Scientist prepares paper for CHES conference - with a little over-the-top wording in the _draft_. Paper is leaked to the internet and blown out of proportion.
It's still interesting reading. Maybe Microsemi will finally listen to these guys and stop using the same password for the backdoor in _all_ of the following chips: "all ProASIC3, Igloo, Fusion and SmartFusion FPGAs" [1]
Ok and PEA is just their patented method of automating differential power analysis using a test jig - it does the repetitive process using a microcontroller and some sensors instead of doing it after sampling everything with an o-scope. It's a good idea and they have worked out the fiddly little details... but a pretty simple concept.
Okay, but if I am reading correctly, the original post talks about access over the internet due to designed remote upgrade abilities while the URL provided for the entrust.com article says physical access is required.
This parent post looks like a much more thorough threat to me, depending on where the chips are used...
It's still interesting reading. Maybe Microsemi will finally listen to these guys and stop using the same password for the backdoor in _all_ of the following chips: "all ProASIC3, Igloo, Fusion and SmartFusion FPGAs" [1]
Ok and PEA is just their patented method of automating differential power analysis using a test jig - it does the repetitive process using a microcontroller and some sensors instead of doing it after sampling everything with an o-scope. It's a good idea and they have worked out the fiddly little details... but a pretty simple concept.
[1] http://www.cl.cam.ac.uk/%7Esps32/microsemi_re.pdf