01 June 2012

Microsemi reacts to ProASIC3 fpga 'backdoor' claim

Two researchers claim to have used a variant of differential power analysis (dpa) to bypass the security settings in Microsemi's ProASIC3 fpgas – whose applications include secure military systems. Using pipeline emission analysis (pea) techniques, the researchers say they have managed to disable all security settings, while reprogramming other features.

In their paper (for more, follow the link below), the researchers claim they were able to detect and analyse a backdoor in ProASIC3 chips. They say this backdoor exists in silicon, rather than in firmware, and leaves devices open to a range of attacks.
The researchers claim that, by using pea techniques, they could discover a 'secret key' which allows access to an internal test mode, through which it is possible to disable all security on the chip. Microsemi has responded, claiming there is no designed feature in ProASIC3 fpgas that would enable user security to be circumvented.
In a statement, the company said the internal test mode could only be accessed by customers entering a passcode. It added that, because the researchers have not been in contact, their claims cannot be verified.
In the past, fpgas have been seen as a potential weak link when it comes to design security because, in many cases, the fpga's program would be loaded from a discrete memory and that data flow is open to abuse. However, more recent designs have addressed this issue through the use of AES encryption.
Nevertheless, Microsemi has acknowledged that fpgas are potentially vulnerable to dpa style attacks. "Microsemi anticipated the increasing threats to silicon device security from dpa type attacks and took action several years ago by licensing the dpa patent portfolio of Cryptography Research," it noted. This technology is said to be a feature of a new fpga range due to be launched shortly by Microsemi.
Meanwhile, it says users have the ability to program fpgas using the highest security setting. By selecting this, the use of any passcode to gain access to any device configuration is disabled.
The research paper does concede that ProASIC3 devices are 'at least 100 times harder to attack using DPA than non protected conventional microcontrollers' and that any attacks on the chips would be 'quite a challenging task'.

Author
Graham Pitcher

Supporting Information

Websites
http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
http://www.microsemi.com

Companies
Microsemi

This material is protected by Findlay Media copyright
See Terms and Conditions.
One-off usage is permitted but bulk copying is not.
For multiple copies contact the sales team.

Do you have any comments about this article?


Add your comments

Name
 
Email
 
Comments
 

Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

Hardened DSP blocks for FPGAs

Responding to the increasingly demanding task of designing floating point DSP ...

SKA telescope developments

UK-based start up Adaptive Array Systems (AASL) has been awarded a contract by ...

Fine pitch Cu bumps used

Altera says it is the first company to adopt TSMC's fine pitch copper bump ...

Connectors cut size, weight

Aerospace, whether it's commercial aviation, defence or even satellites, is a ...

Wise eyes in the sky

Most people's first encounter with an autogyro, or gyrocopter, was in the film ...

Programmable platforms

Historically, developers of programmable logic devices – and, more latterly, ...

Power electronics in EVs

This whitepaper presents a review of power electronics systems in electric ...

EV power electronics

This whitepaper from Altera describes the benefits of using fpga based control ...

Using Linux in medical devices

This whitepaper explores the issues that software developers and medical device ...

High CV X5R MLCC series

AVX has added new capacitance values to its high CV X5R MLCC series for mobile, ...

Mil-aero SMPS capacitors

AVX has gained T-Level MIL-PRF-49470 approval for its range of 25V, ...

Low profile UARTs

Exar has introduced two UARTs for the Intel Low Pin Count (LPC) motherboard bus.

Future World Symposium 2014

29th - 30th April 2014, Twickenham Stadium, London

Device Developers' Conference

20th May 2014, Holiday Inn, Bristol

Device Developers' Conference

22nd May 2014, Menzies Hotel, Cambridge

Self-destructing electronics

Researchers at Iowa State University have created transient electronics that ...

Wireless automotive charging

Qi wireless charging for automotive.

SN74LV1Txx logic devices

Support up/down translation modes and slash board space with TI's SN74LV1Txx ...

Defence science & tech

Philip Dunne, Minister for Defence Equipment, Support and Technology talks ...

Are driverless cars necessary?

With the new Formula 1 season kicking off this month and the Geneva Motor Show ...

The challenges of ADAS

Just months after the release of the ISO 26262 automotive functional safety ...

Neelie Kroes, EC Commissioner

"The objective is to ensure that the semiconductor industry in Europe has the ...

Andy Pease, QuickLogic

Andy Pease tells Caroline Hayes his company's focus on programmable logic in ...

Gregg Lowe, Freescale

Freescale's new ceo tells Graham Pitcher that, while he's not 'dancing' yet, ...