[cryptography] [Overhyped] Backdoor found in popular FPGA chip
noloader at gmail.com
Mon Jun 4 13:44:02 EDT 2012
A bit off topic, but interesting discussion of extracting keys from a
chip using power analysis.
The researchers located the JTAG (Joint Test Action Group) interface
on the FPGA, used for programming the chip, and applied a fuzzing-like
approach to derive information about the functionality of the JTAG
engine on the chip. That analysis led to the discovery of one function
that was requesting a 128-bit key that was not the passkey. The
researchers used Pipeline Emission Analysis (PEA), a more sensitive
form of differential power analysis, to extract this key. The research
is sponsored by Quo Vadis Labs, who specialise in PEA and its use in
extracting keys from secure devices.
What is known is that fuzzing the JTAG interface, in combination with
technology such as PAE, is a viable way of locating backdoors and that
such backdoors would probably require the replacement of the entire
chip as it is unlikely that the problem could be patched in place. The
paper also suggests that identifying backdoors and extracting keys
would offer "a new and inviting area of cyber warfare".
A response from Actel/Microsemi on the research findings is awaited;
the paper is to presented at September's "Workshop on Cryptographic
Hardware and Embedded Systems 2012" (CHES 2012).
More information about the cryptography