There is weak crypto in IEEE P1735; A hacker can recover dIP in plainText. This standard protects and allows code from different manufacturers and software vendors to protect their work and to make everything work together encrypted.
Analyzing P1735
There are serious problems with IEEE P1735; The vulnerability allows a hacker to bypass the crypto safety & access IP in clear text. This information is critical and dangerous in the wrong hands. Work can be compromised, altered, and stolen. There were other flaws found in IP, other vulnerabilities allow hackers hide hardware trujans inside P1735. Vendors can also use these vulnerabilities to take advantage of the competition.
7 major crypto bugs found
Here is a list of the bugs found in IEEE P1735:
- CVE-2017-13091: improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle.
- CVE-2017-13092: improperly specified HDL syntax allows use of an EDA tool as a decryption oracle
- CVE-2017-13093: modification of encrypted IP cyphertext to insert hardware trojans.
- CVE-2017-13094: modification of the encryption key and insertion of hardware trojans in any IP.
- CVE-2017-13095: modification of a license-deny response to a license grant.
- CVE-2017-13096: modification of Rights Block to get rid of or relax access control.
- CVE-2017-13097: modification of Rights Block to get rid of or relax license requirement.