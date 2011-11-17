from the standardizing-the-bugs dept.
Recent academic work focused on weak cryptographic protections in the implementation of the IEEE P1735 standard has been escalated to an alert published Friday by the Department of Homeland Security.
DHS' US-CERT warned the IEEE P1735 standard for encrypting electronic-design intellectual property and the management of access rights for such IP is flawed.
"In the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP," US-CERT said in its alert, citing researchers that found the flaw. "Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
The Institute of Electrical and Electronics Engineers (IEEE) P1735 standard flaw was first reported by a team of University of Florida researchers. In September, the researchers released a paper titled Standardizing Bad Cryptographic Practice (PDF).
In all, seven CVE IDs are assigned to the flaw and document the weakness in the P1735 standard.
Source: https://threatpost.com/us-cert-warns-of-crypto-bugs-in-ieee-standard/128784/
(Score: 2) by c0lo on Monday November 13, @12:56AM
Since it's about encryption of Imaginary Property, the crypto weakness is a feature.
Those academics in their ivory towers, they never get the mindset of engineers.
(grin)
(Score: 0) by Anonymous Coward on Monday November 13, @12:58AM
But am please that the 'intellectual' part doesn't extend to the encryption methodology, but leads me to question the value of the property contained.
(Score: 2) by frojack on Monday November 13, @01:10AM
The most common use of this standard is to encrypt design documents of SoC Designs,
So any processors, radios, GPUs have probably already had their designs stolen.
Apparently DHS didn't get the memo from the NSA about keep mum about this weakness.
