Security of FPGA-Accelerated Cloud Computing Environments

FPGAs have gained popularity as efficient accelerators for cloud computing, offering high computational capabilities surpassing general-purpose processors and GPUs. Cloud providers such as AWS and Alibaba offer FPGA-based cloud services to meet users’ needs for acceleration, particularly for computationally intensive applications such as AI or ML algorithms. Cloud security is critical to cloud users. They require secure remote FPGA acceleration with minimal performance impact. Privacy and protection of sensitive intellectual property and data from the cloud provider is a requirement for the user. In this chapter, a state of the art on FPGA cloud architecture and authentication is detailed. To address FPGA cloud security challenges, an FPGA-based cloud authentication and access delegation framework utilizing OAuth 2.0 is proposed. This protocol is adapted to FPGA cloud to securely authenticate entities involved in remote FPGA provisioning, enhancing overall security and flexibility with a tokenized access scheme.

While sharing FPGA logic in space and time improves hardware utilization and reduces the overall power consumption in FPGA-accelerated clouds, it also raises security concerns. Accelerators from different tenants running on the same FPGA can be exploited by malicious actors to launch attacks on co-hosted virtual machines, which puts cloud applications and the entire infrastructure at risk. In addition, FPGA-accelerated cloud applications typically rely on a combination of software and hardware components, some of which are provided by non-trusted sources. The software layer executes on CPUs, and the hardware functions run on FPGAs. This type of heterogeneous architecture provides an attack surface that can be exploited by malicious hardware or software processes to breach well-insulated users’ domains. This chapter explores hardware and software infrastructure used to enforce domain isolation and security at the system level in multi-tenant FPGA clouds. The approach we present leverages the Flux Advanced Security Kernel (FLASK) architecture to inherit security policies from software down to hardware accelerators on FPGAs where enforcement mechanisms are implemented. This approach has been prototyped and proven to enforce isolation between co-hosted user domains while incurring minimal communication and power consumption overhead.

Cryptographic primitives are fundamental blocks for ensuring security. Starting from AES, in the past few years, a number of block ciphers and authenticated encryption algorithms have been proposed and, sometimes, even standardized. These primitives can be used also to secure cloud application, including cloud-based FPGAs, but also their communication with edge devices or IoT devices. To this end, this chapter presents FPGA implementations of the most relevant cryptographic primitives and discusses their performance. The chapter starts by reporting results of implementation of block ciphers, the design choices that can be followed to implement them, and the performance obtained when implementing the most common ones on reconfigurable FPGA devices. The chapter continues by presenting stream ciphers and authenticated encryption algorithms and their implementation on FPGA. The chapter concludes by reporting on the current activities related to the transition to post-quantum cryptographic (PQC) algorithms and their implementation on FPGAs.

This chapter discusses recent physical attacks on FPGAs, which can also be performed remotely from within the FPGA itself. Such attacks can be executed despite established secure isolation at the digital level. Although FPGAs are meant to implement digital logic, their underlying physical circuit properties can be exploited to implement special circuitry that is either sensitive to the data-dependent on-chip voltage fluctuations or can influence them. These capabilities break all previous assumptions on how secure FPGA virtualization can be implemented and lift physical fault and power analysis attacks from a local to a potentially remote attacker. This new attack type has implications on orders of magnitude more users, particularly in cloud platforms. To address this novel threat, this chapter presents countermeasures that can be deployed from the perspective of a cloud hypervisor.

Cloud computing environments increasingly provision FPGAs because of their fine-grained, highly parallel, and flexible hardware architecture. The availability of FPGAs in the cloud fueled research on the security risks associated with exposing FPGA fabric to remote users. The most notable result is the discovery that remote access to cloud FPGAs presents an entirely new attack surface: that of remotely executed electrical-level attacks, which leverage shared power-delivery networks (PDNs). Two types of threats stand out: power analysis and fault-injection attacks. This chapter begins with a description of the corresponding threat models. Then, it elaborates on the practical implementations of the attacks in two steps. In the first, the FPGA circuits able to pick up a secret signal from the shared PDN (i.e., on-chip voltage-drop sensors) or inject a disturbance into it (i.e., power wasters) are presented. In the second, the experimental results of attacks on various FPGA boards, including data center acceleration cards, are shown and discussed. Finally, to facilitate future research, the implementations of a selection of the FPGA circuits enabling the attacks are shared as open source.

FPGAs have become popular hardware accelerators due to their versatile, reconfigurable, and highly parallelizable nature. However, several attacks in multi-tenant and virtualized setups have shown that FPGAs need to be dedicated on a per-user basis in potentially untrusted settings, such as in cloud environment virtual machines. In this chapter, we introduce a new attack that highlights that other aspects of shared infrastructure can also lead to vulnerabilities that break separation of privilege among different users. In particular, we show that sharing a power supply unit (PSU) can be exploited for remote FPGA-to-FPGA, CPU-to-FPGA, and GPU-to-FPGA covert channels between unmodified, off-the-shelf hardware. To demonstrate the attacks, our work uses a novel combination of “sensing” and “stressing” ring oscillators as receivers on the sink FPGA, and similar power wasting applications on the source FPGA, CPU, or GPU. Experiments are conducted with Xilinx boards containing Artix 7 and Kintex 7 FPGA chips, PSUs by two vendors, as well as CPUs and GPUs of different generations. The results of this work highlight the dangers of shared power supply units in local and cloud FPGAs and therefore a fundamental need to re-think FPGA security for shared infrastructures.

After years of development, FPGAs finally made an appearance on multi-tenant cloud servers in the late 2010s. Research in micro-architectural attacks has uncovered a variety of vulnerabilities on shared compute devices like CPUs and GPUs which pose a substantial thread to cloud service providers and customers alike, but heterogeneous FPGA-CPU microarchitectures require reassessment of common assumptions about isolation and security boundaries, as they introduce new attack vectors and vulnerabilities. The FPGAs now available from major cloud services use technologies like direct memory access and coherent caching to offer high-throughput, low-latency, and highly scalable FPGA-FPGA and FPGA-CPU coprocessing for heavy workloads. This chapter explores how FPGAs with access to these microarchitectural features can accelerate attacks against the host memory. It points out cache timing side channels and demonstrates a performant Rowhammer attack against a well-known RSA variant through direct memory access.

In recent years, multiple public cloud FPGA providers have emerged, increasing interest in the FPGA acceleration of cryptographic, financial, and other algorithms. This chapter focuses on the security of the cloud FPGA infrastructure itself and investigates what adversaries can learn about the infrastructure without attacking it or damaging it. The chapter first explores how unique features of FPGAs can be exploited to instantiate physical unclonable functions (PUFs) that can distinguish between otherwise-identical FPGA boards and then further demonstrates how to reverse-engineer the co-location of FPGA boards inside a cloud FPGA server. Specifically, the chapter introduces two ways of fingerprinting cloud FPGAs, one by measuring the decay rate of the DRAM modules on the FPGA boards and the other by instantiating ring oscillators (ROs) inside the FPGA chip that bypass the design rule checks imposed by cloud providers. The co-location of FPGA boards, along with the non-uniform memory access (NUMA) locality of FPGA boards within a server, is deduced by analyzing their mutual PCIe contention during simultaneous use of the PCIe bus. Overall, this chapter thus shows that it is possible to fingerprint and map cloud FPGAs and highlights a need for defense mechanisms that can protect the infrastructures themselves.

Abstract

This chapter introduces a novel approach to address side-channel and fault injection attacks on FPGAs that exploit physical effects in computations involving secret variables. Instead of using separate countermeasures for each attack vector, this chapter proposes a versatile solution called the Programmable Ring Oscillator (PRO). PRO is an integrated primitive that can offer on-chip side-channel resistance, power monitoring, and fault detection capabilities in a generic and application-independent manner. The PRO is deployed in a grid across the on-chip power network to detect anomalies caused by external factors such as electromagnetic fault injection, power glitches, or internal factors such as hardware Trojans. By monitoring the frequency of ring oscillators, power anomalies can be timely identified and localized. Additionally, PROs are capable of injecting a random noise pattern into a design’s power consumption. By switching the frequency of a ring oscillator randomly, the resulting power-noise pattern significantly reduces power-based side-channel leakage of a cipher. Measurement results on a Xilinx Spartan-6 FPGA prototype demonstrate that the PRO approach effectively addresses side-channel and fault vulnerabilities at a low cost. This multipurpose countermeasure offers a practical and efficient solution to enhance the security of various designs, making it a promising advancement in hardware security against diverse attack vectors.