C<sup>3</sup>APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

Giechaskiel, Ilias; Rasmussen, Kasper; Szefer, Jakub

doi:10.1109/sp40000.2020.00070

Cited by 44 publications

(14 citation statements)

References 38 publications

(54 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cloud systems share FPGAs across processors and accelerators, and can be exploited for remote power measurement. 4 In multicore systems, the hierarchical power management policies can be abused to act as power covert channels between cores.…”

Section: Physical Side Channelsmentioning

confidence: 99%

“…These attacks can steal information like the identity of the running applications, keystrokes typed, and browser data accessed. This threat model covers the majority of attacks described earlier (e.g., the work of Lifshits et al, 1 Shao et al, 3 Giechaskiel et al, 4 and Masti et al 6 ), except for those attacks identifying encryption keys. 7 The latter attacks are harder to mount, and typically need more detailed knowledge of the cryptosystem being attacked.…”

Section: Threat Modelmentioning

confidence: 99%

“…They can also use hardware methods, such as direct probing, antennas, indirect measurement by tapping electrical outlets and power supply networks, trojan chips, field-programmable gate arrays (FPGAs), and circuits. 3,4 Since most of these techniques simply collect measurements, they cause little interference in the target computer and are hard to detect.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Maya: Using Formal Control to Obfuscate Power Side Channels

Pothukuchi

Voulgaris

et al. 2022

IEEE Micro

View full text Add to dashboard Cite

Section: Physical Side Channelsmentioning

confidence: 99%

Section: Threat Modelmentioning

confidence: 99%

See 1 more Smart Citation

Maya: Using Formal Control to Obfuscate Power Side Channels

Pothukuchi

Voulgaris

et al. 2022

IEEE Micro

View full text Add to dashboard Cite

“…In a typical RPA attack, the attacker has to rely on covert communication channels for communicating with the on-chip sensor. Covert communication channels in general can only support lower bandwidths [GRS20] and therefore, it is crucial for the attacker to devise an on-chip sensor that demands minimum communication bandwidth.…”

Section: Introductionmentioning

confidence: 99%

Power to Pulse Width Modulation Sensor for Remote Power Analysis Attacks

Udugama

Jayasinghe²,

Saadat³

et al. 2022

TCHES

View full text Add to dashboard Cite

Field-programmable gate arrays (FPGAs) deployed on commercial cloud services are increasingly gaining popularity due to the cost and compute benefits offered by them. Recent studies have discovered security threats than can be launched remotely on FPGAs that share the logic fabric between trusted and untrusted parties, posing a danger to designs deployed on cloud FPGAs. With remote power analysis (RPA) attacks, an attacker aims to deduce secret information present on a remote FPGA by deploying an on-chip sensor on the FPGA logic fabric. Information captured with the on-chip sensor is transferred off the chip for analysis and existing on-chip sensors demand a significant amount of bandwidth for this task as a result of their wider output bit width. However, attackers are often left with the only option of using a covert communication channel and the bandwidth of such channels is generally limited. This paper proposes a novel area-efficient on-chip power sensor named PPWM that integrates a logic design outputting a pulse whose width is modulated by the power consumption of the FPGA. This pulse is used to clear a flip-flop selectively and asynchronously, and the single-bit output of the flip-flop is used to perform an RPA attack. This paper demonstrates the possibility of successfully recovering a 128-bit Advanced Encryption Standard (AES) key within 16,000 power traces while consuming just 25% of the bandwidth when compared to the state of the art. Moreover, this paper assesses the threat posed by the proposed PPWM to remote FPGAs including those that are deployed on cloud services.

show abstract

“…A covert communication can also be established via the power management units, which control voltage level and operating frequency. A covert channel attack among FPGAs, CPUs, and GPUs that are connected to the same power supply unit is proposed in [10]. By modulating the core frequency with dynamic frequency scaling (DFS) technique, a covert channel has been created in a multi-core platform [11].…”

Section: Introductionmentioning

confidence: 99%

Modeling and Analysis of Switched-Capacitor Converters as a Multi-port Network for Covert Communication

Mustafa,

Köse

2021

Preprint

View full text Add to dashboard Cite

Switched-capacitor (SC) DC-DC voltage converters are widely used in power delivery and management of modern integrated circuits. Connected to a common supply voltage, SC converters exhibit cross-regulation/coupling effects among loads connected to different SC converter stages due to the shared components such as switches, capacitors, and parasitic elements. The coupling effects between SC converter stages can potentially be used in covert communication, where two or more entities (e.g., loads) illegitimately establish a communication channel to exchange malicious information stealthily. To qualitatively analyze the coupling effects, a novel modeling technique is proposed based on the multi-port network theory. The fast and slow switching limit (FSL and SSL) equivalent resistance concepts are used to analytically determine the impact of each design parameter such as switch resistance, flying capacitance, switching frequency, and parasitic resistance. A three-stage 2:1 SC converter supplying three different loads is considered as a case study to verify the proposed modeling technique.

show abstract

C³APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

Cited by 44 publications

References 38 publications

Maya: Using Formal Control to Obfuscate Power Side Channels

Maya: Using Formal Control to Obfuscate Power Side Channels

Power to Pulse Width Modulation Sensor for Remote Power Analysis Attacks

Modeling and Analysis of Switched-Capacitor Converters as a Multi-port Network for Covert Communication

Contact Info

Product

Resources

About

C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage

Cited by 44 publications

References 38 publications

Maya: Using Formal Control to Obfuscate Power Side Channels

Maya: Using Formal Control to Obfuscate Power Side Channels

Power to Pulse Width Modulation Sensor for Remote Power Analysis Attacks

Modeling and Analysis of Switched-Capacitor Converters as a Multi-port Network for Covert Communication

Contact Info

Product

Resources

About

C³APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage