Microsemi denies it put a backdoor in chips

US chip manufacturer Microsemi has denied allegations by a University of Cambridge researcher that it placed a backdoor in chips sold for military applications.

US chip manufacturer Microsemi has denied allegations by a University of Cambridge researcher that it placed a backdoor in chips sold for military applications.

The most recent work of University of Cambridge PhD candidate Sergei Skorobogatov, which involved examining backdoors in silicon chips, was thrown into the limelight last month, when rumours surfaced that China had placed a backdoor into Microsemi/Actel ProASIC3 chips that may be used by the US military. The rumours were quickly squashed, with Skorobogatov telling ZDNet Australia that it was actually Microsemi/Actel that had placed the backdoor in the chip that he discovered.

Skorobogatov claimed that he was able to extract a key from the chip to disable or reprogram it. In a statement, Microsemi said it was unable to confirm or deny these claims, since Skorobogatov never contacted the company about it. Since the company didn't know what equipment or methods he used, it was unable to independently verify the vulnerability.

The company did, however, reject Skorobogatov's claims that it had intentionally inserted a backdoor.

"Microsemi can confirm that there is no designed feature that would enable the circumvention of the user security," the company wrote.

Debate over whether the JTAG debugging interface is a backdoor no longer appears to be relevant, with Microsemi stating that "the internal test facility is disabled in all shipped devices".

"In addition, Microsemi's customers who are concerned about the possibility of a hacker using [differential power analysis] have the ability to program their FPGA [field-programmable gate array] with its highest level of security settings. This security setting will disable the use of any type of passcode to gain access to all device configurations, including the internal test facility."

The question now remains as to how Skorobogatov gained access to the supposedly disabled test facility. Part of the answer could come from the fact that Skorobogatov did not use the military-grade chips, as he originally claimed.

"Because military parts are not publicly sold, we cannot comment [on] our results on them, but for the publication results, we chose A3P250 industrial device, because it behaves in the similar way as military-grade parts," he wrote on his website.

Skorobogatov, meanwhile, stands by his dictionary definition of what a backdoor is — "an undocumented way to get access to a computer system or the data it contains" — but has stated that Microsemi simply may not have known what Actel's design house had done before it bought the company.

"It is very likely the design house being involved. At the time, when the chips were developed (2002-05), it was Actel. In 2010, Microsemi took it over and we do not know if Microsemi was aware of any backdoors in Actel products."

Actel's own security papers (PDF), written prior to the company being acquired by Microsemi , certainly describe chips that are based on the same technology and that contain a backdoor, and state that locking the chip may not be enough.

ZDNet Australia contacted Microsemi on whether Actel's previous research is still applicable, but had not received a response at the time of writing.