Jim,

Part of my problem is that Altera has kept it a secret how to set the
key bits.

Without that knowledge, I can not program a device, in order to crack it.

So, I guess I will have to buy some parts from those trusting ASSP vendors.

Austin

Austin Lesea wrote:
> Jim,
>
> No, I have not cracked the Altera chip. I have received emails from
> schools and universities who wish to crack it. These are the same
> schools that have published successful smart card attacks.
>
> My quote of $5,000 is what we pay to have a device ground down on the
> backside such that we can do analysis on a device.
>
> For another $5,000, one can get up to three or four FIB cuts, and a
> couple of jumper wires.
>
> The IEEE paper clearly discusses the technology, and what happens when
> the fuse has all of its ions electromigrated to the other end, leaving
> intrinsic silicon poly, which has a different index of refraction that
> the poly with the ions.
>
> There are difficulties. Find the fuses, read the values, and then
> figure out what (if any)logic may be present to confuse the key bits.
>
> That is why the Actel via fuses are considered much better (harder to
> find, and read).
>
> None the less, the attack is not 2E128 as the NIST standard implies (the
> one they claim to meet FIPS 197, definition of AES 128, 256, 384 and
> 512). Sure the algorithm is a AES 128 one, but with knowledge of all
> the fuse contents, the search space is lessened such that in maybe
> twenty minutes or so of permutations on the key bits, you have the
> device unlocked (bitstream is now in the clear on your computer, and
> ready for cloning, reverse engineering, etc.)
>
> No one has reverse engineered a bitstream for Xilinx or Altera, as far
> as we know, on a large device. But that doesn't mean that someone could
> not make specific modifications to an existing bitstream (change IO
> location, drive strength, etc.) without having to know the whole design.
>
> The question is not one of can I crack it (I believe I can), but one of
> a ASSP vendor deciding to place their IP in a component that is not in
> compliance with FIPS 140-2. Very, very simple.
>
> For reference:
> http://ieeexplore.ieee.org/xpl/freea...number=1493126
>
> Remember that any attack that is successful removes the security
> forever. So, do you want to use something where there are known ways to
> crack it? Or, do you want to use something that today there is no known
> method of cracking?
>
> For example, finding the battery backed key has been something that has
> been tried and been unsuccessful. Then we were attacked with
> differential power attacks (DPA). So far, those have been unsuccessful
> as well. As an aside, DPA attacks of ASIC AES has been successful!
>
> Yet another example of how a FPGA can actually be superior to an ASIC
> solution.
>
> I will be giving a talk on security in V4 and V5 soon, so watch for the
> announcements.
>
> Just as an aside, the coin cell lithium battery vendors have informed me
> that for my use, the battery will last "forever." Since we hold the key
> down to Vbatt voltages of much less than 1 volt, and the coin cell
> starts out life at over 3 volts, and the stated 15 year life is to
> discharge to 2 volts, we will last multiples of 15 years. So the
> "terrible battery problem" is no big issue.
>
> Set top cable boxes use a lithium battery to store the keys. Cable
> companies aren't stupid: they would not use a battery unless there was
> a good reason. After all, they make millions of set top boxes. All
> they protect is a few movies, and yet they feel that following FIPS
> 140-2 is the only safe way to go (as everything else has been hacked).
>
> We are examining how to use efuses. I can not say anything right now,
> except I think there are going to be very useful, and helpful. They can
> be used for device ID, matching a key to a device, factory information
> (lot, wafer, serial numbers), control of internal circuits (set
> currents, voltages, etc. to get around process variations), repair
> faults by substituting redundant features...long long list. And, of
> course, to hold a key for those who only have a $5,000 or less secret to
> protect.
>
> How much efuse memory should be for the user? How much for the
> customer? Unlike my friend, the questions we ask are pretty detailed,
> and we are very careful about what we do.
>
> Austin
>
>
> Jim Granville wrote:
>> Austin Lesea wrote:
>>> What is missing from all those press releases:
>>>
>>> *Disclaimer: non-volatile poly-efuse EM technology can be read out by a
>>> microscope using polarized light for a total investment of less than
>>> $5,000
>> .. and that may not quite be the open door you paint.
>>
>> Have _you_actually_cloned_ a/any device for $5000, or is this more
>> generic "Austin Arm waving" ?
>>
>> [Until Xilinx have non volatile fuses, then the spin will change ? ]
>>
>> Being able to read the physical fuses is some way from being able to
>> duplicate them, or reverse the key those fuses create.
>> It is not likely that Altera simply mapped Fuse1 = Encryption bit1, etc.
>>
>> So, to descramble that, will need a LOT of devices, and much more time....
>>
>> With fully volatile security, yes, the code within is secure,
>> but the system is _very_ open to spoofing type attacks, so again
>> security can be a mirage....
>>
>> -jg
>>