While the electronics industry works to improve its supply chain integrity, the need for chip companies to keep some features secret sometimes clashes with the need for more transparency at the OEM -- and ultimately the end-user -- level.
That's the case in one of the examples cited in a Gartner report published last fall. In this final of three blog posts on the insecurity of the commercial IT supply chain as described in that report, I'll explain the incident and the broader problem it represents.
Last summer, University of Cambridge PhD candidate Sergei Skorobogatov and fellow research Christopher Woods reported in an academic paper that they had discovered a backdoor in Microsemi/Actel ProASIC3 FPGA chips. The paper said that the researchers had used a technique called pipeline emission analysis to extract a key to the back door.
According to Skorobogatov:
If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems.
The paper caused a flurry of concern because the ProASIC FPGAs are reportedly widely used in military systems, flight control, and industrial and automotive applications. But Microsemi (which acquired Actel in 2010) says that what the researchers found was not a backdoor, but rather an integral part of the chipís security. In order to access the information -- pre-programmed data such as the unique ID of the device and other data necessary for the production, manufacturing, and testing of the device -- a hacker would have to break into the chipís first-line security, or the front door, first, says Paul Ekas, vice president of marketing for SOC products at Microsemi.
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for todayís commercial processor giants such as Intel, ARM and Imagination Technologies.