Backdoor found in popular FPGA chip
A widely reported Chinese backdoor in military chips appears to have little to do with the Chinese, but the backdoor in the FPGA chip is real, probably part of the manufacturer's debugging hardware, and is unlikely to be easily disabled.
Over the weekend, there were numerous reports that proof of a backdoor in a chip "used by the military" had been found. The reports stemmed from a University of Cambridge researcher's web page which claimed that, in the course of research, an "American military chip that is highly secure with sophisticated encryption standard" was scanned and a "previously unknown backdoor inserted by the manufacturer" was found. It went on to say that, once a key had been extracted from the chip, that key could be used to disable or reprogram the chip even if locked, and suggested that, given the prevalence of the chip in question in everything from weapons to public transport, it could "be turned into an advanced Stuxnet weapon".
The draft of the associated paper gave more details though. Firstly, the chip in question was a Actel/Microsemi ProASIC3 chip, a "military grade" FPGA (Field Programmable Gate Array) which has a 128-bit AES encryption key to protect its contents and configuration, the intellectual property (IP) of the chip programmer. The chip is not an "American military chip" but an off-the-shelf component used in a wide variety of applications, including US military applications, and its encryption capabilities are specifically designed to only protect the IP.
The researchers located the JTAG (Joint Test Action Group) interface on the FPGA, used for programming the chip, and applied a fuzzing-like approach to derive information about the functionality of the JTAG engine on the chip. That analysis led to the discovery of one function that was requesting a 128-bit key that was not the passkey. The researchers used Pipeline Emission Analysis (PEA), a more sensitive form of differential power analysis, to extract this key. The research is sponsored by Quo Vadis Labs, who specialise in PEA and its use in extracting keys from secure devices.
The paper makes no mention of China or Chinese manufacturers inserting the backdoor. Other researchers suggest that the backdoor is actually part of the functionality of the chip and that Actel/Microsemi thought of it as a debug feature. Using this backdoor key, the paper says it was possible to unlock a number of undocumented functions including accessing the IP stored in the FPGA, and to reprogram secure memory on the device. Actel has, according to the paper, claimed that the configuration cannot be read back through the JTAG, a claim that does not appear to hold up with the discovery of the backdoor key.
What is known is that fuzzing the JTAG interface, in combination with technology such as PAE, is a viable way of locating backdoors and that such backdoors would probably require the replacement of the entire chip as it is unlikely that the problem could be patched in place. The paper also suggests that identifying backdoors and extracting keys would offer "a new and inviting area of cyber warfare".
A response from Actel/Microsemi on the research findings is awaited; the paper is to presented at September's "Workshop on Cryptographic Hardware and Embedded Systems 2012" (CHES 2012).