Last week we ran a story about an unnamed chipmaker which security experts claimed had shipped its products to the American defence industry with a backdoor.
At the time we did not name Microsemi or the fact that it was the ProASIC3 chips which were alledged to have the backdoor, so we were somewhat surprised when the company wrote to us and told us that it didn’t.
It wrote that the ProASIC3 field-programmable gate array is a chip designed to be configured and programmed by customers according to their needs. It has no designed feature that would enable circumvention of the user security, Microsemi told us.
ProASIC3 chips are integrated into systems used in many industries, including the military, for various applications. The chip is marketed by Microsemi as having one of the highest levels of design security on the market.
That statement flies in the face of what the University of Cambridge Ph.D. candidate Sergei Skorobogatov and Christopher Woods, a hardware security researcher at U.K.-based research company Quo Vadis Labs (QVL), claimed.
The pair said they discovered an undocumented function in the ProASIC3 FPGA that can be used by an attacker with physical access to the chip to extract the intellectual property (IP) stored on it, despite such information being encrypted with a user-defined 128-bit AES key.
A draft version of the Skorobogatov and Woods paper leaked online and was used as a source for news stories last week.
The researchers used a technique called Pipeline Emission Analysis (PEA), patented by QVL, to significantly increase the efficiency of differential power analysis (DPA) methods.
DPA attacks can be used to extract cryptographic keys from hardware devices by analysing fluctuations in their power consumption during normal operation.
Using the technique the AES key can be extracted from ProASCI3 chips in seconds instead of hours, and a separate user-defined passcode that protects their configuration settings can be extracted in hours instead of years.
Microsemi said that the function discovered by the researchers is a privileged internal test facility reserved for initial factory testing and failure analysis, but it is disabled in all shipped devices.
The function can only be accessed on a customer-programmed device only if that customer’s passcode is also supplied.
However the researchers hit back over the weekend saying that while customers have an option to program their chosen passcode to increase the security, however, Actel/Microsemi does not tell its customers that a special fuse must be programmed in order to get the backdoor protected with both the passcode and backdoor keys.
If a customer passcode is used to protect the backdoor function, that passcode can be recovered in hours with the PEA technique, the researchers said.
Microsemi claimed that it could not duplicate the researchers attack because it didn’t have access to the technology and hardware setup they claim to have used.
But the researchers said that the PEA technique is described in QVL’s patent.