Notified:  September 29, 2017 Updated:  September 29, 2017

                            Status

                              Unknown

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor References

                              Zuken Inc.

                              Notified:  September 29, 2017 Updated:  September 29, 2017

                              Status

                                Unknown

                              Vendor Statement

                              No statement is currently available from the vendor regarding this vulnerability.

                              Vendor References

                                View all 15 vendors View less vendors


                                CVSS Metrics

                                Group Score Vector
                                Base 6.3 AV:L/AC:M/Au:N/C:C/I:C/A:N
                                Temporal 5.7 E:POC/RL:ND/RC:C
                                Environmental 6.2 CDP:ND/TD:ND/CR:H/IR:H/AR:ND

                                References

                                Acknowledgements

                                Thanks to Domenic Forte and Animesh Chhotaray for reporting this vulnerability and contributing to this document.

                                This document was written by Garret Wassermann.

                                Other Information

                                CVE IDs: CVE-2017-13091, CVE-2017-13092, CVE-2017-13093, CVE-2017-13094, CVE-2017-13095, CVE-2017-13096, CVE-2017-13097
                                Date Public: 2017-11-01
                                Date First Published: 2017-11-03
                                Date Last Updated: 2017-11-09 16:56 UTC
                                Document Revision: 62

                                Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.