backdoor in military chips
Jared Sperli stashed this in security
Stashed in: Military!
Abstract. This paper is a short summary of the first real world detection of a
backdoor in a military grade FPGA. Using an innovative patented technique we
were able to detect and analyse in the first documented case of its kind, a
backdoor inserted into the Actel/Microsemi ProASIC3 chips. The backdoor
was found to exist on the silicon itself, it was not present in any firmware
loaded onto the chip. Using Pipeline Emission Analysis (PEA), a technique
pioneered by our sponsor, we were able to extract the secret key to activate the
backdoor. This way an attacker can disable all the security on the chip,
reprogram crypto and access keys, modify low-level silicon features, access
unencrypted configuration bitstream or permanently damage the device.
Clearly this means the device is wide open to intellectual property theft, fraud,
re-programming as well as reverse engineering of the design which allows the
introduction of a new backdoor or Trojan. Most concerning, it is not possible to
patch the backdoor in chips already deployed, meaning those using this family
of chips have to accept the fact it can be easily compromised or it will have to
be physically replaced after a redesign of the silicon itself.
Keywords: Hardware Assurance; silicon scanning; side-channel analysis;
hardware Trojans and backdoors