Denial-of-Service on FPGA-based Cloud Infrastructures — Attack and Defense

La, Tuan; Pham, Khoa Dang; Powell, Joseph; Koch, Dirk

doi:10.46586/tches.v2021.i3.441-464

Cited by 24 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the increase is significant enough, timing constraints may be violated, resulting in a faulty operation [34]. Various implementations of FPGA power wasters have been presented in literature [35]. Given that dynamic power consumption increases with the switching frequency, fast oscillators such as combinational ring oscillators (ROs) emerged as some of the most effective power wasters [36].…”

Section: Remote Undervolting-based Fault Injectionmentioning

confidence: 99%

X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs

Mahmoud,

Shokry,

Lenders

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Cloud computing environments increasingly provision field-programmable gate arrays (FPGAs) for their programmability and hardware-level parallelism. While FPGAs are typically used by one tenant at a time, multitenant schemes supporting spatial sharing of cloud FPGA resources have been proposed in the literature. However, the spatial multitenancy of FPGAs opens up new attack surfaces. Investigating potential security threats to multitenant FPGAs is thus essential for better understanding and eventually mitigating the security risks. This work makes a notable step forward by systematically analyzing the combined threat of FPGA power wasters and satisfiability don't-care hardware Trojans in shared cloud FPGAs. We demonstrate a successful remote undervolting attack that activates a hardware Trojan concealed within a victim FPGA design and exploits the payload. The attack is carried out entirely remotely, assuming two spatially colocated FPGA users isolated from one another. The victim user's circuit is infected with a Trojan, triggered by a pair of don't-care signals that never reach the combined trigger condition during regular operation. The adversary, targeting the exploitation of the Trojan, deploys power waster circuits to lower the supply voltage of the FPGA. The assumption is that, under the effect of the lowered voltage, don't-care signals may reach the particular state that triggers the Trojan. We name this exploit X-Attack and demonstrate its feasibility on an embedded FPGA and real-world cloud FPGA instances. Additionally, we study the effects of various attack tuning parameters on the exploit's success. Finally, we discuss potential countermeasures against this security threat and present a lightweight self-calibrating countermeasure. To the best of our knowledge, this is the first work on undervolting-based fault-injection attacks in multitenant FPGAs to demonstrate the attack on commercially available cloud FPGA instances.INDEX TERMS FPGA security, hardware Trojans, multitenancy, timing faults, remote attack I. INTRODUCTION

show abstract

Section: Remote Undervolting-based Fault Injectionmentioning

confidence: 99%

X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs

Mahmoud,

Shokry,

Lenders

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Due to the use of general-purpose segments for routing in ROs making them to different frequencies, RO-voltage sensors are less sensitive to voltage fluctuations, thus multiple instances of RO-voltage sensors were needed [GDTL19]. ROs can be detected due to their combinational loop (Amazon EC2 F1 cloud service use this feature to prohibit implementing ROs in their FPGAs) [LPPK21]. Therefore, RO-voltage sensors can be detected in FPGAs.…”

Section: Related Workmentioning

confidence: 99%

1LUTSensor: Detecting FPGA Voltage Fluctuations using LookUp Tables

Jayasinghe,

Udugama,

Parameswaran

2023

TCHES

View full text Add to dashboard Cite

Remote Power Analysis (RPA) attacks use transient voltage fluctuation side channels detected via delay sensors/ on-chip voltage sensors to reveal secret keys from cryptographic circuits. The state-of-the-art research proposed five on-chip voltage sensors for Field Programmable Gate Arrays (FPGAs). This paper proposes a novel on-chip voltage sensor, 1LUTSensor, which uses FPGA LookUp Table (LUT) structure to deduce voltage fluctuations. 1LUTSensor uses LUT multiplexers to create a run-time adjustable delay line to detect voltage fluctuations and uses dedicated paths which are fabricated signal connections and cannot be changed in the FPGA LUT to form the delay line. 1LUTSensor uses only a single LUT and a single flip-flop for the delay line to sense voltage fluctuations and uses a single tapped delay element for calibration. The output of the 1LUTSensor is a single bit. Compared to the state-of-the-art on-chip sensors, 1LUTSensor proposed in this paper is the smallest and fastest on-chip voltage sensor proposed thus far. 1LUTSensor is at least 3x smaller than the smallest on-chip sensor proposed in the literature. Compared to the state-of-the-art, the proposed 1LUTSensor can be operated at 600MHz. 1LUTSensor is evaluated using RPA attacks, and a complete secret key of an AES circuit can be extracted within 100,000 traces.

show abstract

“…Consequently, some cloud service providers, such as Amazon AWS, do not allow combinational loops in FPGA designs. As an alternative, researchers investigated power wasters free of combinational loops [26]- [28], typically less effective than ROs. In the active fence scenario, power wasters generate noise to reduce the signal-to-noise ratio (SNR); the noise must not be excessive, as the victim needs to operate correctly in its presence.…”

Section: B Power Wastersmentioning

confidence: 99%

“…When the enable signal is active, the RO oscillates at a high frequency and draws current. An enhanced version of a NAND-based RO, ERO, was later proposed by La et al and used to perform a remote DoS attack [28]. In the case of EROs, the output of one RO is connected to an unused LUT input of another nearby RO, thereby enhancing the effects of the switching activity thanks to the capacitance of the local interconnect.…”

Section: B Power Wastersmentioning

confidence: 99%

Active Wire Fences for Multitenant FPGAs

Glamočanin

Kostic

et al. 2023

2023 26th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS)

View full text Add to dashboard Cite

When spatially shared among multiple tenants, fieldprogrammable gate arrays (FPGAs) are vulnerable to remote power side-channel analysis attacks. Using carefully crafted onchip voltage sensors, adversaries can extract secrets (e.g., encryption keys or the architectural parameters of neural network accelerators) from collocated tenants. A common countermeasure against power side-channel attacks is hiding; in hiding, the goal is to introduce noise and worsen the signal-to-noise ratio visible to the attacker. In a multitenant FPGA setting, hiding countermeasures can be implemented with an active fence placed between tenants. Previous work demonstrated the effectiveness of active fences built using NAND-based ROs. We enhance the state-of-the-art active fence implementation with novel wire-based power wasters, at no increase in resource overhead. Compared to an RO-based fence, our active wire fence makes the side-channel attack considerably more difficult. When using the RO fence to protect an AES-128 cryptographic module, we recovered all the bytes of the secret key with one million sensor traces, on average. In comparison, when using our novel wire fence, more than six million traces (an improvement of at least 6×) were required to recover all the bits of the secret key.

show abstract

Denial-of-Service on FPGA-based Cloud Infrastructures — Attack and Defense

Cited by 24 publications

References 19 publications

X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs

X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs

1LUTSensor: Detecting FPGA Voltage Fluctuations using LookUp Tables

Active Wire Fences for Multitenant FPGAs

Contact Info

Product

Resources

About