Friday, June 01, 2012

Chinese/military backdoor: Microsemi and Skorobogatov respond

The original researchers respond to my post making the following two assertions:

  1. The issue exposed by their paper is threat from China.
  2. They have no idea why people have linked China to their paper as it did not come from them.

One of those statements can be true, but not both.

They continue to play the military angle. The truth is that the military cares about chips operating at high temperatures, and could care less about intellectual property, encryption, and backdoors in 99% of applications. The military would happily buy guns from China, for example.

In other words, Skorobogatov continues to attempt to link their paper to China and the military in order to cause FUD, and these links are dishonest. There is an interesting issue for intellectual property, but any link to either China or the military is largely nonsense.

Microsemi/Actel also has issued their official response. It is as dishonest as Skorobogatov. They use the Apple trick of saying "the researcher hasn't helped us reproduce it, so no problem exists". They ignore the real crux of the problem, which is that the researchers were able to read back the configuration, despite Microsemi/Actel's assurances that no such functionality exists in any mode (debug or otherwise).

My interpretation after reading the paper, Microsemi/Actel's response, and the comments to my blog, it sounds like there are multiple levels of security, and that all Skorobogatov did was break the next higher level. Maybe there is a default key for the next higher level that customers didn't realize existed, so are shipping their chips at the lower level. This would explain both the discovery of a "backdoor" and claims that "there is no backdoor". In my experience in cybersecurity, this is pretty typical, that both sides are right.

The important part of Microsemi's statement is that they "confirm that there is no designed feature that would enable the circumvention of the user security" by "Microsemi or anyone else".

To summarize: Skorobogatov appears to have found a way to read the data off of the FPGA and steal intellectual property. This is actually a very important result, although few outside the hardware world would care. Anybody using Microsemi/Actel's chips should be afraid of that threat. The China and military angles, though, are dishonest.

Skorobogatov responds to my original post with the following points, so I thought I'd rebut them individually.
1) We have made no reference to any Chinese involvement in either of the released papers or any reference to espionage. Therefore we don't agree with Robert Graham's assertion that we suggest Chinese involvement. So we have no idea why people have linked the Chinese to this as it did not come from us.
Of course you linked to China, as you did again in this article.

2) As far as we are concerned the back door was implemented by the manufacturers at the design stage and we suggest that in the papers.
You have no evidence that it's a "backdoor" and not something that customers can disable. Maybe the chips you've tested haven't had the higher layer of security turned on.

3) We do not know if the chip was certified to hold secrets or not. We quote Actel and their website which says that the ProASIC and other flash lines are sold to the military as well as into automotive, aerospace, medical and consumer systems. It is a very secure device with AES encryption, if you use it, then you want to protect the IP and there is no better way that using AES with no read-back.
Military means "high temperatures", not "AES encryption". You are deliberately misleading people who think that every thing the military does must be encrypted.

4) It is not just a simple JTAG hack, there is a lot more involved than that and it's contained in the paper.
Yes, I've read your paper. And your PEA trick seems quite impressive. But you link to China and the military, which puts your work in my world of cybersecurity. All your issues about reverse engineering, backdooring, and trojans already exist in my world. The "taxonomy" of hardware trojans that is reference [1] in your paper (which links to China, by the way) is pretty primitive and naive compared to the taxonomy of software backdoors/trojans in cybersecurity. In my world, what was important is that you fuzzed the JTAG port, not that you used PEA to guide the fuzzing.

5) We do not agree it is just a debug port, you do not need a debug port to circumvent the security on the chip and read back the IP whilst telling everyone else no such feature exists.
Yes, I agree that this is the real story, to which you do disservice with the China/military FUD.

No comments: