Abstract
Cloud computing environments increasingly provision FPGAs because of their fine-grained, highly parallel, and flexible hardware architecture. The availability of FPGAs in the cloud fueled research on the security risks associated with exposing FPGA fabric to remote users. The most notable result is the discovery that remote access to cloud FPGAs presents an entirely new attack surface: that of remotely executed electrical-level attacks, which leverage shared power-delivery networks (PDNs). Two types of threats stand out: power analysis and fault-injection attacks. This chapter begins with a description of the corresponding threat models. Then, it elaborates on the practical implementations of the attacks in two steps. In the first, the FPGA circuits able to pick up a secret signal from the shared PDN (i.e., on-chip voltage-drop sensors) or inject a disturbance into it (i.e., power wasters) are presented. In the second, the experimental results of attacks on various FPGA boards, including data center acceleration cards, are shown and discussed. Finally, to facilitate future research, the implementations of a selection of the FPGA circuits enabling the attacks are shared as open source.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AES Encryption Core. (2019). http://www.aoki.ecei.tohoku.ac.jp/crypto/.
Ahmed, I., Shen, L. L., & Betz, V. (2020). Optimizing FPGA logic circuitry for variable voltage supplies. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 28(4), 890–903.
Ahmed, M. K., Mandebi, J., Saha, S. K., & Bobda, C. (2022). Multi-tenant cloud FPGA: A survey on security. arXiv.
Amazon. (2019). AWS EC2 FPGA GitHub. https://github.com/aws/aws-fpga/tree/master.
AMD. (2023). Using directives Vivado design suite user guide: Implementation (UG904). https://docs.xilinx.com/r/en-US/ug904-vivado-implementation.
Azouaoui, M., Poussier, R., Standaert, F., & Verneuil, V. (2019). Key enumeration from the adversarial viewpoint. In 18th smart card research and advanced applications conference (CARDIS 2019) (pp. 252–67). Springer, Prague.
Azure, M. (2023). Machine Learning. https://azure.microsoft.com/en-us/pricing/details/machine-learning/.
Bobda, C., Mbongue, J. M., Chow, P., Ewais, M., Tarafdar, N., Vega, J. C., Eguro, K., Koch, D., Handagala, S., Leeser, M., et al. (2022). The future of FPGA acceleration in datacenters and the cloud. ACM Transactions on Reconfigurable Technology and Systems, 15(3), 1–42.
Brier, E., Clavier, C., & Olivier, F. (2004). Correlation power analysis with a leakage model. In Cryptographic hardware and embedded systems—CHES ’04 (pp. 16–29). Springer, Cambridge.
Cezary, G., Vincent, G., Romain, P., Joachim, S., & François-Xavier, S. (2015). Simpler and more efficient rank estimation for side-channel security assessment. In International workshop on fast software encryption (pp. 117–29). Istanbul, Turkey.
Compute optimized type family with FPGA. (2022). https://www.alibabacloud.com/help/en/elastic-compute-service/latest/compute-optimized-type-family-with-fpga.
Elnaggar, R., Chaudhur, J., Karri, R., & Chakrabarty, K. (2022). Learning malicious circuits in FPGA bitstreams. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 42(3), 726–39.
FPGA-based Amazon EC2 F1 computing instances. (2023). https://aws.amazon.com/ec2/instance-types/f1/.
Genesys ZU. (2022) Zynq UltraScale+ MPSoC development board. https://digilent.com/reference/programmable-logic/genesys-zu/reference-manual.
Giechaskiel, I., Rasmussen, K. B., & Szefer, J. (2020). C3APSULe: Cross-FPGA covert-channel attacks through power supply unit leakage. In 2020 IEEE symposium on security and privacy (pp. 1728–41). IEEE, San Francisco.
Glamočanin, O., Coulon, L., Regazzoni, F., & Stojilović, M. (2020). Are cloud FPGAs really vulnerable to power analysis attacks? In Design, Automation and Test in Europe Conference and Exhibition (DATE) (pp. 1–4). IEEE, Grenoble.
Glamočanin, O., Kostić, A., Kostić, S., & Stojilović, M. (2023). Active wire fences for multitenant FPGAs. In 26th international symposium on design and diagnostics of electronic circuits systems (DDECS) (pp. 13–20). IEEE, Tallinn.
Glamočanin, O., Mahmoud, D. G., Regazzoni, F., & Stojilović, M. (2023). Cloud FPGA security—practical implementations of remote power side-channel and fault-injection attacks on multitenant FPGAs—artifacts. https://github.com/mirjanastojilovic/remote-fpga-attacks-book-chapter.
Gnad, D. R., Oboril, F., & Tahoori, M. B. (2017). Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Proceedings of the 27th international conference on field-programmable logic and applications (FPL) (pp. 1–7). IEEE, Ghent.
Gnad, D. R. E., Nguyen, C. D. K., Gillani, S. H., & Tahoori, M. B. (2021). Voltage-based covert channels using FPGAs. ACM Transactions on Design Automation of Electronic Systems, 26(6), 1–25.
Gnad, D. R. E., Oboril, F., Kiamehr, S., & Tahoori, M. B. (2016). Analysis of transient voltage fluctuations in FPGAs. In 2016 international conference on field-programmable technology (FPT) (pp. 12–19). IEEE, Xi’an.
Gravellier, J., Dutertre, J. M., Teglia, Y., & Loubet-Moundi, P. (2019). High-speed ring oscillator based sensors for remote side-channel attacks on FPGAs. In 2019 international conference on ReConFigurable computing and FPGAs (ReConFig) (pp. 1–8). IEEE, Cancun.
Gravellier, J., Dutertre, J. M., Teglia, Y., Loubet-Moundi, P., & Olivier, F. (2019). Remote side-channel attacks on heterogeneous SoC. In 18th smart card research and advanced applications conference (CARDIS 2019) (pp. 109–25). Springer, Prague.
Gross, M., Krautter, J., Gnad, D., Gruber, M., Sigl, G., & Tahoori, M. (2023). FPGANeedle: Precise remote fault attacks from FPGA to CPU. In Proceedings of the 28th Asia and South Pacific design automation conference (pp. 358–64). ACM, Tokyo.
Hoozemans, J., Peltenburg, J., Nonnemacher, F., Hadnagy, A., Al-Ars, Z., & Hofstee, H. P. (2021). FPGA acceleration for big data analytics: Challenges and opportunities. IEEE Circuits and Systems Magazine, 21(2), 30–47.
Hsing, H. (2019). Tiny AES. https://opencores.org/projects/tiny_aes.
Hu, W., Zhang, L., Ardeshiricham, A., Blackston, J., Hou, B., Tai, Y., & Kastner, R. (2017). Why you should care about don’t cares: Exploiting internal don’t care conditions for hardware Trojans. In 2017 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 707–13). Irvine, CA, USA.
Huawei. (2023). FPGA accelerated cloud server—Huawei cloud. https://www.huaweicloud.com/en-us/product/fcs.html.
Intel® programmable acceleration card (PAC) with Intel® Arria® 10 GX FPGA data sheet. (2020). https://www.intel.com/content/www/us/en/docs/programmable/683226/current/introduction-rush-creek.html.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology—CRYPTO ’99 (pp. 387–97). Santa Barbara, CA, USA.
Korczyc, J., & Krasniewski, A. (2012). Evaluation of susceptibility of FPGA-based circuits to fault injection attacks based on clock glitching. In 15th international symposium on design and diagnostics of electronic circuits systems (DDECS) (pp. 171–74). IEEE, Talinn.
Krautter, J., Gnad, D. R. E., Schellenberg, F., Moradi, A., & Tahoori, M. B. (2019). Active fences against voltage-based side channels in multi-tenant FPGAs. In 2019 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 1–8). Westminster, CO, USA.
Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2018). FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 44–68.
Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2019). Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud. ACM Transactions on Reconfigurable Technology and Systems, 12(3), 1–26.
La, T., Pham, K. D., Powell, J., & Koch, D. (2021). Denial-of-service on FPGA-based cloud infrastructures—attack and defense. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 441–464.
La, T. M., Matas, K., Grunchevski, N., Pham, K. D., & Koch, D. (2020). FPGADefender: Malicious self-oscillator scanning for Xilinx UltraScale + FPGAs. ACM Transactions on Reconfigurable Technology and Systems, 13(3), 15:1–15:31.
Lee, W., Wang, Y., Cui, T., Nazarian, S., & Pedram, M. (2014). Dynamic thermal management for FinFET-based circuits exploiting the temperature effect inversion phenomenon. In Proceedings of the 2014 international symposium on low power electronics and design (pp. 105–10). ACM, La Jolla California.
Li, H., Tang, Y., Que, Z., & Zhang, J. (2022). FPGA accelerated post-quantum cryptography. IEEE Transactions on Nanotechnology, 21, 685–691.
Luo, Y., Gongye, C., Fei, Y., & Xu, X. (2021). DeepStrike: Remotely-guided fault injection attacks on DNN accelerator in cloud-FPGA. In 58th ACM/IEEE design automation conference (DAC) (pp. 295–300). San Francisco, CA, USA.
Luo, Y., & Xu, X. (2020). A quantitative defense framework against power attacks on multi-tenant FPGA. In Proceedings of the 39th international conference on computer-aided design (pp. 1–9). ACM, New York.
Mahmoud, D., & Stojilović, M. (2019). Timing violation induced faults in multi-tenant FPGAs. In Design, automation and test in europe conference and exhibition (DATE) (pp. 1745–50). IEEE, Florence.
Mahmoud, D. G., Dervishi, D., Hussein, S., Lenders, V., & Stojilović, M. (2022). DFAulted: Analyzing and exploiting CPU software faults caused by FPGA-driven undervolting attacks. IEEE Access, 10(134), 199–216.
Mahmoud, D. G., Hu, W., & Stojilović, M. (2020). X-attack: Remote activation of satisfiability don’t-care hardware Trojans on shared FPGAs. In Proceedings of the 30th international conference on field-programmable logic and applications (FPL) (pp. 185–92). IEEE, Gothenburg.
Mahmoud, D. G., Hussein, S., Lenders, V., & Stojilović, M. (2022). FPGA-to-CPU undervolting attacks. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 999–1004). IEEE, Virtual Event.
Mahmoud, D. G., Lenders, V., & Stojilović, M. (2022). Electrical-level attacks on CPUs, FPGAs, and GPUs: Survey and implications in the heterogeneous era. ACM Computing Surveys, 55(3), 1–40.
Mangard, S., Oswald, E., & Popp, T. (2007). Power analysis attacks—revealing the secrets of smart cards. Springer, New York.
Martín, H., Korak, T., Millán, E. S., & Hutter, M. (2015). Fault attacks on STRNGs: Impact of glitches, temperature, and underpowering on randomness. IEEE Transactions on Information Forensics and Security, 10(2), 266–277.
Matas, K., La, T. M., Pham, K. D., & Koch, D. (2020). Power-hammering through glitch amplification—attacks and mitigation. In 28th annual international symposium on field-programmable custom computing machines (FCCM) (pp. 65–69). IEEE, Fayetteville.
Mirzargar, S. S., Renault, G., Guerrieri, A., & Stojilović, M. (2020). Nonintrusive and adaptive monitoring for locating voltage attacks in virtualized FPGAs. In IEEE international conference on field programmable technology (FPT) (pp. 1–2). IEEE, Maui.
Moini, S., Deric, A., Li, X., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2022). Voltage sensor implementations for remote power attacks on FPGAs. ACM Transactions on Reconfigurable Technology and Systems, 16(1), 1–21.
Moini, S., Li, X., Stanwicks, P., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2020). Understanding and comparing the capabilities of on-chip voltage sensors against remote power attacks on FPGAs. In 63rd International midwest symposium on circuits and systems (MWSCAS) (pp. 941–44). IEEE, Springfield.
Moini, S., Tian, S., Holcomb, D., Szefer, J., & Tessier, R. (2021). Remote power side-channel attacks on BNN accelerators in FPGAs. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 1639–44). IEEE.
Nassar, H., AlZughbi, H., Gnad, D. R. E., Bauer, L., Tahoori, M. B., & Henkel, J. (2021). LoopBreaker: Disabling interconnects to mitigate voltage-based attacks in multi-tenant FPGAs. In 2021 IEEE/ACM international conference on computer aided design (ICCAD) (pp. 1–9). Munich, Germany.
Örs, S. B., Oswald, E., & Preneel, B. (2003). Power-analysis attacks on an FPGA—first experimental results. In Conference on cryptographic hardware and embedded systems (CHES) (pp. 35–50). Springer, Cologne.
Papagiannopoulos, K., Glamočanin, O., Azouaoui, M., Ros, D., Regazzoni, F., & Stojilović, M. (2023). The side-channel metrics cheat sheet. ACM Computing Surveys, 55(10), 1–38.
Provelengios, G., Holcomb, D., & Tessier, R. (2019). Characterizing power distribution attacks in multi-user FPGA environments. In Proceedings of the 29th international conference on field-programmable logic and applications (FPL) (pp. 194–201). IEEE, Barcelona.
Provelengios, G., Holcomb, D., & Tessier, R. (2020). Power wasting circuits for cloud FPGA attacks. In Proceedings of the 30th international conference on field-programmable logic and applications (FPL) (pp. 231–35). IEEE, Gothenburg.
Regazzoni, F., Yi, W., & Standaert, F. X. (2011). FPGA implementations of the AES masked against power analysis attacks. In Proceedings of 2nd international workshop on constructive side-channel analysis and secure design (COSADE) (pp. 1–11). Darmstadt, Germany.
Rodgers, J. L., & Nicewander, W. A. (1988). Thirteen ways to look at the correlation coefficient. The American Statistician, 42(1), 59–66.
Salman, E., Dasdan, A., Taraporevala, F., Kucukcakar, K., & Friedman, E. G. (2007). Exploiting setup-hold-time interdependence in static timing analysis. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 26(6), 1114–1125.
SAKURA-X side-channel evaluation board. (2021). https://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-X.html.
Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). An inside job: Remote power analysis attacks on FPGAs. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 1111–1116). IEEE, Dresden.
Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). Remote inter-chip power analysis side-channel attacks at board-level. In 2018 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 114:1–114:7). New York.
Shawahna, A., Sait, S. M., & El-Maleh, A. (2019). FPGA-based accelerators of deep learning networks for learning and classification: A review. IEEE Access, 7, 7823–7859.
Spielmann, D., Glamočanin, O., & Stojilović, M. (2023). RDS: FPGA routing delay sensors for effective remote power analysis attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(2), 543–67.
Tian, S., Moini, S., Wolnikowski, A., Holcomb, D., Tessier, R., & Szefer, J. (2021). Remote power attacks on the versatile tensor accelerator in multi-tenant FPGAs. In Proceedings of the international symposium on field-programmable custom computing machines (FCCM).
Tiri, K., & Verbauwhede, I. (2004). A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 246–51). Paris, France.
Wu, J. (2010). Several key issues on implementing delay line based TDCs using FPGAs. IEEE Transactions on Nuclear Science, 57(3), 1543–1548.
Xilinx. (2017). UltraScale architecture configurable logic block user guide (UG574). https://docs.xilinx.com/v/u/en-US/ug574-ultrascale-clb.
Yeap, G. K. (2012). Practical low power digital VLSI design. Springer Science and Business Media, Berlin.
Zhao, M., & Suh, G. E. (2018). FPGA-based remote power side-channel attacks. In 2018 IEEE symposium on security and privacy (pp. 805–820). IEEE, San Francisco.
Zhu, H., Guo, X., Jin, Y., & Zhang, X. (2020). PowerScout: A security-oriented power delivery network modeling framework for cross-domain side-channel analysis. In Asian hardware oriented security and trust symposium (AsianHOST) (1–6). IEEE.
Zick, K. M., Srivastav, M., Zhang, W., & French, M. (2013). Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In Proceedings of the 21st ACM/SIGDA international symposium on field-programmable gate arrays (FPGA) (pp. 101–104). Monterey, CA, USA.
Zussa, L., Dutertre, J. M., Clédière, J., & Robisson, B. (2014). Analysis of the fault injection mechanism related to negative and positive power supply glitches using an on-chip voltmeter. In International symposium on hardware-oriented security and trust (HOST) (pp. 130–35). IEEE, Arlington.
Zynq UltraScale+ MPSoC. (2022). https://www.xilinx.com/products/silicon-devices/soc/zynq-ultrascale-mpsoc.html.
Acknowledgements
This work is partially supported by the Swiss National Science Foundation (grant No. 182428), by armasuisse Science and Technology, and by the EU Horizon 2020 Programme under grant agreement No 957269 (EVEREST).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Mahmoud, D.G., Glamočanin, O., Regazzoni, F., Stojilović, M. (2024). Practical Implementations of Remote Power Side-Channel and Fault-Injection Attacks on Multitenant FPGAs. In: Szefer, J., Tessier, R. (eds) Security of FPGA-Accelerated Cloud Computing Environments. Springer, Cham. https://doi.org/10.1007/978-3-031-45395-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-45395-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45394-6
Online ISBN: 978-3-031-45395-3
eBook Packages: EngineeringEngineering (R0)