graubart

From the IEEE 1735 working group: January 9, 2018 A paper was published in 2017 that described possible vulnerabilities in the IEEE 1735-2014 standard that may affect certain electronic design intellectual property (IP) and electronic design automation (EDA) software. The IEEE 1735 Working Group takes these findings seriously and intends to review the matter and make recommendations and implement updates to the standard as necessary. The following best practices can be applied immediately: For electronic design IP publishers: Secure your distribution. By making your IP available only to your customers, it is less likely to fall into the hands of hackers. Consult with your legal counsel to determine if use of an end-user license agreement would be beneficial. For electronic design IP users: Secure your supply chain. By verifying that your IP comes from its publisher, you can substantially limit the possibility that malware was inserted by a third-party. Those interested in participating in the review are welcome to join the IEEE 1735 Working Group. Information about this effort will be available on the IEEE-SA website (standards.ieee.org) in the near future.

1735-2014 is now a free download (IEEE Get Program). http://standards.ieee.org/getieee/1735/download/1735-2014.pdf

1735-2014 is now a free download (IEEE Get Program). http://standards.ieee.org/getieee/1735/download/1735-2014.pdf

I have heard a couple of comments regarding the bytes field in the decryption envelope, that it is not completely clear in the published standard. Here is an unofficial clarification from one implementation team that completed successful interoperability testing: The “bytes” field in the decryption record is the number of bytes before base64 encoding—it’s the length of the initialization vector plus the length of the encrypted text. It’s not an essential field—it conveys no information that the base64 encoding doesn’t, and could be a candidate to deprecate. It’s also impossible to compute if you’re doing on-the-fly encryption and don’t know the length of your encrypted text until you’re done.

1735-2014 was approved in December 2014 but is not yet published. Only the working group has access as of late April 2015. A minor corrigendum will go to ballot soon and assuming approval, be integrated into the standard for publication probably in the summer of 2015.