FPGAD
            <scp>efender</scp>

La, Tuan; Matas, Kaspar; Grunchevski, Nikola; Pham, Khoa Dang; Koch, Dirk

doi:10.1145/3402937

Cited by 63 publications

(11 citation statements)

References 55 publications

(89 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Today, the security community strongly recommends validating the vulnerabilities on the cloud, where the PDN is more robust [25]. In comparison, DoS and side-channel attacks have been experimentally validated on the Amazon AWS cloud instances equipped with AMD FPGAs [26], [27]. In this manuscript, X-Attack 2.0, we extend our previous publication with experiments targeting an actual cloud instance.…”

mentioning

confidence: 84%

“…The lower the number of inverters in an RO, the shorter the combinational path and the higher the oscillation frequency. The effectiveness of this single-stage RO can be further improved by increasing the output capacitive load (e.g., by connecting the RO output to free LUT inputs or FPGA routing wires) [26], [37]. Such power wasters use the available hardware resources better: they complement logical with routing resources.…”

Section: Remote Undervolting-based Fault Injectionmentioning

confidence: 99%

See 1 more Smart Citation

X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs

Mahmoud,

Shokry,

Lenders

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Cloud computing environments increasingly provision field-programmable gate arrays (FPGAs) for their programmability and hardware-level parallelism. While FPGAs are typically used by one tenant at a time, multitenant schemes supporting spatial sharing of cloud FPGA resources have been proposed in the literature. However, the spatial multitenancy of FPGAs opens up new attack surfaces. Investigating potential security threats to multitenant FPGAs is thus essential for better understanding and eventually mitigating the security risks. This work makes a notable step forward by systematically analyzing the combined threat of FPGA power wasters and satisfiability don't-care hardware Trojans in shared cloud FPGAs. We demonstrate a successful remote undervolting attack that activates a hardware Trojan concealed within a victim FPGA design and exploits the payload. The attack is carried out entirely remotely, assuming two spatially colocated FPGA users isolated from one another. The victim user's circuit is infected with a Trojan, triggered by a pair of don't-care signals that never reach the combined trigger condition during regular operation. The adversary, targeting the exploitation of the Trojan, deploys power waster circuits to lower the supply voltage of the FPGA. The assumption is that, under the effect of the lowered voltage, don't-care signals may reach the particular state that triggers the Trojan. We name this exploit X-Attack and demonstrate its feasibility on an embedded FPGA and real-world cloud FPGA instances. Additionally, we study the effects of various attack tuning parameters on the exploit's success. Finally, we discuss potential countermeasures against this security threat and present a lightweight self-calibrating countermeasure. To the best of our knowledge, this is the first work on undervolting-based fault-injection attacks in multitenant FPGAs to demonstrate the attack on commercially available cloud FPGA instances.INDEX TERMS FPGA security, hardware Trojans, multitenancy, timing faults, remote attack I. INTRODUCTION

show abstract

mentioning

confidence: 84%

Section: Remote Undervolting-based Fault Injectionmentioning

confidence: 99%

X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAs

Mahmoud,

Shokry,

Lenders

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Unlike CPUs, FPGAs do not usually have DVFS interfaces. However, using the low-level programmability of FPGAs, researchers have demonstrated how to design and deploy a variety of designs to consume significant amounts of power [6], [7], [13], [14]. The high power consumption results in a voltage drop, which can inject faults, or even reset the entire board [6].…”

Section: B Fpga-based Attacksmentioning

confidence: 99%

“…Alternative power-wasting designs do not draw as much power, but are suitable for attacks on the cloud FPGAs (as combinational ROs can be detected and are not allowed on, e.g., Amazon EC2 F1 instances [15]). These designs make use of CARRY primitives, registers, and long wires [7], [14].…”

Section: B Fpga-based Attacksmentioning

confidence: 99%

See 1 more Smart Citation

FPGA-to-CPU Undervolting Attacks

Mahmoud

Hussein

Lenders³

et al. 2022

2022 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

View full text Add to dashboard Cite

FPGAs are proving useful and attractive for many applications, thanks to their hardware reconfigurability, low power, and high-degree of parallelism. As a result, modern embedded systems are often based on systems-on-chip (SoCs), where CPUs and FPGAs share the same die. In this paper, we demonstrate the first undervolting attack in which the FPGA acts as an aggressor while the CPU, residing on the same SoC, is the victim. We show that an adversary can use the FPGA fabric to create a significant supply voltage drop which, in turn, faults the software computation performed by the CPU. Additionally, we show that an attacker can, with an even higher success rate, execute a denial-of-service attack, without any modification of the underlying hardware or the power distribution network. Our work exposes a new electrical-level attack surface, created by tight integration of CPUs and FPGAs in modern SoCs, and incites future research on countermeasures.

show abstract