Cracks in FPGA chips' encryption nothing to worry about

Cracking the encryption used in embedded systems chips is nothing to worry about, says one of the biggest makers of chips of that type. .

Xilinx makes Field Programmable Gate Array (FPGA) chips for the US defence industry and claims it was not surprised when its products were hacked by a team of German researchers.

A company spokesman told GCN magazine it was aware of the hack for some years but also knew that the encryption protecting the configuration bitstream that provides instructions to the FPGA when it is powered up is only one layer of the chip’s security, he said.

The aerospace and defence industries who buy the chips know about the security problems in the hardware they use and implement their own cunning plans, he said,

He claimed that this was “a feature” that companies liked. It allowed users to set up their own defenses and allows greater flexibility in how the chips are used.

Xilinx, whose co-founders invented the first commercially viable FPGAs in 1985, has about half of the market.

FPGA was cracked by boffins at the Horst Gortz Institute for IT-Security at Ruhr University.

They were able to extract the key used to decrypt data in two models of FPGAs made by Xilinx using differential power analysis (DPA). This is a side-channel attack that looks at the the power consumption of the chip during the decryption process.

Looking at this they could extract the 256-bit Advanced Encryption Standard decryption keys from chips and decode it all in six hours.

Xilinx pointed out that it was really hard to mount an attack using this method as there were all sorts of barriers to entry.