Security Flaws IEEE Standard Discovered
Earlier this month, researchers from the University of Florida presented a paper at the 2017 ACM CSS conference detailing security flaws of the IEEE P1735 electronics standard, which describes methods for encrypting electronic –design intellectual property and what those vulnerabilities represent for the industry. The paper, entitled “Standardizing Bad Cryptographic Practice: A Teardown of the IEEE Standard for Protecting Electronic-design Intellectual Property,” was a collaboration by researchers from the Florida Institute for Cybersecurity Research (FICS Research).
The co-authors were Ph.D. students Animesh Chhotaray and Adib Nahiyan, and Thomas Shrimpton, Ph.D., an associate professor from the Department of Computer & Information Science & Engineering; Domenic Forte, Ph.D., an associate professor from the Department of Electrical and Computer Engineering; and FICS Research Co-Director Mark Tehranipoor, Ph.D.
Major vulnerabilities described by the researchers include exploitation by hackers to hide hardware malware inside products which can potentially allow competitors to sabotage a vendor. Some additional vulnerabilities discovered include modification of encrypted IP ciphertext to insert hardware trojans, improperly specified padding in CBC mode allowing the use of an EDA tool as a decryption oracle and modification of Rights Block to get rid of relax access control or relax license requirement.