29 May 2012
Researchers from the University of Cambridge and Quo Vadis Labs allegedly found a back door in a commercial field-programmable gate array (FPGA) marketed as a secure tool for military applications. This would be a world premiere.
Sergei Skorobogatov and Christopher Woods chose the Actel ProASIC3 as the field-programmable gate array to be analyzed. This is a widely used device they thought was ideal for research because it boasts of superior security and is known to have military users.
According to the paper, the backdoor was found on the silicon itself, not in any firmware loaded onto the chip. Researchers extracted the secret key to activate the backdoor using Pipeline Emission Analysis (PEA).
“This way an attacker can disable all the security on the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device,” Sergei Skorobogatov and Christopher Woods said in the report. “The device is wide open to intellectual property theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan.”
The biggest concern, they said, is that no backdoor patch is available for chips already deployed, and those compromised need to be physically replaced after a redesign of the silicon itself.
The “Breakthrough silicon scanning discovers backdoor in military chip” paper was published as a draft, but researchers promised to detail the exploit fully at the 2012 Workshop on Cryptographic Hardware and Embedded Systems in Belgium.