comment on this article

Microsemi reacts to ProASIC3 fpga 'backdoor' claim

Microsemi's ProASIC3 fpga
Microsemi's ProASIC3 fpga

Two researchers claim to have used a variant of differential power analysis (dpa) to bypass the security settings in Microsemi's ProASIC3 fpgas – whose applications include secure military systems. Using pipeline emission analysis (pea) techniques, the researchers say they have managed to disable all security settings, while reprogramming other features.

In their paper (for more, follow the link below), the researchers claim they were able to detect and analyse a backdoor in ProASIC3 chips. They say this backdoor exists in silicon, rather than in firmware, and leaves devices open to a range of attacks.
The researchers claim that, by using pea techniques, they could discover a 'secret key' which allows access to an internal test mode, through which it is possible to disable all security on the chip. Microsemi has responded, claiming there is no designed feature in ProASIC3 fpgas that would enable user security to be circumvented.
In a statement, the company said the internal test mode could only be accessed by customers entering a passcode. It added that, because the researchers have not been in contact, their claims cannot be verified.
In the past, fpgas have been seen as a potential weak link when it comes to design security because, in many cases, the fpga's program would be loaded from a discrete memory and that data flow is open to abuse. However, more recent designs have addressed this issue through the use of AES encryption.
Nevertheless, Microsemi has acknowledged that fpgas are potentially vulnerable to dpa style attacks. "Microsemi anticipated the increasing threats to silicon device security from dpa type attacks and took action several years ago by licensing the dpa patent portfolio of Cryptography Research," it noted. This technology is said to be a feature of a new fpga range due to be launched shortly by Microsemi.
Meanwhile, it says users have the ability to program fpgas using the highest security setting. By selecting this, the use of any passcode to gain access to any device configuration is disabled.
The research paper does concede that ProASIC3 devices are 'at least 100 times harder to attack using DPA than non protected conventional microcontrollers' and that any attacks on the chips would be 'quite a challenging task'.

Author
Graham Pitcher

Comment on this article


This material is protected by Findlay Media copyright See Terms and Conditions. One-off usage is permitted but bulk copying is not. For multiple copies contact the sales team.

Enjoy this story? People who read this article also read...

What you think about this article:


Add your comments

Name
 
Email
 
Comments
 

Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

EV power electronics

This whitepaper from Altera describes the benefits of using fpga based control ...

ES LIVE 2015

Taking place on 14th May at the Madejski Stadium in Reading, Electronics ...

MENE 2015

Manufacturing & Engineering North East is a completely new type of event aimed ...

Industrial innovation

When it comes to factory automation and control, TI is delivering a wide range ...

Real time DLP

Demonstration of DLP Hyperspectral Imaging on a kidney and the benefits the ...