nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

4. Remote Physical Attacks on FPGAs at the Electrical Level

verfasst von : Dennis R. E. Gnad, Jonas Krautter, Mehdi B. Tahoori

Erschienen in: Security of FPGA-Accelerated Cloud Computing Environments

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This chapter discusses recent physical attacks on FPGAs, which can also be performed remotely from within the FPGA itself. Such attacks can be executed despite established secure isolation at the digital level. Although FPGAs are meant to implement digital logic, their underlying physical circuit properties can be exploited to implement special circuitry that is either sensitive to the data-dependent on-chip voltage fluctuations or can influence them. These capabilities break all previous assumptions on how secure FPGA virtualization can be implemented and lift physical fault and power analysis attacks from a local to a potentially remote attacker. This new attack type has implications on orders of magnitude more users, particularly in cloud platforms. To address this novel threat, this chapter presents countermeasures that can be deployed from the perspective of a cloud hypervisor.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Efficient and Secure Encryption for FPGAs in the Cloud

Nächstes Kapitel Practical Implementations of Remote Power Side-Channel and Fault-Injection Attacks on Multitenant FPGAs

Amazon EC2 F1 Instances. https://aws.amazon.com/ec2/instance-types/f1/.

Alam, M. M., Tajik, S., Ganji, F., Tehranipoor, M., & Forte, D. (2019). RAM-Jam: remote temperature and voltage fault attack on FPGAs using memory collisions. In Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (pp. 48–55). https://doi.org/10.1109/FDTC.2019.00015.

Bete, N., Saqib, F., Patel, C., Robucci, R., & Plusquellic, J. (2019). Side-channel power resistance for encryption algorithms using dynamic partial reconfiguration (SPREAD). In International Symposium on Hardware Oriented Security and Trust (HOST).

Boneh, D., DeMillo, R. A., & Lipton, R. J. (1997). On the importance of checking cryptographic protocols for faults. In Advances in Cryptology — EUROCRYPT ’97 (pp. 37–51). Berlin, Heidelberg: Springer. https://doi.org/10.1007/3-540-69053-0_4.CrossRef

Chen, H., Chen, Y., & Summerville, D. H. (2010). A survey on the application of FPGAs for network infrastructure security. IEEE Communications Surveys & Tutorials,13(4), 541–561.CrossRef

Cnudde, T. D., Ender, M., & Moradi, A. (2018). Hardware masking, revisited. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), 2018(2), 123–148.CrossRef

De Schryver, C. (2015). FPGA based accelerators for financial applications (vol. 10). Springer.

Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. T. M. (2008). On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme. In D. Wagner (Ed.), Advances in cryptology – CRYPTO 2008 (pp. 203–220). Berlin, Heidelberg: Springer.CrossRef

Fahmy, S. A., Vipin, K., & Shreejith, S. (2015). Virtualized FPGA accelerators for efficient cloud computing. In CloudCom (pp. 430–435). IEEE Computer Society.

10.

Giechaskiel, I., Rasmussen, K., & Szefer, J. (2019). Reading between the dies: cross-SLR covert channels on multi-tenant cloud FPGAs. In IEEE International Conference on Computer Design (ICCD).

11.

Giechaskiel, I., Rasmussen, K. B., & Szefer, J. (2020). C\({ }^3\)APSULe: cross-FPGA covert-channel attacks through power supply unit leakage. In Symposium on Security and Privacy (S&P) (pp. 1728–1741). IEEE. https://doi.org/10.1109/SP40000.2020.00070.

12.

Glamočanin, O., Coulon, L., Regazzoni, F., & Stojilović, M. (2020). Are cloud FPGAs really vulnerable to power analysis attacks? In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1007–1010). IEEE.

13.

Gnad, D. R. E., Oboril, F., Kiamehr, S., & Tahoori, M. B. (2018). An experimental evaluation and analysis of transient voltage fluctuations in FPGAs. IEEE Transactions on Very Large Scale Integration (VLSI) Systems,26(10), 1817–1830. https://doi.org/10.1109/TVLSI.2018.2848460.CrossRef

14.

Gnad, D. R. E., Oboril, F., & Tahoori, M. B. (2017). Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Field Programmable Logic and Applications (FPL) (pp. 1–7). IEEE. https://doi.org/10.23919/fpl.2017.8056840.

15.

Gnad, D. R. E., Rapp, S., Krautter, J., & Tahoori, M. B. (2018). Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In International Conference on Field-Programmable Technology (ICFPT). Naha, Japan: IEEE.

16.

Gnad, D. R. E., Schellenberg, F., Krautter, J., Moradi, A., & Tahoori, M. B. (2020). Remote electrical-level security threats to multi-tenant FPGAs. IEEE Design Test. https://doi.org/10.1109/MDAT.2020.2968248.

17.

Huffmire, T., Brotherton, B., Wang, G., Sherwood, T., Kastner, R., Levin, T., Nguyen, T., & Irvine, C. (2007). Moats and drawbridges: an isolation primitive for reconfigurable hardware based systems. In Symposium on Security and Privacy (S&P). IEEE.

18.

Intel Corporation. (2017). Intel FPGAs Power Acceleration-as-a-Service for Alibaba Cloud — Intel Newsroom. https://newsroom.intel.com/news/intel-fpgas-power-acceleration-as-a-service-alibaba-cloud.

19.

Jayasinghe, D., Ignjatovic, A., & Parameswaran, S. (2021). UCloD: small clock delays to mitigate remote power analysis attacks. IEEE Access,9, 108,411–108,425. https://doi.org/10.1109/ACCESS.2021.3100618.CrossRef

20.

Kamoun, N., Bossuet, L., & Ghazel, A. (2009). Correlated power noise generator as a low cost DPA countermeasures to secure hardware AES cipher. In: International Conference on Signals, Circuits and Systems (SCS). IEEE.

21.

Khawaja, A., Landgraf, J., Prakash, R., Wei, M., Schkufza, E., & Rossbach, C. J. (2018). Sharing, protection, and compatibility for reconfigurable fabric with AmorphOS. In USENIX Symposium on Operating Systems Design and Implementation (OSDI) (pp. 107–127).

22.

Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology — CRYPTO’ 99 (pp. 388–397). Berlin, Heidelberg: Springer. https://doi.org/10.1007/3-540-48405-1_25.CrossRef

23.

Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2021). Remote and stealthy fault attacks on virtualized FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1632–1637). https://doi.org/10.23919/DATE51398.2021.9474140.

24.

Krautter, J., Gnad, D., & Tahoori, M. (2020). CPAmap: On the complexity of secure FPGA virtualization, multi-tenancy, and physical design. IACR Transactions on Cryptographic Hardware and Embedded Systems,2020(3), 121–146. https://doi.org/10.13154/tches.v2020.i3.121-146.CrossRef

25.

Krautter, J., Gnad, D. R. E., Schellenberg, F., Moradi, A., & Tahoori, M. B. (2019). Active fences against voltage-based side channels in multi-tenant FPGAs. In International Conference on Computer-Aided Design (ICCAD). ACM.

26.

Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2018). FPGAhammer: remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES),2018(3), 44–68.CrossRef

27.

Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2019). Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud. ACM Transactions on Reconfigurable Technology and Systems (TRETS),12(3). https://doi.org/10.1145/3328222.

28.

Krautter, J., & Tahoori, M. B. (2021). Neural networks as a side-channel countermeasure: challenges and opportunities. In Symposium on VLSI (ISVLSI) (pp. 272–277). IEEE Computer Society. https://doi.org/10.1109/ISVLSI51109.2021.00057.

29.

La, T. M., Matas, K., Grunchevski, N., Pham, K. D., & Koch, D. (2020). FPGADefender: malicious self-oscillator scanning for Xilinx UltraScale + FPGAs. ACM Transactions on Reconfigurable Technology and Systems,13(3). https://doi.org/10.1145/3402937.

30.

Luo, Y., & Xu, X. (2020). A quantitative defense framework against power attacks on multi-tenant FPGA. In International Conference On Computer Aided Design (ICCAD) (pp. 1–4). IEEE/ACM.

31.

Mahmoud, D., & Stojilović, M. (2019). Timing violation induced faults in multi-tenant FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1745–1750). IEEE.

32.

Malkin, T. G., Standaert, F. X., & Yung, M. (2006). A comparative cost/security analysis of fault attack countermeasures. In Fault Diagnosis and Tolerance in Cryptography (FDTC) (pp. 159–172). Berlin, Heidelberg: Springer.CrossRef

33.

Masle, A. L., & Luk, W. (2012). Detecting power attacks on reconfigurable hardware. In Field Programmable Logic and Applications (FPL) (pp. 14–19). IEEE. https://doi.org/10.1109/FPL.2012.6339235.

34.

Matas, K., La, T. M., Pham, K. D., & Koch, D. (2020). Power-hammering through Glitch amplification – attacks and mitigation. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. 65–69). https://doi.org/10.1109/FCCM48280.2020.00018.

35.

McEvoy, R. P., Murphy, C. C., Marnane, W. P., & Tunstall, M. (2009). Isolated WDDL: A hiding countermeasure for differential power analysis on FPGAs. ACM Transactions on Reconfigurable Technology and Systems (TRETS),2(1).

36.

Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. Transactions on Computers,51(5), 541–552.MathSciNetCrossRef

37.

Mirzargar, S. S., Renault, G., Guerrieri, A., & Stojilović, M. (2020). Nonintrusive and adaptive monitoring for locating voltage attacks in virtualized FPGAs. In International Conference on Field-Programmable Technology (ICFPT) (pp. 288–289). IEEE. https://doi.org/10.1109/ICFPT51103.2020.00050.

38.

Moini, S., Li, X., Stanwicks, P., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2020). Understanding and comparing the capabilities of on-chip voltage sensors against remote power attacks on FPGAs. In Midwest Symposium on Circuits and Systems (MWSCAS) (pp. 941–944). IEEE. https://doi.org/10.1109/MWSCAS48704.2020.9184683.

39.

Moini, S., Tian, S., Szefer, J., Holcomb, D., & Tessier, R. (2021). Remote power side-channel attacks on BNN accelerators in FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE). IEEE.

40.

Nassar, H., AlZughbi, H., Gnad, D., Bauer, L., Tahoori, M., & Henkel, J. (2021). LoopBreaker: disabling interconnects to mitigate voltage-based attacks in multi-tenant FPGAs. In International Conference on Computer-Aided Design (ICCAD). IEEE/ACM.

41.

Provelengios, G., Holcomb, D., & Tessier, R. (2020). Power wasting circuits for cloud FPGA attacks. In Field Programmable Logic and Applications (FPL) (pp. 231–235). https://doi.org/10.1109/FPL50879.2020.00046.

42.

Provelengios, G., Holcomb, D., & Tessier, R. (2021). Mitigating voltage attacks in multi-tenant FPGAs. ACM Transactions on Reconfigurable Technology and Systems (TRETS),14(2), 1–24.CrossRef

43.

Putnam, A., Caulfield, A. M., Chung, E. S., Chiou, D., Constantinides, K., Demme, J., Esmaeilzadeh, H., Fowers, J., Gopal, G. P., Gray, J., Haselman, M., Hauck, S., Heil, S., Hormati, A., Kim, J. Y., Lanka, S., Larus, J., Peterson, E., Pope, S., Smith, A., Thong, J., Xiao, P. Y., & Burger, D. (2014). A reconfigurable fabric for accelerating large-scale datacenter services. In International Symposium on Computer Architecture (ISCA), ISCA ’14 (pp. 13–24). Piscataway, NJ, USA: IEEE Press. http://dl.acm.org/citation.cfm?id=2665671.2665678.

44.

Ramesh, C., Patil, S. B., Dhanuskodi, S. N., Provelengios, G., Pillement, S., Holcomb, D., & Tessier, R. (2018). FPGA side channel attacks without physical access. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. paper–116). IEEE.

45.

Rockett, L., Patel, D., Danziger, S., Cronquist, B., & Wang, J. (2007). Radiation hardened FPGA technology for space applications. In Aerospace Conference (pp. 1–7). IEEE.

46.

Sanaullah, A., Yang, C., Alexeev, Y., Yoshii, K., & Herbordt, M. C. (2018). Real-time data analysis for medical diagnosis using FPGA-accelerated neural networks. BMC Bioinformatics,19, 19–31.CrossRef

47.

Schellenberg, F., Gnad, D. R., Moradi, A., & Tahoori, M. B. (2018). An inside job: remote power analysis attacks on FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE).

48.

Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). Remote inter-chip power analysis side-channel attacks at board-level. In International Conference on Computer-Aided Design (ICCAD) (pp. 1–7). IEEE/ACM. https://doi.org/10.1145/3240765.3240841.

49.

Sugawara, T., Sakiyama, K., Nashimoto, S., Suzuki, D., & Nagatsuka, T. (2019). Oscillator without a combinatorial loop and its threat to FPGA in data center. Electronics Letters,55(11), 640–642. https://doi.org/10.1049/el.2019.0163.CrossRef

50.

Tian, S., Moini, S., Wolnikowski, A., Holcomb, D., Tessier, R., & Szefer, J. (2021). Remote power attacks on the versatile tensor accelerator in multi-tenant FPGAs. In Proceedings of the International Symposium on Field-Programmable Custom Computing Machines, FCCM.

51.

Trimberger, S., & McNeil, S. (2017). Security of FPGAs in data centers. In International Verification and Security Workshop (IVSW). IEEE Computer Society.

52.

Yao, Y., Kiaei, P., Singh, R., Tajik, S., & Schaumont, P. (2021). Programmable RO (PRO): a multipurpose countermeasure against side-channel and fault injection attack. Preprint. arXiv:2106.13784.

53.

Zeng, S., Dai, G., Sun, H., Zhong, K., Ge, G., Guo, K., Wang, Y., & Yang, H. (2020). Enabling efficient and flexible FPGA virtualization for deep learning in the cloud. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. 102–110). IEEE.

54.

Zhao, M., & Suh, G. E. (2018). FPGA-based remote power side-channel attacks. In Symposium on Security and Privacy (S&P) (pp. 805–820). IEEE. https://doi.org/10.1109/SP.2018.00049. www.doi.ieeecomputersociety.org/10.1109/SP.2018.00049.

55.

Zick, K. M., & Hayes, J. P. (2012). Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Transactions on Reconfigurable Technology and Systems (TRETS), 5(1), 1:1–1:26. https://doi.org/10.1145/2133352.2133353. http://doi.acm.org/10.1145/2133352.2133353.

56.

Zick, K. M., Srivastav, M., Zhang, W., & French, M. (2013). Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In International Symposium on Field-Programmable Gate Arrays (FPGA) (pp. 101–104). New York, NY, USA: ACM. https://doi.org/10.1145/2435264.2435283. http://doi.acm.org/10.1145/2435264.2435283.

Titel: Remote Physical Attacks on FPGAs at the Electrical Level
verfasst von: Dennis R. E. Gnad
Jonas Krautter
Mehdi B. Tahoori
Verlag: Springer International Publishing
Buch: Security of FPGA-Accelerated Cloud Computing Environments
Print ISBN: 978-3-031-45394-6

Electronic ISBN: 978-3-031-45395-3

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-45395-3_4

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Internationaler Motorenkongress/© [M] ATZlive | Chisnikov / Fotolia.com, Search Icon, Banner Hanser, Customer Experience/© © oatawa / Getty Images / iStock, Erdgasmotor 1.5 TGI evo von Volkswagen/© Volkswagen AG, Thorsten Mücke/© Alexandra Bachran, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.