Hardware Vulnerabilties and Military Chips
I know it is hard to turn our attention away from the NSA spying programs, but it might be worthwhile to consider that other significant threats to American security exist, possibly even ones greater the potential for government abuse. To that end, this report, that came across my desk today, is chilling. In a paper entitled "Breakthrough Silicon Scanning Discovers Backdoor in Military Chips" two researchers from the UK discovered evidence of manipulations in the actual silicon wa
Published by The Lawfare Institute
in Cooperation With
I know it is hard to turn our attention away from the NSA spying programs, but it might be worthwhile to consider that other significant threats to American security exist, possibly even ones greater the potential for government abuse. To that end, this report, that came across my desk today, is chilling. In a paper entitled "Breakthrough Silicon Scanning Discovers Backdoor in Military Chips" two researchers from the UK discovered evidence of manipulations in the actual silicon wafers themselves (not any firmware on the chip) that rendered chips vulnerable to exploitation. To my knowledge (which is not comprehensive!) this is the first such instance of this type of exploit ever publicly disclosed. Here's the abstract:
This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips. The backdoor was found to exist on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), a technique pioneered by our sponsor, we were able to extract the secret key to activate the backdoor. This way an attacker can disable all the security on the chip,reprogram crypto and access keys, modify low-level silicon features, accessun encrypted configuration bitstream or permanently damage the device.Clearly this means the device is wide open to intellectual property theft, fraud,re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan. Most concerning, it is not possible to patch the backdoor in chips already deployed, meaning those using this family of chips have to accept the fact it can be easily compromised or it will have to be physically replaced after a redesign of the silicon itself.
Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.