Power-hammering through Glitch Amplification – Attacks and Mitigation

Matas, Kaspar; La, Tuan; Pham, Khoa Dang; Koch, Dirk

doi:10.1109/fccm48280.2020.00018

Cited by 27 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unlike CPUs, FPGAs do not usually have DVFS interfaces. However, using the low-level programmability of FPGAs, researchers have demonstrated how to design and deploy a variety of designs to consume significant amounts of power [6], [7], [13], [14]. The high power consumption results in a voltage drop, which can inject faults, or even reset the entire board [6].…”

Section: B Fpga-based Attacksmentioning

confidence: 99%

“…About the same time, FPGA researchers have found that programming FPGAs with so-called power-wasting circuits, which draw considerable current, can produce notable fluctuations of the supply voltage. The resulting voltage drop may then be leveraged by an adversary to reset the target system [6], [7], or, if carefully controlled, to inject computational faults in the host FPGA [8]- [10].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

FPGA-to-CPU Undervolting Attacks

Mahmoud

Hussein

Lenders³

et al. 2022

2022 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

View full text Add to dashboard Cite

FPGAs are proving useful and attractive for many applications, thanks to their hardware reconfigurability, low power, and high-degree of parallelism. As a result, modern embedded systems are often based on systems-on-chip (SoCs), where CPUs and FPGAs share the same die. In this paper, we demonstrate the first undervolting attack in which the FPGA acts as an aggressor while the CPU, residing on the same SoC, is the victim. We show that an adversary can use the FPGA fabric to create a significant supply voltage drop which, in turn, faults the software computation performed by the CPU. Additionally, we show that an attacker can, with an even higher success rate, execute a denial-of-service attack, without any modification of the underlying hardware or the power distribution network. Our work exposes a new electrical-level attack surface, created by tight integration of CPUs and FPGAs in modern SoCs, and incites future research on countermeasures.

show abstract

Section: B Fpga-based Attacksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

FPGA-to-CPU Undervolting Attacks

Mahmoud

Hussein

Lenders³

et al. 2022

2022 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

View full text Add to dashboard Cite

show abstract

“…In [LMG + 20] and [MLPK20], the open-source FPGA virus-scanner framework FPGADefender for Xilinx UltraScale+ devices was introduced. The framework retrieves the netlist from a bitstream (via an academic tool BitMan [PHK17]) and scans for a set of pre-defined virus signatures (i.e.…”

Section: Netlist/bitstream Scanning Mechanismsmentioning

confidence: 99%

“…Glitches in an FPGA design can be created through carefully designed combinatorial logic and its physical implementation. For example, a 6-input XOR can create 6 glitches in a clock cycle leading to a corresponding high dynamic power consumption [MLPK20]. The work in [MLPK20] showed that the vendor power estimator cannot reliably detect power-hammering created through glitch amplification.…”

Section: Fpgamentioning

confidence: 99%

Denial-of-Service on FPGA-based Cloud Infrastructures — Attack and Defense

Pham

Powell

et al. 2021

TCHES

Self Cite

View full text Add to dashboard Cite

This paper presents attacks targeting the FPGAs of AWS F1 instances at the electrical level through power-hammering, where excessive dynamic power is used to crash FPGA instances. We demonstrate different power-hammering attacks that pass all AWS security fences implemented on F1 instances, including the FPGA vendor design rule checks. In addition, we fingerprint the FPGA instances to observe the responsiveness of the instances, which indicates a successful denial-of-service attack. Most importantly, we provide an FPGA virus scanner framework, which was improved to support large datacenter FPGAs for preventing such attacks, including virtually all currently demonstrated side-channel attacks. Our experiments showed that an AWS F1 instance crashes immediately by starting an FPGA design demanding 369W. By using FPGA-fingerprinting, we found that crashed instances are unavailable for about one to over 200 hours.

show abstract

“…Glitches can be amplified through XOR gates [15], which has the property that any change at the input causes a change at the output. Therefore by adjusting routing delays, it is possible to physically implement an oscillator where the same source of a toggle flip-flop is routed to an XOR with different delays to create glitches that, in turn, are fed back to the toggle flip-flop for creating self-oscillation (Figure 2d).…”

Section: Cloud Fpga Security Threatsmentioning

confidence: 99%

Securing FPGA Accelerators at the Electrical Level for Multi-tenant Platforms

Matas

Pham

et al. 2020

2020 30th International Conference on Field-Programmable Logic and Applications (FPL)

Self Cite

View full text Add to dashboard Cite

As FPGAs are now offered on the cloud, this exposes many potential security issues. This PhD project investigates current security issues and challenges when deploying FPGAs in the cloud as well as using FPGAs in a multi-tenancy scenario. By addressing practical threats, and most importantly, proposing feasible countermeasures, this paper shows preliminary results on protecting FPGAs for multi-tenant scenarios.

show abstract

Power-hammering through Glitch Amplification – Attacks and Mitigation

Cited by 27 publications

References 19 publications

FPGA-to-CPU Undervolting Attacks

FPGA-to-CPU Undervolting Attacks

Denial-of-Service on FPGA-based Cloud Infrastructures — Attack and Defense

Securing FPGA Accelerators at the Electrical Level for Multi-tenant Platforms

Contact Info

Product

Resources

About