|We released the drafts of our full papers on QVL technology due to accidental publicity, because someone put the link to our very old drafts of abstracts on Reddit. Now people can judge on their own rather than speculating on what we had wrote about.
Full version of our paper "In the blink of an eye: There goes your AES key" is now published in IACR Cryptology ePrint Archive, Report 2012/296, 2012. It explains how the AES key from highly secure FPGA can be extracted in less than a second with 100-dollar worth hardware.
Full version of our paper "Breakthrough silicon scanning discovers backdoor in military chip" will appear at CHES2012 workshop in September. It will expose some serious security issues in the devices which are supposed to be unbreakable. Here is the draft version of our paper: Breakthrough silicon scanning discovers backdoor in military chip (DRAFT)
|With the growing interest to the QVL technology from industrial companies and government departments it will be beneficial to answer some frequently asked questions.
Can QVL technology break unbreakable chips?
Yes and No. It is based on side-channel attacks and therefore has some obvious limitations. However, in some cases it can improve the efficiency of DPA attacks by a factor of 1 million. For example, in order to extract the AES key from a secure FPGA one would need about 1 hour with a classic DPA setup that cost between 50k USD and 100k USD (descent oscilloscope, modern PC and special software). QVL setup will do the job in 0.01 seconds with the components cost below 100 USD. This is 100'000 times improvement in time and 1'000 times less in cost. However, attacking properly designed ASIC data protection solution might take over 1000 years with DPA, but just 1 day with QVL. In general, if by 'unbreakable' one assumes 'infeasible' because of time and/or cost then QVL can usually help.
Can QVL technology improve existing techniques like SPA, DPA, EMA, DEMA?
Yes, it can extend existing methods with the new technique called pipeline emission analysis (PEA) aimed at boosting the sensitivity of leakage signals sensing by 10dB to 40dB. That way the attack time can be substantially reduced thus threating security in devices like smartcards, secure memories, ASICs and FPGAs previously thought to be unbreakable.
What are the areas of possible applications for the QVL technology?
There are many areas of applications for QVL technology. The most important are: improving sensors sensitivity in automotive, aerospace, medical and military applications; testing semiconductor chips for side-channel emissions to eliminate DPA attacks against cryptographic applications and password protections; hardware assurance testing against trojans and backdoors; monitoring of device activities by following execution and algorithm flow in real time.
Who can benefit from the QVL technology?
Chip manufacturers who look for improving security protection and post-production testing. System developers who want independent analysis of the chips used in their devices to avoid side-channel leakages, trojans and backdoors. Security evaluation companies which are interested in improving their analysis techniques and expanding test methods.
How Quo Vadis Lab can help?
We can educate engineers in industrial companies and government agencies so that they can be aware of the technology, its limitations and possible applications. We can develop special test boards according to the requirements, specification, needs and application. We can provide technical support and consulting.
What is the greatest danger from the QVL technology?
Like DPA attacks it can be used to break crypto keys, passwords and algorithms, but it is far more efficient and very cheap, so everyone can afford it. If used by malicious people it can threat the security in many secure semiconductor chips including smartcards, secure memory, RFID and ASICs. Therefore, it would be beneficial to test existing secure products against the QVL and improve the security protection when necessary.
Are there any limitations for distribution of the QVL technology?
Yes, there are export control regulations and strict NDA for anyone who wants to know more about the technology. It is not available to private individuals and any requests are subject to checks and approvals.
Is there a dedicated website for the technology?
|Current issues. UK officials are fearful that China has the capability to shut down businesses, military and critical infrastructure through cyber attacks and spy equipment embedded in computer and telecommunications equipment. The Stuxnet worm is the most famous and best case example of a cyber attack on a network which wreaked devastation having easily compromised conventional software defensive systems. There have been many cases of computer hardware having backdoors, Trojans or other programs to allow an attacker to gain access or transmit confidential data to a third party. Considerable focus and expense has been invested in software computer networks and system defences to detect and eradicate such threats.
However, similar technology with antivirus or anti Trojan capability for hardware (silicon chips) is not available. The computer or network hardware underpins and runs all the software defence systems. If the hardware has a vulnerability then all the energy in defending at the software level is redundant. An effort must be made to defend and detect at the hardware level for a more comprehensive strategy.
Our findings. Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
Key features of our technology:
Currently there is no economical or timely way of ascertaining if a manufacturer's specifications have been altered during the manufacturing process (99% of chips are manufactured in China), or indeed if the specifications themselves contain a deliberately inserted potential threat.
Conclusions. It is clear that cyber attacks will increasingly be of this nature, having most impact; it is imperative that this issue is addressed as a matter of urgency. We would suggest making hardware assurance (HWA) & hardware defence (HWD), the testing of silicon chips for backdoors and Trojans, and their defence, a greater priority within the National Cyber Strategy. Until now it was not possible to perform such analysis in a timely or cost effective manner. Our technology provides a solution. A variation in this technology could be used as a backstop defence on a computer or network system where it can monitor instructions and possible reprogramming or activation of a buried spy system in a real time environment, thereby preventing Stuxnet type attacks.
Further funding is needed for us to progress to testing further silicon chips and to develop better search algorithms which would allow us to detect possible spy systems or vulnerabilities in a greater range of systems.
|Can Darpa Fix the Cybersecurity 'Problem From Hell?'
Ensuring Hardware Cybersecurity
'Overlooked' hardware security needs closer scrutiny
The Navy Bought Fake Chinese Microchips That Could Have Disarmed U.S. Missiles
Ensuring Hardware Cybersecurity
Defense Industrial Base Assessment: Counterfeit Electronics
Cyberspace policy review
High Performance Microchip Supply
DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools
UK critical systems cyber warning
Spies, military looking for hacker-, backdoor-proof circuits
U.S. Senate Panel Targets Counterfeit Electronic Parts
Background Memo: Senate Armed Services Committee Hearing on Counterfeit Electronic Parts in the DOD Supply Chain
TROJAN CHIPS COULD CRIPPLE US ATTACK ON IRAN
The Hunt for the Kill Switch
SEMICONDUCTOR TECHNOLOGY AND U.S. NATIONAL SECURITY
Foreign chips causing concern for the military
Shadow Supply Chain Demands System-Level Verification
Old Trick Threatens the Newest Weapons
|Abstract. This paper is a short summary of a real world AES key extraction performed on a military grade FPGA marketed as 'virtually unbreakable' and 'highly secure'. We demonstrated that it is possible to extract the AES key from the Actel/Microsemi ProASIC3 chip in a time of 0.01 seconds using a new side-channel analysis technique called Pipeline Emission Analysis (PEA). This new technique does not introduce a new form of side-channel attacks (SCA), it introduces a substantially improved method of waveform analysis over conventional attack technology. It could be used to improve upon the speed at which all SCA can be performed, on any device and especially against devices previously thought to be unfeasible to break because of the time and equipment cost. Possessing the AES key for the ProASIC3 would allow an attacker to decrypt the bitstream or authenticate himself as a legitimate user and extract the bitstream from the device where no read back facility exists. This means the device is wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan. We show that with a very low cost hardware setup made with parts obtained from a local electronics distributor you can improve upon existing SCA up to a factor of x1,000,000 in time and at a fraction of the cost of existing SCA equipment.|
|Abstract. This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips. The backdoor was found to exist on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), a technique pioneered by our sponsor, we were able to extract the secret key to activate the backdoor. This way an attacker can disable all the security on the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device. Clearly this means the device is wide open to intellectual property theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan. Most concerning, it is not possible to patch the backdoor in chips already deployed, meaning those using this family of chips have to accept the fact it can be easily compromised or it will have to be physically replaced after a redesign of the silicon itself.|
|Many semiconductor chips used in a wide range of applications require protection against physical attacks or tamper resistance. These attacks assume that a direct access to the chip is possible with either establishing electrical connections to signal wires or at least doing some measurements. The importance of protection against physical attacks is dictated by the amount of valuable and sensitive information stored on the chip. This could be secret data or company secrets and intellectual property (IP), electronic money for service access, or banking smartcards. The security in chips serves to deter prospective attackers from performing unauthorized access and benefiting from it.|
Keywords: hardware security, analysis, evaluation, computer testing, microcontroller, smartcard, embedded systems, tamper resistance, smartcard systems, breaking copy protection, IP, data extraction, AES key, DES, TDES, RSA, SHA-1, electronic engineering, invasive, non-invasive, semi-invasive attacks, optical probing, side-channel, EMA, power analysis, cryptography, encryption, crypto, digital electronics, controllers, MCU, CPLD, FPGA, ASIC, IC, fuse, antifuse, flash, EPROM, EEPROM, lock bits, attacking, cracking, hacking, crack, hack, unlock, unprotect, break, reverse engineer, recover, recovery, PIC, AVR, MSP430, H8, ST62, Z86, HC908, PIC16, PIC18, PIC24, dsPIC30, dsPIC33, DS2432, AT89, AT90, ATMEGA, ATtiny, PA3, A3P, ProASIC, ProASIC3, Igloo, Fusion, SmartFusion, passkey, flashlock, iButton
<sps32 (at) cam.ac.uk>
<Sergei.Skorobogatov (at) hushmail.com>
created 14-10-2011 -- last modified 07-02-2013 -- http://www.cl.cam.ac.uk/~sps32/