comment on this article

Microsemi reacts to ProASIC3 fpga 'backdoor' claim

Microsemi's ProASIC3 fpga

Two researchers claim to have used a variant of differential power analysis (dpa) to bypass the security settings in Microsemi's ProASIC3 fpgas – whose applications include secure military systems. Using pipeline emission analysis (pea) techniques, the researchers say they have managed to disable all security settings, while reprogramming other features.

In their paper (for more, follow the link below), the researchers claim they were able to detect and analyse a backdoor in ProASIC3 chips. They say this backdoor exists in silicon, rather than in firmware, and leaves devices open to a range of attacks.
The researchers claim that, by using pea techniques, they could discover a 'secret key' which allows access to an internal test mode, through which it is possible to disable all security on the chip. Microsemi has responded, claiming there is no designed feature in ProASIC3 fpgas that would enable user security to be circumvented.
In a statement, the company said the internal test mode could only be accessed by customers entering a passcode. It added that, because the researchers have not been in contact, their claims cannot be verified.
In the past, fpgas have been seen as a potential weak link when it comes to design security because, in many cases, the fpga's program would be loaded from a discrete memory and that data flow is open to abuse. However, more recent designs have addressed this issue through the use of AES encryption.
Nevertheless, Microsemi has acknowledged that fpgas are potentially vulnerable to dpa style attacks. "Microsemi anticipated the increasing threats to silicon device security from dpa type attacks and took action several years ago by licensing the dpa patent portfolio of Cryptography Research," it noted. This technology is said to be a feature of a new fpga range due to be launched shortly by Microsemi.
Meanwhile, it says users have the ability to program fpgas using the highest security setting. By selecting this, the use of any passcode to gain access to any device configuration is disabled.
The research paper does concede that ProASIC3 devices are 'at least 100 times harder to attack using DPA than non protected conventional microcontrollers' and that any attacks on the chips would be 'quite a challenging task'.

Graham Pitcher

Comment on this article

This material is protected by MA Business copyright See Terms and Conditions. One-off usage is permitted but bulk copying is not. For multiple copies contact the sales team.

What you think about this article:

Add your comments


Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

Arrow signs Novasom

Arrow Electronics has confirmed a new distribution agreement with Novasom ...

Low noise QM series

The QM series of AC/DC power supplies from TDK is said to be the first 1200W to ...

Blue University LIVE

Blue University LIVE, being held in Copenhagen, is a one day training session ...

Get to market faster

A quick look at using Vicor's PFM and AIM in VIA packaging for your AC to Point ...

Acquire and survive?

The dust is beginning to settle following the news that Swiss company Dätwyler ...

Rising from the ashes

Created in 2013, Redux emerged from the ashes of HiWave (formerly NXT) which, ...

A change of course

Since taking over as CEO in December 2015, Jeff Benck has rung the changes at ...