Cracks in encryption security for embedded chips not fatal, company says
- By William Jackson
- Jul 26, 2011
The recent demonstration of a practical technique for cracking the encryption used to protect programmable chips widely used in the defense and aerospace industries comes as no surprise to the manufacturer of the chips.
“We have known about this for many years,” said a spokesman for Xilinx Inc., whose Field Programmable Gate Array (FPGA) chips were used by a team of German researchers.
But the encryption protecting the configuration bitstream that provides instructions to the FPGA when it is powered up is only one layer of the chip’s security, he said. Users in the aerospace and defense industries are well aware of security issues in the hardware they use and implement their own countermeasures.
Team cracks chips used in military, aerospace systems
“There are ways around this,” the spokesman said. Allowing users to implement their own defenses allows greater flexibility in how the chips are used. “In engineering, everything is a trade-off.”
FPGA is an integrated circuit that can be configured after manufacture by loading a configuration stored in separate memory when it is powered up. This can be more flexible and cost-effective than an Application Specific Integrated Circuit, although the chips are not as energy efficient or powerful as ASICs.
Xilinx, whose co-founders invented the first commercially viable FPGAs in 1985, claims about 50 percent of the market.
Researchers at the Horst Gortz Institute for IT-Security at Ruhr University reported in a paper this month that they were able to extract the key used to decrypt data in two models of FPGAs made by Xilinx using differential power analysis (DPA), a side-channel attack that analyzes the power consumption of the chip during the decryption process. They reported that they were able to extract the 256-bit Advanced Encryption Standard decryption keys from chips with moderate effort, taking six hours of analysis for one model and nine hours with a more complex one.
The researchers said their work takes differential power analysis attacks out of the academic playground and has real-world implications on the security of systems using FPGAs, including the possible theft of intellectual property and the possibility of configuration code being modified or replaced. Although the researchers used off-the-shelf hardware for the attack, the Xilinx spokesman said the barrier to entry in this type of attack remains high.
“While we don’t want to downplay this, the amount of sophistication and time it takes to do this kind of analysis makes it pretty tough,” the spokesman said. It requires physical access to the system containing the FPGA, removing some components to reduce the amount of “noise” in the electronic signals being analyzed, and a high level of expertise, along with some high-end equipment.
Paul Kocher, president of Cryptography Research and one of the developers of DPA, said that countermeasures against this type of attack could be implemented in FPGAs with a couple man weeks of effort and that many chip manufacturers have done this.
“They should have done this years ago,” he said.
The Xilinx spokesman would not say if specific DPA defenses would be included in future FPGAs.
“We have dedicated teams of researchers who are always looking at security issues,” he said. “We continue to look at ways to implement methods that are cost-effective and practical for our customers.”
William Jackson is a Maryland-based freelance writer.