How Not to Protect Your IP -- An Industry-Wide Break of IEEE 1735 Implementations

TL;DR

This paper reveals critical structural weaknesses in the IEEE 1735-2014 standard for IP protection, demonstrating that private keys can be recovered from major EDA tools, leading to an industry-wide security breach.

Contribution

It uncovers inherent insecurities in IEEE 1735-2014, demonstrates practical key recovery from real-world tools, and discloses cryptanalytical attacks on RSA white-box schemes used in industry.

Findings

Private keys recovered from multiple EDA vendors.

All protected IP cores can be decrypted and modified.

Three RSA white-box schemes are cryptanalyzed and broken.

Abstract

Modern hardware systems are composed of a variety of third-party Intellectual Property (IP) cores to implement their overall functionality. Since hardware design is a globalized process involving various (untrusted) stakeholders, a secure management of the valuable IP between authors and users is inevitable to protect them from unauthorized access and modification. To this end, the widely adopted IEEE standard 1735-2014 was created to ensure confidentiality and integrity. In this paper, we outline structural weaknesses in IEEE 1735 that cannot be fixed with cryptographic solutions (given the contemporary hardware design process) and thus render the standard inherently insecure. We practically demonstrate the weaknesses by recovering the private keys of IEEE 1735 implementations from major Electronic Design Automation (EDA) tool vendors, namely Intel, Xilinx, Cadence, Siemens, Microsemi, and Lattice, while results on a seventh case study are withheld. As a consequence, we can decrypt, modify, and re-encrypt all allegedly protected IP cores designed for the respective tools, thus leading to an industry-wide break. As part of this analysis, we are the first to publicly disclose three RSA-based white-box schemes that are used in real-world products and present cryptanalytical attacks for all of them, finally resulting in key recovery.