Slashdot Mirror
Backdoor Found In China-Made US Military Chip?
Hugh Pickens writes "Information Age reports that the Cambridge University researchers have discovered that a microprocessor used by the US military but made in China contains secret remote access capability, a secret 'backdoor' that means it can be shut off or reprogrammed without the user knowing. The 'bug' is in the actual chip itself, rather than the firmware installed on the devices that use it. This means there is no way to fix it than to replace the chip altogether. 'The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,' writes Cambridge University researcher Sergei Skorobogatov. 'It also raises some searching questions about the integrity of manufacturers making claims about [the] security of their products without independent testing.' The unnamed chip, which the researchers claim is widely used in military and industrial applications, is 'wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan', Does this mean that the Chinese have control of our military information infrastructure asks Rupert Goodwins? 'No: it means that one particular chip has an undocumented feature. An unfortunate feature, to be sure, to find in a secure system — but secret ways in have been built into security systems for as long as such systems have existed.'" Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.
This is all Steve Jobs' fault. I blame him.
It sells...
Even if this case turns out to be a false alarm, allowing a nation that you repeatedly refer to as a 'near-peer competitor' to build parts of your high-tech weaponry is idiotic.
Would somebody please tease out something a little more credible?
"Extraordinary claims require extraordinary evidence..."
The original article is here.
It refers to an Actel ProAsic3 chip, which is an FPGA with internal EEPROM to store the configuration.
The determined Real Programmer can write Fortran programs in any language.
Either the claims will be backed up by independently reproduced tests or they won't. But, given his apparent track record in this area and the obvious scrutiny this would bring, Skorobogatov must have been sure of his results before announcing this.
Here's his publications list from his University home page, FWIW:
http://www.cl.cam.ac.uk/~sps32/#Publications
Burns: We're building a casino!
McAllister: Arrr. Give me 5 minutes.
Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.
Hey hey HEY! You stop that right this INSTANT, samzenpus! This is Slashdot! We'll have none of your "actual investigative research" nonsense around here! Fear mongering to sell ad space, mister, and that's ALL! Now get back to work! We need more fluffy space-filling articles like that one about the minor holiday labeling bug Microsoft had in the UK! That's what we want to see more of!
From TFA:
Today we released the drafts of our full papers on QVL technology due to accidental publicity, because someone put the link to our very old drafts of abstracts on Reddit.
This is a security guy I would trust, yessir.
Not sure how exciting this is, as they needed physical access to the chip to get anything out of it.
Why would a country not pay (or direct) a company to create products with particular subtle flaws ?
It would cost 1000x more to discover and leverage a known flaw, than to just get an engineer to insert one - with or without the blessing of his management.
The future is not bright.
That entire article reads more like a press release with FUD than anything with any facts.
Which chip?
Which manufacturer?
Which US customer?
No facts and LOTS of claims. It's pure FUD.
(Not that this might not be a real concern. But the first step is getting past the FUD and marketing materials and getting to the real facts.)
But it does highlight the dangers in outsourcing production of something as sensitive as military hardware, when there's very few ways to actually verify on-chip silicon as being what you ordered, with no extraneous functionality.
Any particular chip can be reasonably expected to have it's application reverse engineered by an intelligence agency if you know the schematics and an idea of the intended use. If you can't make sure the chip won't do any more then you want it to, then how hard would be it be, really, to slip in backdoor code which reacts to certain inputs? i.e. if you're manufacturing a microwave amplifier IC to be used in a radar system, then something as simple as allowing a certain key of radar pulses to cause the thing to fuzz it's output for a second, or mimic a failure condition, would be disastrous if the chip was ultimately used in a radar guided missile or an F-22. China just issues the appropriate pulse-codes and suddenly there's a mysteriously high failure rate, or greatly reduced combat effectiveness because no one can get a missile lock.
Chinese leaders are in a cold war with the west. As such, it is far cheaper and easier to be able to shut down an adversaries equipment if you are manufacturing it for them. If the west would quit being foolish, they would insist on equipment made in secured companies. And Google has already proved that nothing in China is secured from the gov.
I prefer the "u" in honour as it seems to be missing these days.
The US military should have a strict policy of only buying military parts from sovereign, free, democratic countries with a long history of friendship, such as Israel, Canada, Europe, Japan and South Korea.
Didn't the US and UK governments sell crypto equipment they knew they could break to their 'allies' during the Cold War?
The back-door described in the white paper requires access to the JTAG (1149.1) interface to exploit. Most deployed systems do not provide an active external interface for JTAG. With physical access to a "secure" system based upon these parts, the techniques described in the white paper allow for a total compromise of all IP within. Without physical access, very little can be done to compromise systems based upon these parts.
Sun Tzu said the greatest victory is one which doesn't require a shot. One won by subverting the enemy from within.
What greater subversion can there be than to convince the enemy to hire you to build their weapon's systems components?
Apparently the American Military (and probably that of the rest of the world) hasn't bothered reading any "classic" literature on warfare before signing on the dotted line...
I do not fail; I succeed at finding out what does not work.
1) Read the paper http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
2) This is talking about FPGAs designed by Microsemi/Actel.
3) The article focuses on the ProAsic3 chips but says all the Microsemi/Actel chips tested had the same backdoor including but not limited to Igloo, Fusion and Smartfusion.
4) FPGAs give JTAG access to their internals for programming and debugging but many of the access methods are proprietary and undocumented. (security through obscurity)
5) Most FPGAs have features that attempt to prevent reverse engineering by disabling the ability to read out critical stuff.
6) These chips have a secret passphrase (security through obscurity again) that allows you to read out the stuff that was supposed to be protected.
7) These researchers came up with a new way of analyzing the chip (pipeline emission analysis) to discover the secret passphrase. More conventional anaylsis (differential power analysis) was not sensitive enough to reveal it.
This sounds a lot (speculation on my part) like a deliberate backdoor put in for debug purposes, security through obscurity at it's best. It doesn't sound like something secret added by the chip fab company, although time will tell. Just as embedded controller companies have gotten into trouble putting hidden logins into their code thinking they're making the right tradeoff between convenience and security, this hardware company seems to have done the same.
Someone forgot to tell the marketing droids though and they made up a bunch of stuff about how the h/w was super secure.
...American.
This, of course, means the USA needs to produce too.
Absolutely. The US military should have a strict policy of only buying military parts from sovereign, free, democratic countries with a long history of friendship, such as Israel, Canada, Europe, Japan and South Korea.
And a preference should be given to American-made parts, since you need domestic factories to mobilise in times of war.
First problem..... they already have that policy. But the problem is that the components used for military and government applications have to be purchased from American companies. Then to save a buck, the companies sub-contract for components from places like China and "assemble" the equipment in friendly countries. That way, the product does not have a "made in China" sticker on them.
Second problem.... 20 years ago the DOD had their own processor manufacturing facilities, IC chips, etc. They were shut down in favor of commercial equipment because some idiot decided it was better to have an easier time buying replacement parts at Radioshack than buying quality military-grade components that could last in austere environments. (Yes, speaking from experience). Servers and workstations used to be built from the ground up at places like Tobyhanna Army Depot. Now, servers and workstations are bought from Dell.
sudo make me a sandwich
First off, military != economics. They are totally different issues.
Secondly, the US, in fact, the west, still produces loads of chips. It is not impossible to scale it back up.
From a security POV, the west SHOULD keep the manufacturing in-house. As it is, the Chinese gov. subsidized electronics, AE, etc. to get the tech from the west. It is in the west's best interest to simply walk away from this. At least where it concerns our military.
Ideally, we will use that to re-start the consumer side as well.
I prefer the "u" in honour as it seems to be missing these days.
From the draft paper's conclusion:
We investigated the PA3 backdoor problem through Internet searches, software and hardware analysis and found that this particular backdoor is not a result of any mistake or an innocent bug, but is instead a deliberately inserted and well thought-through backdoor that is crafted into, and part of, the PA3 security system. We analysed other Microsemi/Actel products and found they all have the same deliberate backdoor. Those products include, but are not limited to: Igloo, Fusion and Smartfusion. The PA3 is heavily marketed to the military and industry and resides in some very sensitive and critical products. From Google searches alone we have found that the PA3 is used in military products such as weapons, guidance, flight control, networking and communications. In industry it is used in nuclear power plants, power distribution, aerospace, aviation, public transport and automotive products.
There is no China link to the backdoor yet.
The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Have gnu, will travel.
Fabs are expensive. The latest generation nodes cost billions of dollars to set up and billions more to run. If they aren't cranking chips out 24/7, they're literally costing money. Yes, I know it's hte military, but I'm sure people have a hard time justifying $10B every few years just to fab a few chips. One of the biggest developments in the 90s was the development of foundries that let anyone with a few tens of millions get in the game of producing chips rather than requiring billions in startup costs. Hence the startup of tons of fabless companies selling chips.
OK, another option is to buy a cheap obsolete fab and make chips that way - much cheaper to run, but we're also talking maybe 10+ year old technology, at which point the chips are going to be slower and take more power.
Also, building your own computer from the ground up is expensive - either you buy the designs of your servers from say, Intel, or design your own. If you buy it, it'll be expensive and probably require your fab to be upgraded (or you get stuck with an old design - e.g., Pentium (the original) - which Intel bought back from the DoD because the DoD had been debugging it over the decade). If you went with the older cheaper fab, the design has to be modified to support that technology (you cannot just take a design and run with it - you have to adapt your chip to the foundry you use).
If you roll your own, that becomes a support nightmare because now no one knows the system.
And on the taxpayer side - I'm sure everyone will question why youre spending billions running a fab that's only used at 10% capacity - unless you want the DoD getting into the foundry business with its own issues.
Or, why is the military spending so much money designing and running its own computer architecture and support services when they could buy much cheaper machines from Dell and run Linux on them?
Hell, even if the DoD had budget for that, some bean counter will probalby do the same so they can save money from one side and use it to buy more fighter jets or something.
30+ years ago, defense spending on electronics formed a huge part of the overall electronics spending. These days, defense spending is but a small fraction - it's far more lucrative to go after the consumer market than the military - they just don't have the economic clout they once had. End result is the miliary is forced to buy COTS ICs, or face stuff like a $0.50 chip costing easily $50 or more for same just because the military is a bit-player for semiconductors.
Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts, it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if they're caught.
These are not military chips. They are FPGAs that happen to be used occasionally for military apps. Most of them are sold for other, more commercially exploitable purposes.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
You are over thinking this. Pack the toner cartridge with Semtex and FedEx it to your target.
Have gnu, will travel.
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
That said, it's still pretty bad, because hardware does occasionally end up in the hands of unfriendlies (e.g., crashed drones). FPGAs like these are often used to run classified software radio algorithms with anti-jam and anti-interception goals, or to run classified cryptographic algorithms. If those algorithms can be extracted from otherwise-dead and disassembled equipment, that would be bad--the manufacturer's claim that the FPGA bitstream can't be extracted might be part of the system's security certification assumptions. If that claim is false, and no other counter-measures are place, that could be pretty bad.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing. Also, a backdoor inserted that way would have to co-exist peacefully with all the other functions of the FPGA, a significant challenge both from an intellectual standpoint and from a size/timing standpoint--the FPGA may just not have enough spare capacity or spare cycles. They tend to be packed pretty full, 'coz they're expensive and you want to use all the capacity you have available to do clever stuff.
In other news, voters clamor for an efficient government, but then are shocked when the government sources contracts to the lowest bidder.
*facepalm* Either pay for an expensive, inefficient government that props up corporations solely so that it has a national source for everything military, or shut the fuck up and pay China for its cheap crap.
Those who can, do. Those who can't, sue.
Wow. I didn't realize the Canadians were so good at spying.
Oh Canada!
Faster! Faster! Faster would be better!
Is this the most obvious consequence to outsourcing or what ? When you take seriously the notion that all that matters is the profitability of your largest campaign contributors, is not the inevitable result that Reality will teach you just how wrong you were?
For years some of us have been saying just this is exactly inevitable and before us, the previous generation were saying the same thing. All we got back was BS from the likes of Dan Griswold and the CATO Institute about what Luddites we were.
We don't make critical parts to our own weapon systems. We outsource to our most likely long term opponent. Why do we do that? So large campaign contributors can make obscene profits by advantaging themselves of cheap (but getting less cheap) labor.
Does this change anyone's mind about campaign finance reform? Is money still a form of speech? Anyone in Congress care to review Citizens United v FEC? Or do we have to wait until it's just too late?
These fabrication centers WERE running full time. Think about it, every radio, every o-scope, every computer that is not connected to the public internet, were all made right here in the U.S. At one of my duty stations, we had a server the size of 3 refrigerators that was fabricated in 1992. We used it as our backup server/router/gateway. All you had to do was turn on a switch and it did everything that we needed it to do. Plus we knew that there were no Chinese surprises in it.
They never ran their own computer architecture, in the late 80's and early 90's they were all SPARC-style computers with Solaris loaded on them (I believe they paid licensing fees, but don't quote me on that). Yes, some of those computers are still in use because they have been running for 15+ years. I know of a few that haven't even been rebooted since they were turned on in 1995. Most field systems (shelters on the back of a vehicle) still use these computers.
Also to consider, for performing the tasks a tactical field system needs to, they do not need a 8-core processor with 64GB of RAM and 4 GB of video memory. They need something that is rugged and can operate in 100+ degree environments while covered in sand (Air conditioners break all the time when it is hot as hell).
When I was in Iraq, the only things that broke were our Dell POS computers. I remember one time we had the SPARC machines running in a shelter with no air conditioning (except for the table fan I grabbed from my room). It was 130+ in that shelter and they ran just fine for the 3 hours it took to find a working AC. That's the kind of computers they need, and if it takes a few billion to put those in essential systems, I have no problem with it. Better than the other BS the government spends their money on.
sudo make me a sandwich
So when you guys bug Boeing jets and backdoor Microsoft Windows, this is all well and good, but there might be a backdoor in a Chinese made chip, and it's pitchforks and torches?
As usual the Western hypocrisy reveals itself again. But of course, just like in a sports match, your team has never committed a foul, while everything the other team does is a foul?
FPGAs commonly protect user-code with encryption. An encryption engine is included in the silicon to which the user has limited access to crypto=keys with which to encrypt the code that is installed in ROM/Flash.
A number of attacks are known against microcontrollers/FPGAs that secure code with encryption - notably differential power analysis (DPA) which works by connecting a current probe to the chip, and collecting measurememnts of energy consumption as the device performs an authentication operation. By carefully, measuring power traces over thousands of authentication operations, statistical analysis can reveal clues about the internal secret keys; potentially allowing recovery of the key within useful periods of times (minutes to hours).
These secure FPGAs contain a heavily obfuscated hardware crypto-engine, with lots of techniques to obstruct DPA (deliberately unstable clocks, heavy on-chip RC power filtering, random delay stages in the pipeline, multiple "dummy" circuits so that an operation which would normally require fewer transistors than an alternative, has its transistor count increased, etc.). The idea being that these countermeasures reduce the DPA signal and increase the amount of noise, making recovery of useful statistics impractical. In their papers, this group admit that the PA3 FPGAs are completely impervious to DPA, with no statistical clues obtained even after weeks of testing.
This group have developed a new technique which they call PEA which is a much more sensitive technique. It involves extracting the FPGA die, and mapping the circuits on it - e.g. using high-resolution infra-red thermography during device operation to identify "interesting" parts of the die by heat production under certain tasks - e.g. caches, crypto pipelines, etc. Having identified interesting areas of the die, an infra-red microscope with photon counter is focused on the relevant circuit area. As it happens, transistors glow when switched, emitting approx 0.001 photons per switching operation. The signal from the photon counter is therefore analogous to the DPA signal, but with a much, much stronger signal-to-noise ratio, allowing statistical analysis with far fewer tries. The group claim the ability to extract the keys from such a secure FPGA in a few minutes of probing with authentication requests.
The researchers claim to have found the backdoor, by fuzzing the debug/programming interface, and finding an undocumented command that appeared to trigger a cryptographic authentication. By using their PEA technique against this command, they were able to extract the authentication key, and were able to open the backdoor, finding they were able to directly manipulate protected parameters of the chip.
Well, surprise! Surprise! Surprise!
Of course, it's all about defense industry profits, not actual defense. As long as defense contractors are allowed to outsource components, or must purchase offshore components, this is going to happen, and with increasing frequency. The Chinese are not stupid and can spot an obvious attack vector. Even if they have no immediate plans to use these backdoors, they'd be foolish NOT to put them in. And since the government and industry are so intertwined in China, you have a near guarantee that this strategy will be used.
Not that this is a secret to the US military. It's just that nobody with decision making power in the USA actually gives a crap about the USA anymore. If you're wealthy enough, you can live anywhere. If a war breaks out, you can bet all the rich lobbyists, ex-military brass, subcontractors and subcontractors will rapidly relocate somewhere safe, leaving the poor and the stupid on both sides to slaughter each other.
Please do not read this sig. Thank you.
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing.
As someone else mentioned in another post, physical access can be a bit of a misnomer. Technically all that is required is for a computer to be connected via the JTAG interface in order to exploit this. This might be a diagnostic computer for example. If that diagnostic computer were to be infected with a targeted payload, there is your physical access.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html
Bogus story: no Chinese backdoor in military chip
"Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.
Furthermore, the Actel ProAsic3 FPGA chip isn't fabricated in China at all !!
Muchas Gracias, Señor Edward Snowden !
If you had RTFA, you would have seen that this chip also has JTAG and that this backdoor precisely breaches the documented and promised limitations of JTAG against seeing embedded crypto keys.
Imagine you have a crypto device; you want users to be able to program in new keys and then send it out into the field which you do over the JTAG interface. You then don't want captured crypto devices to give away the keys. This device promises that it will do that for you. This backdoor breaks that promise.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();