LONDON – Microsemi Corp. has denied that there is a "backdoor" in its ProASIC3 FPGAs that would allow users or hackers to circumvent security features. However, the company has also disclosed that a next-generation of programmable devices with enhanced protection will be announced soon.
Microsemi (Aliso Viejo, Calif.) has published a statement following assertions made by academics in Cambridge, England, that they had extracted security keys from ProASIC FPGAs using their own Pipeline Emission Analysis (PEA) technique. The researchers' claim is sensitive because the ProASIC range of FPGAs is considered to be secure and is reportedly used widely in military systems as well as in flight control, industrial and automotive applications.
The researchers – Sergei Skorobogatov and Christopher Woods – of Cambridge University Computing Laboratory and Quo Vadis Labs – claimed that all Actel/Microsemi 3rd generation Flash FPGAs/SOCs including ProASIC3, Igloo, Fusion and SmartFusion have two official security keys and an undocumented backdoor key which allows access to undocumented security features. Actel, the original developer of the FPGA range, was acquired by Microsemi in 2010.
"The AES key can be extracted with DPA [differential power analysis] attacks within minutes and with PEA in less than a second. The passcode key would take years to extract with DPA attack methods, but PEA can extract it within hours," the researchers claimed in a statement published June 1.
The researchers went public ahead of a paper entitled Breakthrough silicon scanning discovers backdoor in military chip that they are due to present at a conference in September 2012.
Microsemi said in its response: "Microsemi has not been able to confirm or deny the researchers' claims since they have not contacted Microsemi with the necessary technical details of the set-up nor given Microsemi access to their custom-designed equipment for independent verification." The company continues: "Microsemi can confirm that there is no designed feature that would enable the circumvention of the user security."
Microsemi acknowledged that there is a privileged internal test facility that is typically used for initial factory testing and failure analysis but said that this feature is disabled on all shipped devices.
Microsemi stated in its response that it had anticipated increased DPA attacks and for this reason licensed the DPA countermeastures patent portfolio of Cryptology Research Inc. (San Francisco, Calif.) several years ago for use in a soon-to-be-announced next generation of programmable logic devices.
-Microsemi Corp. has denied that there is a "backdoor" in its ProASIC3 FPGAs that would allow users or hackers to circumvent security features.-
There is no need to deny security flaw. Just acknowledge and fix it. Unfortunately, this is not software. For hardware, it gets tougher.
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for today’s commercial processor giants such as Intel, ARM and Imagination Technologies.