Microsemi denies FPGAs have backdoor security flaw

LONDON – Microsemi Corp. has denied that there is a "backdoor" in its ProASIC3 FPGAs that would allow users or hackers to circumvent security features. However, the company has also disclosed that a next-generation of programmable devices with enhanced protection will be announced soon.

Microsemi (Aliso Viejo, Calif.) has published a statement following assertions made by academics in Cambridge, England, that they had extracted security keys from ProASIC FPGAs using their own Pipeline Emission Analysis (PEA) technique. The researchers' claim is sensitive because the ProASIC range of FPGAs is considered to be secure and is reportedly used widely in military systems as well as in flight control, industrial and automotive applications.

The researchers – Sergei Skorobogatov and Christopher Woods – of Cambridge University Computing Laboratory and Quo Vadis Labs – claimed that all Actel/Microsemi 3rd generation Flash FPGAs/SOCs including ProASIC3, Igloo, Fusion and SmartFusion have two official security keys and an undocumented backdoor key which allows access to undocumented security features. Actel, the original developer of the FPGA range, was acquired by Microsemi in 2010.

"The AES key can be extracted with DPA [differential power analysis] attacks within minutes and with PEA in less than a second. The passcode key would take years to extract with DPA attack methods, but PEA can extract it within hours," the researchers claimed in a statement published June 1.

The researchers went public ahead of a paper entitled Breakthrough silicon scanning discovers backdoor in military chip that they are due to present at a conference in September 2012.

Microsemi said in its response: "Microsemi has not been able to confirm or deny the researchers' claims since they have not contacted Microsemi with the necessary technical details of the set-up nor given Microsemi access to their custom-designed equipment for independent verification." The company continues: "Microsemi can confirm that there is no designed feature that would enable the circumvention of the user security."

Microsemi acknowledged that there is a privileged internal test facility that is typically used for initial factory testing and failure analysis but said that this feature is disabled on all shipped devices.

Microsemi stated in its response that it had anticipated increased DPA attacks and for this reason licensed the DPA countermeastures patent portfolio of Cryptology Research Inc. (San Francisco, Calif.) several years ago for use in a soon-to-be-announced next generation of programmable logic devices.


Related links and articles:

Cambridge researchers' statement

Microsemi response

News articles:

Microsemi buys Actel for $430 million