Abstract
This chapter discusses recent physical attacks on FPGAs, which can also be performed remotely from within the FPGA itself. Such attacks can be executed despite established secure isolation at the digital level. Although FPGAs are meant to implement digital logic, their underlying physical circuit properties can be exploited to implement special circuitry that is either sensitive to the data-dependent on-chip voltage fluctuations or can influence them. These capabilities break all previous assumptions on how secure FPGA virtualization can be implemented and lift physical fault and power analysis attacks from a local to a potentially remote attacker. This new attack type has implications on orders of magnitude more users, particularly in cloud platforms. To address this novel threat, this chapter presents countermeasures that can be deployed from the perspective of a cloud hypervisor.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon EC2 F1 Instances. https://aws.amazon.com/ec2/instance-types/f1/.
Alam, M. M., Tajik, S., Ganji, F., Tehranipoor, M., & Forte, D. (2019). RAM-Jam: remote temperature and voltage fault attack on FPGAs using memory collisions. In Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (pp. 48–55). https://doi.org/10.1109/FDTC.2019.00015.
Bete, N., Saqib, F., Patel, C., Robucci, R., & Plusquellic, J. (2019). Side-channel power resistance for encryption algorithms using dynamic partial reconfiguration (SPREAD). In International Symposium on Hardware Oriented Security and Trust (HOST).
Boneh, D., DeMillo, R. A., & Lipton, R. J. (1997). On the importance of checking cryptographic protocols for faults. In Advances in Cryptology — EUROCRYPT ’97 (pp. 37–51). Berlin, Heidelberg: Springer. https://doi.org/10.1007/3-540-69053-0_4.
Chen, H., Chen, Y., & Summerville, D. H. (2010). A survey on the application of FPGAs for network infrastructure security. IEEE Communications Surveys & Tutorials,13(4), 541–561.
Cnudde, T. D., Ender, M., & Moradi, A. (2018). Hardware masking, revisited. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), 2018(2), 123–148.
De Schryver, C. (2015). FPGA based accelerators for financial applications (vol. 10). Springer.
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. T. M. (2008). On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme. In D. Wagner (Ed.), Advances in cryptology – CRYPTO 2008 (pp. 203–220). Berlin, Heidelberg: Springer.
Fahmy, S. A., Vipin, K., & Shreejith, S. (2015). Virtualized FPGA accelerators for efficient cloud computing. In CloudCom (pp. 430–435). IEEE Computer Society.
Giechaskiel, I., Rasmussen, K., & Szefer, J. (2019). Reading between the dies: cross-SLR covert channels on multi-tenant cloud FPGAs. In IEEE International Conference on Computer Design (ICCD).
Giechaskiel, I., Rasmussen, K. B., & Szefer, J. (2020). C\({ }^3\)APSULe: cross-FPGA covert-channel attacks through power supply unit leakage. In Symposium on Security and Privacy (S&P) (pp. 1728–1741). IEEE. https://doi.org/10.1109/SP40000.2020.00070.
Glamočanin, O., Coulon, L., Regazzoni, F., & Stojilović, M. (2020). Are cloud FPGAs really vulnerable to power analysis attacks? In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1007–1010). IEEE.
Gnad, D. R. E., Oboril, F., Kiamehr, S., & Tahoori, M. B. (2018). An experimental evaluation and analysis of transient voltage fluctuations in FPGAs. IEEE Transactions on Very Large Scale Integration (VLSI) Systems,26(10), 1817–1830. https://doi.org/10.1109/TVLSI.2018.2848460.
Gnad, D. R. E., Oboril, F., & Tahoori, M. B. (2017). Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Field Programmable Logic and Applications (FPL) (pp. 1–7). IEEE. https://doi.org/10.23919/fpl.2017.8056840.
Gnad, D. R. E., Rapp, S., Krautter, J., & Tahoori, M. B. (2018). Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In International Conference on Field-Programmable Technology (ICFPT). Naha, Japan: IEEE.
Gnad, D. R. E., Schellenberg, F., Krautter, J., Moradi, A., & Tahoori, M. B. (2020). Remote electrical-level security threats to multi-tenant FPGAs. IEEE Design Test. https://doi.org/10.1109/MDAT.2020.2968248.
Huffmire, T., Brotherton, B., Wang, G., Sherwood, T., Kastner, R., Levin, T., Nguyen, T., & Irvine, C. (2007). Moats and drawbridges: an isolation primitive for reconfigurable hardware based systems. In Symposium on Security and Privacy (S&P). IEEE.
Intel Corporation. (2017). Intel FPGAs Power Acceleration-as-a-Service for Alibaba Cloud — Intel Newsroom. https://newsroom.intel.com/news/intel-fpgas-power-acceleration-as-a-service-alibaba-cloud.
Jayasinghe, D., Ignjatovic, A., & Parameswaran, S. (2021). UCloD: small clock delays to mitigate remote power analysis attacks. IEEE Access,9, 108,411–108,425. https://doi.org/10.1109/ACCESS.2021.3100618.
Kamoun, N., Bossuet, L., & Ghazel, A. (2009). Correlated power noise generator as a low cost DPA countermeasures to secure hardware AES cipher. In: International Conference on Signals, Circuits and Systems (SCS). IEEE.
Khawaja, A., Landgraf, J., Prakash, R., Wei, M., Schkufza, E., & Rossbach, C. J. (2018). Sharing, protection, and compatibility for reconfigurable fabric with AmorphOS. In USENIX Symposium on Operating Systems Design and Implementation (OSDI) (pp. 107–127).
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology — CRYPTO’ 99 (pp. 388–397). Berlin, Heidelberg: Springer. https://doi.org/10.1007/3-540-48405-1_25.
Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2021). Remote and stealthy fault attacks on virtualized FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1632–1637). https://doi.org/10.23919/DATE51398.2021.9474140.
Krautter, J., Gnad, D., & Tahoori, M. (2020). CPAmap: On the complexity of secure FPGA virtualization, multi-tenancy, and physical design. IACR Transactions on Cryptographic Hardware and Embedded Systems,2020(3), 121–146. https://doi.org/10.13154/tches.v2020.i3.121-146.
Krautter, J., Gnad, D. R. E., Schellenberg, F., Moradi, A., & Tahoori, M. B. (2019). Active fences against voltage-based side channels in multi-tenant FPGAs. In International Conference on Computer-Aided Design (ICCAD). ACM.
Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2018). FPGAhammer: remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES),2018(3), 44–68.
Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2019). Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud. ACM Transactions on Reconfigurable Technology and Systems (TRETS),12(3). https://doi.org/10.1145/3328222.
Krautter, J., & Tahoori, M. B. (2021). Neural networks as a side-channel countermeasure: challenges and opportunities. In Symposium on VLSI (ISVLSI) (pp. 272–277). IEEE Computer Society. https://doi.org/10.1109/ISVLSI51109.2021.00057.
La, T. M., Matas, K., Grunchevski, N., Pham, K. D., & Koch, D. (2020). FPGADefender: malicious self-oscillator scanning for Xilinx UltraScale + FPGAs. ACM Transactions on Reconfigurable Technology and Systems,13(3). https://doi.org/10.1145/3402937.
Luo, Y., & Xu, X. (2020). A quantitative defense framework against power attacks on multi-tenant FPGA. In International Conference On Computer Aided Design (ICCAD) (pp. 1–4). IEEE/ACM.
Mahmoud, D., & Stojilović, M. (2019). Timing violation induced faults in multi-tenant FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1745–1750). IEEE.
Malkin, T. G., Standaert, F. X., & Yung, M. (2006). A comparative cost/security analysis of fault attack countermeasures. In Fault Diagnosis and Tolerance in Cryptography (FDTC) (pp. 159–172). Berlin, Heidelberg: Springer.
Masle, A. L., & Luk, W. (2012). Detecting power attacks on reconfigurable hardware. In Field Programmable Logic and Applications (FPL) (pp. 14–19). IEEE. https://doi.org/10.1109/FPL.2012.6339235.
Matas, K., La, T. M., Pham, K. D., & Koch, D. (2020). Power-hammering through Glitch amplification – attacks and mitigation. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. 65–69). https://doi.org/10.1109/FCCM48280.2020.00018.
McEvoy, R. P., Murphy, C. C., Marnane, W. P., & Tunstall, M. (2009). Isolated WDDL: A hiding countermeasure for differential power analysis on FPGAs. ACM Transactions on Reconfigurable Technology and Systems (TRETS),2(1).
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. Transactions on Computers,51(5), 541–552.
Mirzargar, S. S., Renault, G., Guerrieri, A., & Stojilović, M. (2020). Nonintrusive and adaptive monitoring for locating voltage attacks in virtualized FPGAs. In International Conference on Field-Programmable Technology (ICFPT) (pp. 288–289). IEEE. https://doi.org/10.1109/ICFPT51103.2020.00050.
Moini, S., Li, X., Stanwicks, P., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2020). Understanding and comparing the capabilities of on-chip voltage sensors against remote power attacks on FPGAs. In Midwest Symposium on Circuits and Systems (MWSCAS) (pp. 941–944). IEEE. https://doi.org/10.1109/MWSCAS48704.2020.9184683.
Moini, S., Tian, S., Szefer, J., Holcomb, D., & Tessier, R. (2021). Remote power side-channel attacks on BNN accelerators in FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE). IEEE.
Nassar, H., AlZughbi, H., Gnad, D., Bauer, L., Tahoori, M., & Henkel, J. (2021). LoopBreaker: disabling interconnects to mitigate voltage-based attacks in multi-tenant FPGAs. In International Conference on Computer-Aided Design (ICCAD). IEEE/ACM.
Provelengios, G., Holcomb, D., & Tessier, R. (2020). Power wasting circuits for cloud FPGA attacks. In Field Programmable Logic and Applications (FPL) (pp. 231–235). https://doi.org/10.1109/FPL50879.2020.00046.
Provelengios, G., Holcomb, D., & Tessier, R. (2021). Mitigating voltage attacks in multi-tenant FPGAs. ACM Transactions on Reconfigurable Technology and Systems (TRETS),14(2), 1–24.
Putnam, A., Caulfield, A. M., Chung, E. S., Chiou, D., Constantinides, K., Demme, J., Esmaeilzadeh, H., Fowers, J., Gopal, G. P., Gray, J., Haselman, M., Hauck, S., Heil, S., Hormati, A., Kim, J. Y., Lanka, S., Larus, J., Peterson, E., Pope, S., Smith, A., Thong, J., Xiao, P. Y., & Burger, D. (2014). A reconfigurable fabric for accelerating large-scale datacenter services. In International Symposium on Computer Architecture (ISCA), ISCA ’14 (pp. 13–24). Piscataway, NJ, USA: IEEE Press. http://dl.acm.org/citation.cfm?id=2665671.2665678.
Ramesh, C., Patil, S. B., Dhanuskodi, S. N., Provelengios, G., Pillement, S., Holcomb, D., & Tessier, R. (2018). FPGA side channel attacks without physical access. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. paper–116). IEEE.
Rockett, L., Patel, D., Danziger, S., Cronquist, B., & Wang, J. (2007). Radiation hardened FPGA technology for space applications. In Aerospace Conference (pp. 1–7). IEEE.
Sanaullah, A., Yang, C., Alexeev, Y., Yoshii, K., & Herbordt, M. C. (2018). Real-time data analysis for medical diagnosis using FPGA-accelerated neural networks. BMC Bioinformatics,19, 19–31.
Schellenberg, F., Gnad, D. R., Moradi, A., & Tahoori, M. B. (2018). An inside job: remote power analysis attacks on FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE).
Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). Remote inter-chip power analysis side-channel attacks at board-level. In International Conference on Computer-Aided Design (ICCAD) (pp. 1–7). IEEE/ACM. https://doi.org/10.1145/3240765.3240841.
Sugawara, T., Sakiyama, K., Nashimoto, S., Suzuki, D., & Nagatsuka, T. (2019). Oscillator without a combinatorial loop and its threat to FPGA in data center. Electronics Letters,55(11), 640–642. https://doi.org/10.1049/el.2019.0163.
Tian, S., Moini, S., Wolnikowski, A., Holcomb, D., Tessier, R., & Szefer, J. (2021). Remote power attacks on the versatile tensor accelerator in multi-tenant FPGAs. In Proceedings of the International Symposium on Field-Programmable Custom Computing Machines, FCCM.
Trimberger, S., & McNeil, S. (2017). Security of FPGAs in data centers. In International Verification and Security Workshop (IVSW). IEEE Computer Society.
Yao, Y., Kiaei, P., Singh, R., Tajik, S., & Schaumont, P. (2021). Programmable RO (PRO): a multipurpose countermeasure against side-channel and fault injection attack. Preprint. arXiv:2106.13784.
Zeng, S., Dai, G., Sun, H., Zhong, K., Ge, G., Guo, K., Wang, Y., & Yang, H. (2020). Enabling efficient and flexible FPGA virtualization for deep learning in the cloud. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. 102–110). IEEE.
Zhao, M., & Suh, G. E. (2018). FPGA-based remote power side-channel attacks. In Symposium on Security and Privacy (S&P) (pp. 805–820). IEEE. https://doi.org/10.1109/SP.2018.00049. www.doi.ieeecomputersociety.org/10.1109/SP.2018.00049.
Zick, K. M., & Hayes, J. P. (2012). Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Transactions on Reconfigurable Technology and Systems (TRETS), 5(1), 1:1–1:26. https://doi.org/10.1145/2133352.2133353. http://doi.acm.org/10.1145/2133352.2133353.
Zick, K. M., Srivastav, M., Zhang, W., & French, M. (2013). Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In International Symposium on Field-Programmable Gate Arrays (FPGA) (pp. 101–104). New York, NY, USA: ACM. https://doi.org/10.1145/2435264.2435283. http://doi.acm.org/10.1145/2435264.2435283.
Acknowledgements
The work described in this chapter has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) through the project 456967092 (SecFShare).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gnad, D.R.E., Krautter, J., Tahoori, M.B. (2024). Remote Physical Attacks on FPGAs at the Electrical Level. In: Szefer, J., Tessier, R. (eds) Security of FPGA-Accelerated Cloud Computing Environments. Springer, Cham. https://doi.org/10.1007/978-3-031-45395-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-45395-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45394-6
Online ISBN: 978-3-031-45395-3
eBook Packages: EngineeringEngineering (R0)