CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Trojan Detection using IC Fingerprinting
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Towards trojan-free trusted ICs: problem analysis and detection scheme
Proceedings of the conference on Design, automation and test in Europe
Randomization Based Probabilistic Approach to Detect Trojan Circuits
HASE '08 Proceedings of the 2008 11th IEEE High Assurance Systems Engineering Symposium
Detecting malicious inclusions in secure hardware: Challenges and solutions
HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
A region based approach for the identification of hardware Trojans
HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
Hardware Trojan detection using path delay fingerprint
HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
The State-of-the-Art in IC Reverse Engineering
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
A Survey of Hardware Trojan Taxonomy and Detection
IEEE Design & Test
Flash memory 'bumping' attacks
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Self-referencing: a scalable side-channel approach for hardware Trojan detection
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Introduction to Hardware Security and Trust
Introduction to Hardware Security and Trust
Data remanence in flash memory devices
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
VeriTrust: verification for hardware trust
Proceedings of the 50th Annual Design Automation Conference
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips for accessing FPGA configuration. The backdoor was found amongst additional JTAG functionality and exists on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), our pioneered technique, we were able to extract the secret key to activate the backdoor, as well as other security keys such as the AES and the Passkey. This way an attacker can extract all the configuration data from the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device. Clearly this means the device is wide open to intellectual property (IP) theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan. Most concerning, it is not possible to patch the backdoor in chips already deployed, meaning those using this family of chips have to accept the fact they can be easily compromised or will have to be physically replaced after a redesign of the silicon itself.