[Cryptech Tech] FPGA security (was: nasty attack vector to consider: Stealthy Dopant Level Hardware Trojans)

=JeffH Jeff.Hodges at KingsMountain.com
Thu Jan 16 18:29:16 UTC 2014


Warren sez..
 >
 > I *think* that concerns like that are part of the reason for using an
 > FPGA for stuff like this -- the theory being that the device is
 > generic enough, and it is (hopefully) not feasible for an attacker /
 > the manufacturer to predict which block will be used for what, and so
 > difficult to know what is interesting and so worth leaking through
 > side channels.

gotcha

 > I think that the plan is to view the components as untrustworthy as
 > much as possible, and design with that in mind.

good, cuz fpga's are apparently more complex than they appear at first 
glance and there's backdoor issues with them too..

Bogus story: no Chinese backdoor in military chip
By Robert Graham
Monday, May 28, 2012
http://blog.erratasec.com/2012/05/bogus-story-no-chinese-backdoor-in.html

[ aka, "not a chinese-perpetrated backdoor, but an instance of more general 
exploit of the chip's JTAG debug facility..." ]

there's a fair bit of detail in the blog post and in the comments

=JeffH




More information about the Tech mailing list