Skip to main content
SpringerLink
Log in

Remote Physical Attacks on FPGAs at the Electrical Level

  • Chapter
  • First Online:
Security of FPGA-Accelerated Cloud Computing Environments

  • 122 Accesses

Abstract

This chapter discusses recent physical attacks on FPGAs, which can also be performed remotely from within the FPGA itself. Such attacks can be executed despite established secure isolation at the digital level. Although FPGAs are meant to implement digital logic, their underlying physical circuit properties can be exploited to implement special circuitry that is either sensitive to the data-dependent on-chip voltage fluctuations or can influence them. These capabilities break all previous assumptions on how secure FPGA virtualization can be implemented and lift physical fault and power analysis attacks from a local to a potentially remote attacker. This new attack type has implications on orders of magnitude more users, particularly in cloud platforms. To address this novel threat, this chapter presents countermeasures that can be deployed from the perspective of a cloud hypervisor.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Amazon EC2 F1 Instances. https://aws.amazon.com/ec2/instance-types/f1/.

  2. Alam, M. M., Tajik, S., Ganji, F., Tehranipoor, M., & Forte, D. (2019). RAM-Jam: remote temperature and voltage fault attack on FPGAs using memory collisions. In Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (pp. 48–55). https://doi.org/10.1109/FDTC.2019.00015.

  3. Bete, N., Saqib, F., Patel, C., Robucci, R., & Plusquellic, J. (2019). Side-channel power resistance for encryption algorithms using dynamic partial reconfiguration (SPREAD). In International Symposium on Hardware Oriented Security and Trust (HOST).

    Google Scholar 

  4. Boneh, D., DeMillo, R. A., & Lipton, R. J. (1997). On the importance of checking cryptographic protocols for faults. In Advances in Cryptology — EUROCRYPT ’97 (pp. 37–51). Berlin, Heidelberg: Springer. https://doi.org/10.1007/3-540-69053-0_4.

    Chapter  Google Scholar 

  5. Chen, H., Chen, Y., & Summerville, D. H. (2010). A survey on the application of FPGAs for network infrastructure security. IEEE Communications Surveys & Tutorials,13(4), 541–561.

    Article  Google Scholar 

  6. Cnudde, T. D., Ender, M., & Moradi, A. (2018). Hardware masking, revisited. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), 2018(2), 123–148.

    Article  Google Scholar 

  7. De Schryver, C. (2015). FPGA based accelerators for financial applications (vol. 10). Springer.

    Google Scholar 

  8. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. T. M. (2008). On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme. In D. Wagner (Ed.), Advances in cryptology – CRYPTO 2008 (pp. 203–220). Berlin, Heidelberg: Springer.

    Chapter  Google Scholar 

  9. Fahmy, S. A., Vipin, K., & Shreejith, S. (2015). Virtualized FPGA accelerators for efficient cloud computing. In CloudCom (pp. 430–435). IEEE Computer Society.

    Google Scholar 

  10. Giechaskiel, I., Rasmussen, K., & Szefer, J. (2019). Reading between the dies: cross-SLR covert channels on multi-tenant cloud FPGAs. In IEEE International Conference on Computer Design (ICCD).

    Google Scholar 

  11. Giechaskiel, I., Rasmussen, K. B., & Szefer, J. (2020). C\({ }^3\)APSULe: cross-FPGA covert-channel attacks through power supply unit leakage. In Symposium on Security and Privacy (S&P) (pp. 1728–1741). IEEE. https://doi.org/10.1109/SP40000.2020.00070.

  12. Glamočanin, O., Coulon, L., Regazzoni, F., & Stojilović, M. (2020). Are cloud FPGAs really vulnerable to power analysis attacks? In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1007–1010). IEEE.

    Google Scholar 

  13. Gnad, D. R. E., Oboril, F., Kiamehr, S., & Tahoori, M. B. (2018). An experimental evaluation and analysis of transient voltage fluctuations in FPGAs. IEEE Transactions on Very Large Scale Integration (VLSI) Systems,26(10), 1817–1830. https://doi.org/10.1109/TVLSI.2018.2848460.

    Article  Google Scholar 

  14. Gnad, D. R. E., Oboril, F., & Tahoori, M. B. (2017). Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Field Programmable Logic and Applications (FPL) (pp. 1–7). IEEE. https://doi.org/10.23919/fpl.2017.8056840.

  15. Gnad, D. R. E., Rapp, S., Krautter, J., & Tahoori, M. B. (2018). Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In International Conference on Field-Programmable Technology (ICFPT). Naha, Japan: IEEE.

    Google Scholar 

  16. Gnad, D. R. E., Schellenberg, F., Krautter, J., Moradi, A., & Tahoori, M. B. (2020). Remote electrical-level security threats to multi-tenant FPGAs. IEEE Design Test. https://doi.org/10.1109/MDAT.2020.2968248.

  17. Huffmire, T., Brotherton, B., Wang, G., Sherwood, T., Kastner, R., Levin, T., Nguyen, T., & Irvine, C. (2007). Moats and drawbridges: an isolation primitive for reconfigurable hardware based systems. In Symposium on Security and Privacy (S&P). IEEE.

    Google Scholar 

  18. Intel Corporation. (2017). Intel FPGAs Power Acceleration-as-a-Service for Alibaba Cloud — Intel Newsroom. https://newsroom.intel.com/news/intel-fpgas-power-acceleration-as-a-service-alibaba-cloud.

    Google Scholar 

  19. Jayasinghe, D., Ignjatovic, A., & Parameswaran, S. (2021). UCloD: small clock delays to mitigate remote power analysis attacks. IEEE Access,9, 108,411–108,425. https://doi.org/10.1109/ACCESS.2021.3100618.

    Article  Google Scholar 

  20. Kamoun, N., Bossuet, L., & Ghazel, A. (2009). Correlated power noise generator as a low cost DPA countermeasures to secure hardware AES cipher. In: International Conference on Signals, Circuits and Systems (SCS). IEEE.

    Google Scholar 

  21. Khawaja, A., Landgraf, J., Prakash, R., Wei, M., Schkufza, E., & Rossbach, C. J. (2018). Sharing, protection, and compatibility for reconfigurable fabric with AmorphOS. In USENIX Symposium on Operating Systems Design and Implementation (OSDI) (pp. 107–127).

    Google Scholar 

  22. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology — CRYPTO’ 99 (pp. 388–397). Berlin, Heidelberg: Springer. https://doi.org/10.1007/3-540-48405-1_25.

    Chapter  Google Scholar 

  23. Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2021). Remote and stealthy fault attacks on virtualized FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1632–1637). https://doi.org/10.23919/DATE51398.2021.9474140.

  24. Krautter, J., Gnad, D., & Tahoori, M. (2020). CPAmap: On the complexity of secure FPGA virtualization, multi-tenancy, and physical design. IACR Transactions on Cryptographic Hardware and Embedded Systems,2020(3), 121–146. https://doi.org/10.13154/tches.v2020.i3.121-146.

    Article  Google Scholar 

  25. Krautter, J., Gnad, D. R. E., Schellenberg, F., Moradi, A., & Tahoori, M. B. (2019). Active fences against voltage-based side channels in multi-tenant FPGAs. In International Conference on Computer-Aided Design (ICCAD). ACM.

    Google Scholar 

  26. Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2018). FPGAhammer: remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES),2018(3), 44–68.

    Article  Google Scholar 

  27. Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2019). Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud. ACM Transactions on Reconfigurable Technology and Systems (TRETS),12(3). https://doi.org/10.1145/3328222.

  28. Krautter, J., & Tahoori, M. B. (2021). Neural networks as a side-channel countermeasure: challenges and opportunities. In Symposium on VLSI (ISVLSI) (pp. 272–277). IEEE Computer Society. https://doi.org/10.1109/ISVLSI51109.2021.00057.

  29. La, T. M., Matas, K., Grunchevski, N., Pham, K. D., & Koch, D. (2020). FPGADefender: malicious self-oscillator scanning for Xilinx UltraScale + FPGAs. ACM Transactions on Reconfigurable Technology and Systems,13(3). https://doi.org/10.1145/3402937.

  30. Luo, Y., & Xu, X. (2020). A quantitative defense framework against power attacks on multi-tenant FPGA. In International Conference On Computer Aided Design (ICCAD) (pp. 1–4). IEEE/ACM.

    Google Scholar 

  31. Mahmoud, D., & Stojilović, M. (2019). Timing violation induced faults in multi-tenant FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE) (pp. 1745–1750). IEEE.

    Google Scholar 

  32. Malkin, T. G., Standaert, F. X., & Yung, M. (2006). A comparative cost/security analysis of fault attack countermeasures. In Fault Diagnosis and Tolerance in Cryptography (FDTC) (pp. 159–172). Berlin, Heidelberg: Springer.

    Chapter  Google Scholar 

  33. Masle, A. L., & Luk, W. (2012). Detecting power attacks on reconfigurable hardware. In Field Programmable Logic and Applications (FPL) (pp. 14–19). IEEE. https://doi.org/10.1109/FPL.2012.6339235.

  34. Matas, K., La, T. M., Pham, K. D., & Koch, D. (2020). Power-hammering through Glitch amplification – attacks and mitigation. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. 65–69). https://doi.org/10.1109/FCCM48280.2020.00018.

  35. McEvoy, R. P., Murphy, C. C., Marnane, W. P., & Tunstall, M. (2009). Isolated WDDL: A hiding countermeasure for differential power analysis on FPGAs. ACM Transactions on Reconfigurable Technology and Systems (TRETS),2(1).

    Google Scholar 

  36. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. Transactions on Computers,51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  37. Mirzargar, S. S., Renault, G., Guerrieri, A., & Stojilović, M. (2020). Nonintrusive and adaptive monitoring for locating voltage attacks in virtualized FPGAs. In International Conference on Field-Programmable Technology (ICFPT) (pp. 288–289). IEEE. https://doi.org/10.1109/ICFPT51103.2020.00050.

  38. Moini, S., Li, X., Stanwicks, P., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2020). Understanding and comparing the capabilities of on-chip voltage sensors against remote power attacks on FPGAs. In Midwest Symposium on Circuits and Systems (MWSCAS) (pp. 941–944). IEEE. https://doi.org/10.1109/MWSCAS48704.2020.9184683.

  39. Moini, S., Tian, S., Szefer, J., Holcomb, D., & Tessier, R. (2021). Remote power side-channel attacks on BNN accelerators in FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE). IEEE.

    Google Scholar 

  40. Nassar, H., AlZughbi, H., Gnad, D., Bauer, L., Tahoori, M., & Henkel, J. (2021). LoopBreaker: disabling interconnects to mitigate voltage-based attacks in multi-tenant FPGAs. In International Conference on Computer-Aided Design (ICCAD). IEEE/ACM.

    Google Scholar 

  41. Provelengios, G., Holcomb, D., & Tessier, R. (2020). Power wasting circuits for cloud FPGA attacks. In Field Programmable Logic and Applications (FPL) (pp. 231–235). https://doi.org/10.1109/FPL50879.2020.00046.

  42. Provelengios, G., Holcomb, D., & Tessier, R. (2021). Mitigating voltage attacks in multi-tenant FPGAs. ACM Transactions on Reconfigurable Technology and Systems (TRETS),14(2), 1–24.

    Article  Google Scholar 

  43. Putnam, A., Caulfield, A. M., Chung, E. S., Chiou, D., Constantinides, K., Demme, J., Esmaeilzadeh, H., Fowers, J., Gopal, G. P., Gray, J., Haselman, M., Hauck, S., Heil, S., Hormati, A., Kim, J. Y., Lanka, S., Larus, J., Peterson, E., Pope, S., Smith, A., Thong, J., Xiao, P. Y., & Burger, D. (2014). A reconfigurable fabric for accelerating large-scale datacenter services. In International Symposium on Computer Architecture (ISCA), ISCA ’14 (pp. 13–24). Piscataway, NJ, USA: IEEE Press. http://dl.acm.org/citation.cfm?id=2665671.2665678.

    Google Scholar 

  44. Ramesh, C., Patil, S. B., Dhanuskodi, S. N., Provelengios, G., Pillement, S., Holcomb, D., & Tessier, R. (2018). FPGA side channel attacks without physical access. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. paper–116). IEEE.

    Google Scholar 

  45. Rockett, L., Patel, D., Danziger, S., Cronquist, B., & Wang, J. (2007). Radiation hardened FPGA technology for space applications. In Aerospace Conference (pp. 1–7). IEEE.

    Google Scholar 

  46. Sanaullah, A., Yang, C., Alexeev, Y., Yoshii, K., & Herbordt, M. C. (2018). Real-time data analysis for medical diagnosis using FPGA-accelerated neural networks. BMC Bioinformatics,19, 19–31.

    Article  Google Scholar 

  47. Schellenberg, F., Gnad, D. R., Moradi, A., & Tahoori, M. B. (2018). An inside job: remote power analysis attacks on FPGAs. In Proceedings of Design, Automation & Test in Europe (DATE).

    Google Scholar 

  48. Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). Remote inter-chip power analysis side-channel attacks at board-level. In International Conference on Computer-Aided Design (ICCAD) (pp. 1–7). IEEE/ACM. https://doi.org/10.1145/3240765.3240841.

  49. Sugawara, T., Sakiyama, K., Nashimoto, S., Suzuki, D., & Nagatsuka, T. (2019). Oscillator without a combinatorial loop and its threat to FPGA in data center. Electronics Letters,55(11), 640–642. https://doi.org/10.1049/el.2019.0163.

    Article  Google Scholar 

  50. Tian, S., Moini, S., Wolnikowski, A., Holcomb, D., Tessier, R., & Szefer, J. (2021). Remote power attacks on the versatile tensor accelerator in multi-tenant FPGAs. In Proceedings of the International Symposium on Field-Programmable Custom Computing Machines, FCCM.

    Google Scholar 

  51. Trimberger, S., & McNeil, S. (2017). Security of FPGAs in data centers. In International Verification and Security Workshop (IVSW). IEEE Computer Society.

    Google Scholar 

  52. Yao, Y., Kiaei, P., Singh, R., Tajik, S., & Schaumont, P. (2021). Programmable RO (PRO): a multipurpose countermeasure against side-channel and fault injection attack. Preprint. arXiv:2106.13784.

    Google Scholar 

  53. Zeng, S., Dai, G., Sun, H., Zhong, K., Ge, G., Guo, K., Wang, Y., & Yang, H. (2020). Enabling efficient and flexible FPGA virtualization for deep learning in the cloud. In International Symposium on Field-Programmable Custom Computing Machines (FCCM) (pp. 102–110). IEEE.

    Google Scholar 

  54. Zhao, M., & Suh, G. E. (2018). FPGA-based remote power side-channel attacks. In Symposium on Security and Privacy (S&P) (pp. 805–820). IEEE. https://doi.org/10.1109/SP.2018.00049. www.doi.ieeecomputersociety.org/10.1109/SP.2018.00049.

  55. Zick, K. M., & Hayes, J. P. (2012). Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Transactions on Reconfigurable Technology and Systems (TRETS), 5(1), 1:1–1:26. https://doi.org/10.1145/2133352.2133353. http://doi.acm.org/10.1145/2133352.2133353.

  56. Zick, K. M., Srivastav, M., Zhang, W., & French, M. (2013). Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In International Symposium on Field-Programmable Gate Arrays (FPGA) (pp. 101–104). New York, NY, USA: ACM. https://doi.org/10.1145/2435264.2435283. http://doi.acm.org/10.1145/2435264.2435283.

Download references

Acknowledgements

The work described in this chapter has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) through the project 456967092 (SecFShare).

Author information

Authors and Affiliations

  1. Karlsruhe Institute of Technology (KIT), Chair of Dependable Nano Computing (CDNC), Karlsruhe, Germany

    Dennis R. E. Gnad, Jonas Krautter & Mehdi B. Tahoori

Authors
  1. Dennis R. E. Gnad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jonas Krautter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mehdi B. Tahoori
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mehdi B. Tahoori .

Editor information

Editors and Affiliations

  1. Yale University, New Haven, CT, USA

    Jakub Szefer

  2. University of Massachusetts Amherst, Amherst, MA, USA

    Russell Tessier

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Gnad, D.R.E., Krautter, J., Tahoori, M.B. (2024). Remote Physical Attacks on FPGAs at the Electrical Level. In: Szefer, J., Tessier, R. (eds) Security of FPGA-Accelerated Cloud Computing Environments. Springer, Cham. https://doi.org/10.1007/978-3-031-45395-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-45395-3_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-45394-6

  • Online ISBN: 978-3-031-45395-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation