Skip to main content
SpringerLink
Log in

Practical Implementations of Remote Power Side-Channel and Fault-Injection Attacks on Multitenant FPGAs

  • Chapter
  • First Online:
Security of FPGA-Accelerated Cloud Computing Environments

  • 148 Accesses

Abstract

Cloud computing environments increasingly provision FPGAs because of their fine-grained, highly parallel, and flexible hardware architecture. The availability of FPGAs in the cloud fueled research on the security risks associated with exposing FPGA fabric to remote users. The most notable result is the discovery that remote access to cloud FPGAs presents an entirely new attack surface: that of remotely executed electrical-level attacks, which leverage shared power-delivery networks (PDNs). Two types of threats stand out: power analysis and fault-injection attacks. This chapter begins with a description of the corresponding threat models. Then, it elaborates on the practical implementations of the attacks in two steps. In the first, the FPGA circuits able to pick up a secret signal from the shared PDN (i.e., on-chip voltage-drop sensors) or inject a disturbance into it (i.e., power wasters) are presented. In the second, the experimental results of attacks on various FPGA boards, including data center acceleration cards, are shown and discussed. Finally, to facilitate future research, the implementations of a selection of the FPGA circuits enabling the attacks are shared as open source.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AES Encryption Core. (2019). http://www.aoki.ecei.tohoku.ac.jp/crypto/.

  2. Ahmed, I., Shen, L. L., & Betz, V. (2020). Optimizing FPGA logic circuitry for variable voltage supplies. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 28(4), 890–903.

    Article  Google Scholar 

  3. Ahmed, M. K., Mandebi, J., Saha, S. K., & Bobda, C. (2022). Multi-tenant cloud FPGA: A survey on security. arXiv.

    Google Scholar 

  4. Amazon. (2019). AWS EC2 FPGA GitHub. https://github.com/aws/aws-fpga/tree/master.

  5. AMD. (2023). Using directives Vivado design suite user guide: Implementation (UG904). https://docs.xilinx.com/r/en-US/ug904-vivado-implementation.

  6. Azouaoui, M., Poussier, R., Standaert, F., & Verneuil, V. (2019). Key enumeration from the adversarial viewpoint. In 18th smart card research and advanced applications conference (CARDIS 2019) (pp. 252–67). Springer, Prague.

    Google Scholar 

  7. Azure, M. (2023). Machine Learning. https://azure.microsoft.com/en-us/pricing/details/machine-learning/.

    Google Scholar 

  8. Bobda, C., Mbongue, J. M., Chow, P., Ewais, M., Tarafdar, N., Vega, J. C., Eguro, K., Koch, D., Handagala, S., Leeser, M., et al. (2022). The future of FPGA acceleration in datacenters and the cloud. ACM Transactions on Reconfigurable Technology and Systems, 15(3), 1–42.

    Article  Google Scholar 

  9. Brier, E., Clavier, C., & Olivier, F. (2004). Correlation power analysis with a leakage model. In Cryptographic hardware and embedded systems—CHES ’04 (pp. 16–29). Springer, Cambridge.

    Book  Google Scholar 

  10. Cezary, G., Vincent, G., Romain, P., Joachim, S., & François-Xavier, S. (2015). Simpler and more efficient rank estimation for side-channel security assessment. In International workshop on fast software encryption (pp. 117–29). Istanbul, Turkey.

    Google Scholar 

  11. Compute optimized type family with FPGA. (2022). https://www.alibabacloud.com/help/en/elastic-compute-service/latest/compute-optimized-type-family-with-fpga.

  12. Elnaggar, R., Chaudhur, J., Karri, R., & Chakrabarty, K. (2022). Learning malicious circuits in FPGA bitstreams. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 42(3), 726–39.

    Article  Google Scholar 

  13. FPGA-based Amazon EC2 F1 computing instances. (2023). https://aws.amazon.com/ec2/instance-types/f1/.

  14. Genesys ZU. (2022) Zynq UltraScale+ MPSoC development board. https://digilent.com/reference/programmable-logic/genesys-zu/reference-manual.

  15. Giechaskiel, I., Rasmussen, K. B., & Szefer, J. (2020). C3APSULe: Cross-FPGA covert-channel attacks through power supply unit leakage. In 2020 IEEE symposium on security and privacy (pp. 1728–41). IEEE, San Francisco.

    Google Scholar 

  16. Glamočanin, O., Coulon, L., Regazzoni, F., & Stojilović, M. (2020). Are cloud FPGAs really vulnerable to power analysis attacks? In Design, Automation and Test in Europe Conference and Exhibition (DATE) (pp. 1–4). IEEE, Grenoble.

    Google Scholar 

  17. Glamočanin, O., Kostić, A., Kostić, S., & Stojilović, M. (2023). Active wire fences for multitenant FPGAs. In 26th international symposium on design and diagnostics of electronic circuits systems (DDECS) (pp. 13–20). IEEE, Tallinn.

    Google Scholar 

  18. Glamočanin, O., Mahmoud, D. G., Regazzoni, F., & Stojilović, M. (2023). Cloud FPGA security—practical implementations of remote power side-channel and fault-injection attacks on multitenant FPGAs—artifacts. https://github.com/mirjanastojilovic/remote-fpga-attacks-book-chapter.

    Google Scholar 

  19. Gnad, D. R., Oboril, F., & Tahoori, M. B. (2017). Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Proceedings of the 27th international conference on field-programmable logic and applications (FPL) (pp. 1–7). IEEE, Ghent.

    Google Scholar 

  20. Gnad, D. R. E., Nguyen, C. D. K., Gillani, S. H., & Tahoori, M. B. (2021). Voltage-based covert channels using FPGAs. ACM Transactions on Design Automation of Electronic Systems, 26(6), 1–25.

    Article  Google Scholar 

  21. Gnad, D. R. E., Oboril, F., Kiamehr, S., & Tahoori, M. B. (2016). Analysis of transient voltage fluctuations in FPGAs. In 2016 international conference on field-programmable technology (FPT) (pp. 12–19). IEEE, Xi’an.

    Google Scholar 

  22. Gravellier, J., Dutertre, J. M., Teglia, Y., & Loubet-Moundi, P. (2019). High-speed ring oscillator based sensors for remote side-channel attacks on FPGAs. In 2019 international conference on ReConFigurable computing and FPGAs (ReConFig) (pp. 1–8). IEEE, Cancun.

    Google Scholar 

  23. Gravellier, J., Dutertre, J. M., Teglia, Y., Loubet-Moundi, P., & Olivier, F. (2019). Remote side-channel attacks on heterogeneous SoC. In 18th smart card research and advanced applications conference (CARDIS 2019) (pp. 109–25). Springer, Prague.

    Google Scholar 

  24. Gross, M., Krautter, J., Gnad, D., Gruber, M., Sigl, G., & Tahoori, M. (2023). FPGANeedle: Precise remote fault attacks from FPGA to CPU. In Proceedings of the 28th Asia and South Pacific design automation conference (pp. 358–64). ACM, Tokyo.

    Book  Google Scholar 

  25. Hoozemans, J., Peltenburg, J., Nonnemacher, F., Hadnagy, A., Al-Ars, Z., & Hofstee, H. P. (2021). FPGA acceleration for big data analytics: Challenges and opportunities. IEEE Circuits and Systems Magazine, 21(2), 30–47.

    Article  Google Scholar 

  26. Hsing, H. (2019). Tiny AES. https://opencores.org/projects/tiny_aes.

    Google Scholar 

  27. Hu, W., Zhang, L., Ardeshiricham, A., Blackston, J., Hou, B., Tai, Y., & Kastner, R. (2017). Why you should care about don’t cares: Exploiting internal don’t care conditions for hardware Trojans. In 2017 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 707–13). Irvine, CA, USA.

    Google Scholar 

  28. Huawei. (2023). FPGA accelerated cloud server—Huawei cloud. https://www.huaweicloud.com/en-us/product/fcs.html.

  29. Intel® programmable acceleration card (PAC) with Intel® Arria® 10 GX FPGA data sheet. (2020). https://www.intel.com/content/www/us/en/docs/programmable/683226/current/introduction-rush-creek.html.

  30. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology—CRYPTO ’99 (pp. 387–97). Santa Barbara, CA, USA.

    Google Scholar 

  31. Korczyc, J., & Krasniewski, A. (2012). Evaluation of susceptibility of FPGA-based circuits to fault injection attacks based on clock glitching. In 15th international symposium on design and diagnostics of electronic circuits systems (DDECS) (pp. 171–74). IEEE, Talinn.

    Google Scholar 

  32. Krautter, J., Gnad, D. R. E., Schellenberg, F., Moradi, A., & Tahoori, M. B. (2019). Active fences against voltage-based side channels in multi-tenant FPGAs. In 2019 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 1–8). Westminster, CO, USA.

    Google Scholar 

  33. Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2018). FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 44–68.

    Article  Google Scholar 

  34. Krautter, J., Gnad, D. R. E., & Tahoori, M. B. (2019). Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud. ACM Transactions on Reconfigurable Technology and Systems, 12(3), 1–26.

    Article  Google Scholar 

  35. La, T., Pham, K. D., Powell, J., & Koch, D. (2021). Denial-of-service on FPGA-based cloud infrastructures—attack and defense. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(3), 441–464.

    Article  Google Scholar 

  36. La, T. M., Matas, K., Grunchevski, N., Pham, K. D., & Koch, D. (2020). FPGADefender: Malicious self-oscillator scanning for Xilinx UltraScale + FPGAs. ACM Transactions on Reconfigurable Technology and Systems, 13(3), 15:1–15:31.

    Google Scholar 

  37. Lee, W., Wang, Y., Cui, T., Nazarian, S., & Pedram, M. (2014). Dynamic thermal management for FinFET-based circuits exploiting the temperature effect inversion phenomenon. In Proceedings of the 2014 international symposium on low power electronics and design (pp. 105–10). ACM, La Jolla California.

    Book  Google Scholar 

  38. Li, H., Tang, Y., Que, Z., & Zhang, J. (2022). FPGA accelerated post-quantum cryptography. IEEE Transactions on Nanotechnology, 21, 685–691.

    Article  Google Scholar 

  39. Luo, Y., Gongye, C., Fei, Y., & Xu, X. (2021). DeepStrike: Remotely-guided fault injection attacks on DNN accelerator in cloud-FPGA. In 58th ACM/IEEE design automation conference (DAC) (pp. 295–300). San Francisco, CA, USA.

    Google Scholar 

  40. Luo, Y., & Xu, X. (2020). A quantitative defense framework against power attacks on multi-tenant FPGA. In Proceedings of the 39th international conference on computer-aided design (pp. 1–9). ACM, New York.

    Book  Google Scholar 

  41. Mahmoud, D., & Stojilović, M. (2019). Timing violation induced faults in multi-tenant FPGAs. In Design, automation and test in europe conference and exhibition (DATE) (pp. 1745–50). IEEE, Florence.

    Google Scholar 

  42. Mahmoud, D. G., Dervishi, D., Hussein, S., Lenders, V., & Stojilović, M. (2022). DFAulted: Analyzing and exploiting CPU software faults caused by FPGA-driven undervolting attacks. IEEE Access, 10(134), 199–216.

    Google Scholar 

  43. Mahmoud, D. G., Hu, W., & Stojilović, M. (2020). X-attack: Remote activation of satisfiability don’t-care hardware Trojans on shared FPGAs. In Proceedings of the 30th international conference on field-programmable logic and applications (FPL) (pp. 185–92). IEEE, Gothenburg.

    Google Scholar 

  44. Mahmoud, D. G., Hussein, S., Lenders, V., & Stojilović, M. (2022). FPGA-to-CPU undervolting attacks. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 999–1004). IEEE, Virtual Event.

    Google Scholar 

  45. Mahmoud, D. G., Lenders, V., & Stojilović, M. (2022). Electrical-level attacks on CPUs, FPGAs, and GPUs: Survey and implications in the heterogeneous era. ACM Computing Surveys, 55(3), 1–40.

    Article  Google Scholar 

  46. Mangard, S., Oswald, E., & Popp, T. (2007). Power analysis attacks—revealing the secrets of smart cards. Springer, New York.

    Google Scholar 

  47. Martín, H., Korak, T., Millán, E. S., & Hutter, M. (2015). Fault attacks on STRNGs: Impact of glitches, temperature, and underpowering on randomness. IEEE Transactions on Information Forensics and Security, 10(2), 266–277.

    Article  Google Scholar 

  48. Matas, K., La, T. M., Pham, K. D., & Koch, D. (2020). Power-hammering through glitch amplification—attacks and mitigation. In 28th annual international symposium on field-programmable custom computing machines (FCCM) (pp. 65–69). IEEE, Fayetteville.

    Google Scholar 

  49. Mirzargar, S. S., Renault, G., Guerrieri, A., & Stojilović, M. (2020). Nonintrusive and adaptive monitoring for locating voltage attacks in virtualized FPGAs. In IEEE international conference on field programmable technology (FPT) (pp. 1–2). IEEE, Maui.

    Google Scholar 

  50. Moini, S., Deric, A., Li, X., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2022). Voltage sensor implementations for remote power attacks on FPGAs. ACM Transactions on Reconfigurable Technology and Systems, 16(1), 1–21.

    Article  Google Scholar 

  51. Moini, S., Li, X., Stanwicks, P., Provelengios, G., Burleson, W., Tessier, R., & Holcomb, D. (2020). Understanding and comparing the capabilities of on-chip voltage sensors against remote power attacks on FPGAs. In 63rd International midwest symposium on circuits and systems (MWSCAS) (pp. 941–44). IEEE, Springfield.

    Google Scholar 

  52. Moini, S., Tian, S., Holcomb, D., Szefer, J., & Tessier, R. (2021). Remote power side-channel attacks on BNN accelerators in FPGAs. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 1639–44). IEEE.

    Google Scholar 

  53. Nassar, H., AlZughbi, H., Gnad, D. R. E., Bauer, L., Tahoori, M. B., & Henkel, J. (2021). LoopBreaker: Disabling interconnects to mitigate voltage-based attacks in multi-tenant FPGAs. In 2021 IEEE/ACM international conference on computer aided design (ICCAD) (pp. 1–9). Munich, Germany.

    Google Scholar 

  54. Örs, S. B., Oswald, E., & Preneel, B. (2003). Power-analysis attacks on an FPGA—first experimental results. In Conference on cryptographic hardware and embedded systems (CHES) (pp. 35–50). Springer, Cologne.

    Book  Google Scholar 

  55. Papagiannopoulos, K., Glamočanin, O., Azouaoui, M., Ros, D., Regazzoni, F., & Stojilović, M. (2023). The side-channel metrics cheat sheet. ACM Computing Surveys, 55(10), 1–38.

    Article  Google Scholar 

  56. Provelengios, G., Holcomb, D., & Tessier, R. (2019). Characterizing power distribution attacks in multi-user FPGA environments. In Proceedings of the 29th international conference on field-programmable logic and applications (FPL) (pp. 194–201). IEEE, Barcelona.

    Google Scholar 

  57. Provelengios, G., Holcomb, D., & Tessier, R. (2020). Power wasting circuits for cloud FPGA attacks. In Proceedings of the 30th international conference on field-programmable logic and applications (FPL) (pp. 231–35). IEEE, Gothenburg.

    Google Scholar 

  58. Regazzoni, F., Yi, W., & Standaert, F. X. (2011). FPGA implementations of the AES masked against power analysis attacks. In Proceedings of 2nd international workshop on constructive side-channel analysis and secure design (COSADE) (pp. 1–11). Darmstadt, Germany.

    Google Scholar 

  59. Rodgers, J. L., & Nicewander, W. A. (1988). Thirteen ways to look at the correlation coefficient. The American Statistician, 42(1), 59–66.

    Article  Google Scholar 

  60. Salman, E., Dasdan, A., Taraporevala, F., Kucukcakar, K., & Friedman, E. G. (2007). Exploiting setup-hold-time interdependence in static timing analysis. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 26(6), 1114–1125.

    Article  Google Scholar 

  61. SAKURA-X side-channel evaluation board. (2021). https://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-X.html.

  62. Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). An inside job: Remote power analysis attacks on FPGAs. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 1111–1116). IEEE, Dresden.

    Google Scholar 

  63. Schellenberg, F., Gnad, D. R. E., Moradi, A., & Tahoori, M. B. (2018). Remote inter-chip power analysis side-channel attacks at board-level. In 2018 IEEE/ACM international conference on computer-aided design (ICCAD) (pp. 114:1–114:7). New York.

    Google Scholar 

  64. Shawahna, A., Sait, S. M., & El-Maleh, A. (2019). FPGA-based accelerators of deep learning networks for learning and classification: A review. IEEE Access, 7, 7823–7859.

    Article  Google Scholar 

  65. Spielmann, D., Glamočanin, O., & Stojilović, M. (2023). RDS: FPGA routing delay sensors for effective remote power analysis attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(2), 543–67.

    Google Scholar 

  66. Tian, S., Moini, S., Wolnikowski, A., Holcomb, D., Tessier, R., & Szefer, J. (2021). Remote power attacks on the versatile tensor accelerator in multi-tenant FPGAs. In Proceedings of the international symposium on field-programmable custom computing machines (FCCM).

    Google Scholar 

  67. Tiri, K., & Verbauwhede, I. (2004). A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In Design, automation and test in Europe conference and exhibition (DATE) (pp. 246–51). Paris, France.

    Book  Google Scholar 

  68. Wu, J. (2010). Several key issues on implementing delay line based TDCs using FPGAs. IEEE Transactions on Nuclear Science, 57(3), 1543–1548.

    Article  MathSciNet  Google Scholar 

  69. Xilinx. (2017). UltraScale architecture configurable logic block user guide (UG574). https://docs.xilinx.com/v/u/en-US/ug574-ultrascale-clb.

  70. Yeap, G. K. (2012). Practical low power digital VLSI design. Springer Science and Business Media, Berlin.

    Google Scholar 

  71. Zhao, M., & Suh, G. E. (2018). FPGA-based remote power side-channel attacks. In 2018 IEEE symposium on security and privacy (pp. 805–820). IEEE, San Francisco.

    Book  Google Scholar 

  72. Zhu, H., Guo, X., Jin, Y., & Zhang, X. (2020). PowerScout: A security-oriented power delivery network modeling framework for cross-domain side-channel analysis. In Asian hardware oriented security and trust symposium (AsianHOST) (1–6). IEEE.

    Google Scholar 

  73. Zick, K. M., Srivastav, M., Zhang, W., & French, M. (2013). Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In Proceedings of the 21st ACM/SIGDA international symposium on field-programmable gate arrays (FPGA) (pp. 101–104). Monterey, CA, USA.

    Google Scholar 

  74. Zussa, L., Dutertre, J. M., Clédière, J., & Robisson, B. (2014). Analysis of the fault injection mechanism related to negative and positive power supply glitches using an on-chip voltmeter. In International symposium on hardware-oriented security and trust (HOST) (pp. 130–35). IEEE, Arlington.

    Google Scholar 

  75. Zynq UltraScale+ MPSoC. (2022). https://www.xilinx.com/products/silicon-devices/soc/zynq-ultrascale-mpsoc.html.

Download references

Acknowledgements

This work is partially supported by the Swiss National Science Foundation (grant No. 182428), by armasuisse Science and Technology, and by the EU Horizon 2020 Programme under grant agreement No 957269 (EVEREST).

Author information

Authors and Affiliations

  1. EPFL, Lausanne, Switzerland

    Dina G. Mahmoud, Ognjen Glamočanin & Mirjana Stojilović

  2. University of Amsterdam, Amsterdam, The Netherlands

    Francesco Regazzoni

  3. Universitä della Svizzera italiana, Lugano, Switzerland

    Francesco Regazzoni

Authors
  1. Dina G. Mahmoud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ognjen Glamočanin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francesco Regazzoni
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mirjana Stojilović
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mirjana Stojilović .

Editor information

Editors and Affiliations

  1. Yale University, New Haven, CT, USA

    Jakub Szefer

  2. University of Massachusetts Amherst, Amherst, MA, USA

    Russell Tessier

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Mahmoud, D.G., Glamočanin, O., Regazzoni, F., Stojilović, M. (2024). Practical Implementations of Remote Power Side-Channel and Fault-Injection Attacks on Multitenant FPGAs. In: Szefer, J., Tessier, R. (eds) Security of FPGA-Accelerated Cloud Computing Environments. Springer, Cham. https://doi.org/10.1007/978-3-031-45395-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-45395-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-45394-6

  • Online ISBN: 978-3-031-45395-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation