Reading Between the Dies: Cross-SLR Covert Channels on Multi-Tenant Cloud FPGAs

Giechaskiel, Ilias; Rasmussen, Kasper; Szefer, Jakub

doi:10.1109/iccd46524.2019.00010

Cited by 31 publications

(17 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, we observed how the layout and organization of the larger fabric further increases the design space and thus the variation in side-channel vulnerability. Modern high-end FPGAs are often composed of multiple dies, where side-channel attacks have been shown to be still possible [GRS19]. However, those multi-die chips add another design space parameter to be considered.…”

Section: Impact Of Physical Design Parameters On Side-channel Securitymentioning

confidence: 99%

CPAmap: On the Complexity of Secure FPGA Virtualization, Multi-Tenancy, and Physical Design

Krautter

Gnad

Tahoori

2020

TCHES

View full text Add to dashboard Cite

With virtualized Field Programmable Gate Arrays (FPGAs) on the verge of being deployed to the cloud computing domain, there is a rising interest in resolving recently identified security issues. Those issues result from different trusted and untrusted entities sharing the FPGA fabric and the Power Distribution Network. Researchers were able to perform both side-channel and fault attacks between logically isolated designs on the same FPGA fabric, compromising security of cryptographic modules and other critical implementations. Side-channel attacks specifically are enabled by the vast degree of freedom given to developers when making use of the basic FPGA resources. Both ring oscillators as well as long delay lines, implemented using low-level FPGA primitives, have been shown to provide sufficient data for simple or correlation-based power analysis attacks. In order to develop new or apply known countermeasures onto designs and implementations in a virtualized multi-tenant FPGA, we seek to fully understand the underlying mechanisms and dependencies of chip-internal side-channel attacks. Although the impact of process variation and other physical design parameters on side-channel vulnerability has been investigated in previous works, remote attacks between logically isolated partitions in multi-tenant FPGAs introduce new and unique challenges. Thus, we systematically analyze the impact of physical mapping of both attacker and victim design on the success of correlation power analysis attacks on the Advanced Encryption Standard (AES). We report our findings on a Xilinx Zynq 7000-based platform, which show that the effect of global and local placement as well as routing and process variation on the success of side-channel attacks almost exceeds the impact of hiding countermeasures. This result reveals fundamental challenges in secure virtualization of FPGAs, which have been mostly ignored so far. Eventually, our results may also help vendors and hypervisors in developing zero overhead side-channel countermeasures based on adequate global and local placement of isolated designs on a multi-tenant FPGA.

show abstract

Section: Impact Of Physical Design Parameters On Side-channel Securitymentioning

confidence: 99%

CPAmap: On the Complexity of Secure FPGA Virtualization, Multi-Tenancy, and Physical Design

Krautter

Gnad

Tahoori

2020

TCHES

View full text Add to dashboard Cite

show abstract

“…To overcome this limitation, we can estimate the absolute delay difference ∆d of each RO by accounting for the clock frequency f c and the measurement period 2 t , and adapting an equation derived in previous works [9,10,20]:…”

Section: Measurement Metricmentioning

confidence: 99%

“…Instead, for static information leakage, we propose that a more fine-grained approach should be preferred which prohibits sharing any CLB resources (logic elements, or routing elements in the CLB's switch matrix), if any of the CLB's inputs are from mutually untrustworthy sources. That said, neither approach prevents information leakage due to dynamic activity when the attacker and victim are: (a) on different dies within the same chip [10], (b) different FP-GAs on the same board [23], or (c) even different boards with a shared power supply [11]. Such attacks require improvements in the voltage regulation circuits, or hiding the useful signal under artificially-introduced random noise.…”

Section: Countermeasuresmentioning

confidence: 99%

“…The potential information leakage between different users' designs can happen not only due to dynamic activity across the FPGA chip [10], but also because of short-lived static signals when parts of the designs are routed on adjacent wires in the FPGA [7-9, 20, 21]. Moreover, as we show in this paper for the first time, information leaks also occur when these signals are routed through multiplexers in the same Configurable Logic Block (CLB).…”

Section: Introductionmentioning

confidence: 99%

“…They focus broadly on two types of countermeasures. One set of proposals demands isolating different circuits through physical partitioning, e.g., [14], but physical isolation can lead to poor resource utilization, and still does not prevent information leakage due to dynamic activity, e.g., [10]. The other approaches use design rule checks (DRCs) that prevent long wires in mutually-untrusting designs from being routed next to each other [7-9, 19, 24].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations