DeepAI AI Chat
Log In Sign Up

How Not to Protect Your IP – An Industry-Wide Break of IEEE 1735 Implementations

by   Julian Speith, et al.
Ruhr University Bochum

Modern hardware systems are composed of a variety of third-party Intellectual Property (IP) cores to implement their overall functionality. Since hardware design is a globalized process involving various (untrusted) stakeholders, a secure management of the valuable IP between authors and users is inevitable to protect them from unauthorized access and modification. To this end, the widely adopted IEEE standard 1735-2014 was created to ensure confidentiality and integrity. In this paper, we outline structural weaknesses in IEEE 1735 that cannot be fixed with cryptographic solutions (given the contemporary hardware design process) and thus render the standard inherently insecure. We practically demonstrate the weaknesses by recovering the private keys of IEEE 1735 implementations from major Electronic Design Automation (EDA) tool vendors, namely Intel, Xilinx, Cadence, Siemens, Microsemi, and Lattice, while results on a seventh case study are withheld. As a consequence, we can decrypt, modify, and re-encrypt all allegedly protected IP cores designed for the respective tools, thus leading to an industry-wide break. As part of this analysis, we are the first to publicly disclose three RSA-based white-box schemes that are used in real-world products and present cryptanalytical attacks for all of them, finally resulting in key recovery.


Validating the Claim - Defeating HaTCh : Building Malicious IP cores

This paper defends the design of hardware Trojan proposed in the paper "...

ASSURE: RTL Locking Against an Untrusted Foundry

Semiconductor design companies are integrating proprietary intellectual ...

Scalable Attack-Resistant Obfuscation of Logic Circuits

Hardware IP protection has been one of the most critical areas of resear...

Garbled EDA: Privacy Preserving Electronic Design Automation

The complexity of modern integrated circuits (ICs) necessitates collabor...

Comments on "Defeating HaTCh: Building Malicious IP Cores"

Recently, Haider et al. introduced the first rigorous hardware Trojan de...

Preventing Distillation-based Attacks on Neural Network IP

Neural networks (NNs) are already deployed in hardware today, becoming v...

PMFault: Faulting and Bricking Server CPUs through Management Interfaces

Apart from the actual CPU, modern server motherboards contain other auxi...