Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Authentication and Confidentiality in FPGA-Based Clouds Kapitel lesen Erstes Kapitel lesen

2024 | OriginalPaper | Buchkapitel

5. Practical Implementations of Remote Power Side-Channel and Fault-Injection Attacks on Multitenant FPGAs

verfasst von : Dina G. Mahmoud, Ognjen Glamočanin, Francesco Regazzoni, Mirjana Stojilović

Erschienen in: Security of FPGA-Accelerated Cloud Computing Environments

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Cloud computing environments increasingly provision FPGAs because of their fine-grained, highly parallel, and flexible hardware architecture. The availability of FPGAs in the cloud fueled research on the security risks associated with exposing FPGA fabric to remote users. The most notable result is the discovery that remote access to cloud FPGAs presents an entirely new attack surface: that of remotely executed electrical-level attacks, which leverage shared power-delivery networks (PDNs). Two types of threats stand out: power analysis and fault-injection attacks. This chapter begins with a description of the corresponding threat models. Then, it elaborates on the practical implementations of the attacks in two steps. In the first, the FPGA circuits able to pick up a secret signal from the shared PDN (i.e., on-chip voltage-drop sensors) or inject a disturbance into it (i.e., power wasters) are presented. In the second, the experimental results of attacks on various FPGA boards, including data center acceleration cards, are shown and discussed. Finally, to facilitate future research, the implementations of a selection of the FPGA circuits enabling the attacks are shared as open source.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Remote Physical Attacks on FPGAs at the Electrical Level
Nächstes Kapitel Contention-Based Threats Between Single-Tenant Cloud FPGA Instances
Literatur
1.
2.
Ahmed, I., Shen, L. L., & Betz, V. (2020). Optimizing FPGA logic circuitry for variable voltage supplies. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 28(4), 890–903.CrossRef
3.
Ahmed, M. K., Mandebi, J., Saha, S. K., & Bobda, C. (2022). Multi-tenant cloud FPGA: A survey on security. arXiv.
4.
5.
6.
Azouaoui, M., Poussier, R., Standaert, F., & Verneuil, V. (2019). Key enumeration from the adversarial viewpoint. In 18th smart card research and advanced applications conference (CARDIS 2019) (pp. 252–67). Springer, Prague.
7.
8.
Bobda, C., Mbongue, J. M., Chow, P., Ewais, M., Tarafdar, N., Vega, J. C., Eguro, K., Koch, D., Handagala, S., Leeser, M., et al. (2022). The future of FPGA acceleration in datacenters and the cloud. ACM Transactions on Reconfigurable Technology and Systems, 15(3), 1–42.CrossRef
9.
Brier, E., Clavier, C., & Olivier, F. (2004). Correlation power analysis with a leakage model. In Cryptographic hardware and embedded systems—CHES ’04 (pp. 16–29). Springer, Cambridge.CrossRef
10.
Cezary, G., Vincent, G., Romain, P., Joachim, S., & François-Xavier, S. (2015). Simpler and more efficient rank estimation for side-channel security assessment. In International workshop on fast software encryption (pp. 117–29). Istanbul, Turkey.
11.
12.
Elnaggar, R., Chaudhur, J., Karri, R., & Chakrabarty, K. (2022). Learning malicious circuits in FPGA bitstreams. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 42(3), 726–39.CrossRef
13.
14.
15.
Giechaskiel, I., Rasmussen, K. B., & Szefer, J. (2020). C3APSULe: Cross-FPGA covert-channel attacks through power supply unit leakage. In 2020 IEEE symposium on security and privacy (pp. 1728–41). IEEE, San Francisco.
16.
Glamočanin, O., Coulon, L., Regazzoni, F., & Stojilović, M. (2020). Are cloud FPGAs really vulnerable to power analysis attacks? In Design, Automation and Test in Europe Conference and Exhibition (DATE) (pp. 1–4). IEEE, Grenoble.
17.
Glamočanin, O., Kostić, A., Kostić, S., & Stojilović, M. (2023). Active wire fences for multitenant FPGAs. In 26th international symposium on design and diagnostics of electronic circuits systems (DDECS) (pp. 13–20). IEEE, Tallinn.
18.
19.
Gnad, D. R., Oboril, F., & Tahoori, M. B. (2017). Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Proceedings of the 27th international conference on field-programmable logic and applications (FPL) (pp. 1–7). IEEE, Ghent.
20.
Gnad, D. R. E., Nguyen, C. D. K., Gillani, S. H., & Tahoori, M. B. (2021). Voltage-based covert channels using FPGAs. ACM Transactions on Design Automation of Electronic Systems, 26(6), 1–25.CrossRef
21.
Gnad, D. R. E., Oboril, F., Kiamehr, S., & Tahoori, M. B. (2016). Analysis of transient voltage fluctuations in FPGAs. In 2016 international conference on field-programmable technology (FPT) (pp. 12–19). IEEE, Xi’an.
22.
Gravellier, J., Dutertre, J. M., Teglia, Y., & Loubet-Moundi, P. (2019). High-speed ring oscillator based sensors for remote side-channel attacks on FPGAs. In 2019 international conference on ReConFigurable computing and FPGAs (ReConFig) (pp. 1–8). IEEE, Cancun.
23.
Gravellier, J., Dutertre, J. M., Teglia, Y., Loubet-Moundi, P., & Olivier, F. (2019). Remote side-channel attacks on heterogeneous SoC. In 18th smart card research and advanced applications conference (CARDIS 2019) (pp. 109–25). Springer, Prague.
24.
Gross, M., Krautter, J., Gnad, D., Gruber, M., Sigl, G., & Tahoori, M. (2023). FPGANeedle: Precise remote fault attacks from FPGA to CPU. In Proceedings of the 28th Asia and South Pacific design automation conference (pp. 358–64). ACM, Tokyo.CrossRef
25.
Hoozemans, J., Peltenburg, J., Nonnemacher, F., Hadnagy, A., Al-Ars, Z., & Hofstee, H. P. (2021). FPGA acceleration for big data analytics: Challenges and opportunities. IEEE Circuits and Systems Magazine, 21(2), 30–47.CrossRef
26.
27.
Hu, W., Zhang, L., Ardeshiricham, A., Blackston, J., Hou, B., Tai, Y., & Kastner, R. (2017). Why you should care about don’t cares: Exploiting internal don’t care conditions for hardware Trojans. In 2017 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 707–13). Irvine, CA, USA.
28.
29.
30.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology—CRYPTO ’99 (pp. 387–97). Santa Barbara, CA, USA.
31.
Korczyc, J., & Krasniewski, A. (2012). Evaluation of susceptibility of FPGA-based circuits to fault injection attacks based on clock glitching. In 15th international symposium on design and diagnostics of electronic circuits systems (DDECS) (pp. 171–74). IEEE, Talinn.
32.
Krautter, J., Gnad, D. R. E., Schellenberg, F., Moradi, A., & Tahoori, M. B. (2019). Active fences against voltage-based side channels in multi-tenant FPGAs. In 2019 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 1–8). Westminster, CO, USA.
33.
Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2018). FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 44–68.CrossRef
34.
Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2019). Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud. ACM Transactions on Reconfigurable Technology and Systems, 12(3), 1–26.CrossRef
35.
La, T., Pham, K. D., Powell, J., & Koch, D. (2021). Denial-of-service on FPGA-based cloud infrastructures—attack and defense. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 441–464.CrossRef
36.
La, T. M., Matas, K., Grunchevski, N., Pham, K. D., & Koch, D. (2020). FPGADefender: Malicious self-oscillator scanning for Xilinx UltraScale + FPGAs. ACM Transactions on Reconfigurable Technology and Systems, 13(3), 15:1–15:31.
37.
Lee, W., Wang, Y., Cui, T., Nazarian, S., & Pedram, M. (2014). Dynamic thermal management for FinFET-based circuits exploiting the temperature effect inversion phenomenon. In Proceedings of the 2014 international symposium on low power electronics and design (pp. 105–10). ACM, La Jolla California.CrossRef
38.
Li, H., Tang, Y., Que, Z., & Zhang, J. (2022). FPGA accelerated post-quantum cryptography. IEEE Transactions on Nanotechnology, 21, 685–691.CrossRef
39.
Luo, Y., Gongye, C., Fei, Y., & Xu, X. (2021). DeepStrike: Remotely-guided fault injection attacks on DNN accelerator in cloud-FPGA. In 58th ACM/IEEE design automation conference (DAC) (pp. 295–300). San Francisco, CA, USA.
40.
Luo, Y., & Xu, X. (2020). A quantitative defense framework against power attacks on multi-tenant FPGA. In Proceedings of the 39th international conference on computer-aided design (pp. 1–9). ACM, New York.CrossRef
41.
Mahmoud, D., & Stojilović, M. (2019). Timing violation induced faults in multi-tenant FPGAs. In Design, automation and test in europe conference and exhibition (DATE) (pp. 1745–50). IEEE, Florence.
42.
Mahmoud, D. G., Dervishi, D., Hussein, S., Lenders, V., & Stojilović, M. (2022). DFAulted: Analyzing and exploiting CPU software faults caused by FPGA-driven undervolting attacks. IEEE Access, 10(134), 199–216.
43.
Mahmoud, D. G., Hu, W., & Stojilović, M. (2020). X-attack: Remote activation of satisfiability don’t-care hardware Trojans on shared FPGAs. In Proceedings of the 30th international conference on field-programmable logic and applications (FPL) (pp. 185–92). IEEE, Gothenburg.
44.
Mahmoud, D. G., Hussein, S., Lenders, V., & Stojilović, M. (2022). FPGA-to-CPU undervolting attacks. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 999–1004). IEEE, Virtual Event.
45.
Mahmoud, D. G., Lenders, V., & Stojilović, M. (2022). Electrical-level attacks on CPUs, FPGAs, and GPUs: Survey and implications in the heterogeneous era. ACM Computing Surveys, 55(3), 1–40.CrossRef
46.
Mangard, S., Oswald, E., & Popp, T. (2007). Power analysis attacks—revealing the secrets of smart cards. Springer, New York.
47.
Martín, H., Korak, T., Millán, E. S., & Hutter, M. (2015). Fault attacks on STRNGs: Impact of glitches, temperature, and underpowering on randomness. IEEE Transactions on Information Forensics and Security, 10(2), 266–277.CrossRef
48.
Matas, K., La, T. M., Pham, K. D., & Koch, D. (2020). Power-hammering through glitch amplification—attacks and mitigation. In 28th annual international symposium on field-programmable custom computing machines (FCCM) (pp. 65–69). IEEE, Fayetteville.
49.
Mirzargar, S. S., Renault, G., Guerrieri, A., & Stojilović, M. (2020). Nonintrusive and adaptive monitoring for locating voltage attacks in virtualized FPGAs. In IEEE international conference on field programmable technology (FPT) (pp. 1–2). IEEE, Maui.
50.
Moini, S., Deric, A., Li, X., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2022). Voltage sensor implementations for remote power attacks on FPGAs. ACM Transactions on Reconfigurable Technology and Systems, 16(1), 1–21.CrossRef
51.
Moini, S., Li, X., Stanwicks, P., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2020). Understanding and comparing the capabilities of on-chip voltage sensors against remote power attacks on FPGAs. In 63rd International midwest symposium on circuits and systems (MWSCAS) (pp. 941–44). IEEE, Springfield.
52.
Moini, S., Tian, S., Holcomb, D., Szefer, J., & Tessier, R. (2021). Remote power side-channel attacks on BNN accelerators in FPGAs. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 1639–44). IEEE.
53.
Nassar, H., AlZughbi, H., Gnad, D. R. E., Bauer, L., Tahoori, M. B., & Henkel, J. (2021). LoopBreaker: Disabling interconnects to mitigate voltage-based attacks in multi-tenant FPGAs. In 2021 IEEE/ACM international conference on computer aided design (ICCAD) (pp. 1–9). Munich, Germany.
54.
Örs, S. B., Oswald, E., & Preneel, B. (2003). Power-analysis attacks on an FPGA—first experimental results. In Conference on cryptographic hardware and embedded systems (CHES) (pp. 35–50). Springer, Cologne.CrossRef
55.
Papagiannopoulos, K., Glamočanin, O., Azouaoui, M., Ros, D., Regazzoni, F., & Stojilović, M. (2023). The side-channel metrics cheat sheet. ACM Computing Surveys, 55(10), 1–38.CrossRef
56.
Provelengios, G., Holcomb, D., & Tessier, R. (2019). Characterizing power distribution attacks in multi-user FPGA environments. In Proceedings of the 29th international conference on field-programmable logic and applications (FPL) (pp. 194–201). IEEE, Barcelona.
57.
Provelengios, G., Holcomb, D., & Tessier, R. (2020). Power wasting circuits for cloud FPGA attacks. In Proceedings of the 30th international conference on field-programmable logic and applications (FPL) (pp. 231–35). IEEE, Gothenburg.
58.
Regazzoni, F., Yi, W., & Standaert, F. X. (2011). FPGA implementations of the AES masked against power analysis attacks. In Proceedings of 2nd international workshop on constructive side-channel analysis and secure design (COSADE) (pp. 1–11). Darmstadt, Germany.
59.
Rodgers, J. L., & Nicewander, W. A. (1988). Thirteen ways to look at the correlation coefficient. The American Statistician, 42(1), 59–66.CrossRef
60.
Salman, E., Dasdan, A., Taraporevala, F., Kucukcakar, K., & Friedman, E. G. (2007). Exploiting setup-hold-time interdependence in static timing analysis. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 26(6), 1114–1125.CrossRef
61.
62.
Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). An inside job: Remote power analysis attacks on FPGAs. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 1111–1116). IEEE, Dresden.
63.
Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). Remote inter-chip power analysis side-channel attacks at board-level. In 2018 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 114:1–114:7). New York.
64.
Shawahna, A., Sait, S. M., & El-Maleh, A. (2019). FPGA-based accelerators of deep learning networks for learning and classification: A review. IEEE Access, 7, 7823–7859.CrossRef
65.
Spielmann, D., Glamočanin, O., & Stojilović, M. (2023). RDS: FPGA routing delay sensors for effective remote power analysis attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(2), 543–67.
66.
Tian, S., Moini, S., Wolnikowski, A., Holcomb, D., Tessier, R., & Szefer, J. (2021). Remote power attacks on the versatile tensor accelerator in multi-tenant FPGAs. In Proceedings of the international symposium on field-programmable custom computing machines (FCCM).
67.
Tiri, K., & Verbauwhede, I. (2004). A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 246–51). Paris, France.CrossRef
68.
Wu, J. (2010). Several key issues on implementing delay line based TDCs using FPGAs. IEEE Transactions on Nuclear Science, 57(3), 1543–1548.MathSciNetCrossRef
69.
70.
Yeap, G. K. (2012). Practical low power digital VLSI design. Springer Science and Business Media, Berlin.
71.
Zhao, M., & Suh, G. E. (2018). FPGA-based remote power side-channel attacks. In 2018 IEEE symposium on security and privacy (pp. 805–820). IEEE, San Francisco.CrossRef
72.
Zhu, H., Guo, X., Jin, Y., & Zhang, X. (2020). PowerScout: A security-oriented power delivery network modeling framework for cross-domain side-channel analysis. In Asian hardware oriented security and trust symposium (AsianHOST) (1–6). IEEE.
73.
Zick, K. M., Srivastav, M., Zhang, W., & French, M. (2013). Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In Proceedings of the 21st ACM/SIGDA international symposium on field-programmable gate arrays (FPGA) (pp. 101–104). Monterey, CA, USA.
74.
Zussa, L., Dutertre, J. M., Clédière, J., & Robisson, B. (2014). Analysis of the fault injection mechanism related to negative and positive power supply glitches using an on-chip voltmeter. In International symposium on hardware-oriented security and trust (HOST) (pp. 130–35). IEEE, Arlington.
75.
Metadaten
Titel
Practical Implementations of Remote Power Side-Channel and Fault-Injection Attacks on Multitenant FPGAs
verfasst von
Dina G. Mahmoud
Ognjen Glamočanin
Francesco Regazzoni
Mirjana Stojilović
Copyright-Jahr
2024
Buch
Security of FPGA-Accelerated Cloud Computing Environments

Print ISBN: 978-3-031-45394-6

Electronic ISBN: 978-3-031-45395-3

Copyright-Jahr: 2024

DOI
https://doi.org/10.1007/978-3-031-45395-3_5

Neuer Inhalt

    Bildnachweise