[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article

Mitigating Electrical-level Attacks towards Secure Multi-Tenant FPGAs in the Cloud

Published: 13 August 2019 Publication History

Abstract

A rising trend is the use of multi-tenant FPGAs, particularly in cloud environments, where partial access to the hardware is given to multiple third parties. This leads to new types of attacks in FPGAs, which operate not only on the logic level, but also on the electrical level through the common power delivery network. Since FPGAs are configured from the software-side, attackers are enabled to launch hardware attacks from software, impacting the security of an entire system. In this article, we show the first attempt of a countermeasure against attacks on the electrical level, which is based on a bitstream checking methodology. Bitstreams are translated back into flat technology mapped netlists, which are then checked for properties that indicate potential malicious runtime behavior of FPGA logic. Our approach can provide a metric of potential risk of the FPGA bitstream being used in active fault or passive side-channel attacks against other users of the FPGA fabric or the entire SoC platform.

References

[1]
Chipworks. 2014. Inside the Samsung Galaxy S5. Retrieved from: https://www.chipworks.com/ko/node/126.
[2]
iFixit. 2015. Pebble Time Teardown. Retrieved from: https://www.ifixit.com/Teardown/Pebble+Time+Teardown/42382.
[3]
Amazon Web Services (AWS). 2018. Amazon EC2 F1 Instances. Retrieved from: https://aws.amazon.com/ec2/instance-types/f1/.
[4]
LWN.net. 2018. FPGA Device Feature List (DFL) Device Drivers. Retrieved from: https://lwn.net/Articles/757283/.
[5]
Alibaba Cloud. 2018. Instance type families—Alibaba Cloud Documentation Center. Retrieved from: https://www.alibabacloud.com/help/doc-detail/25378.html.
[6]
OpenCores. 2018. OpenCores—The Reference Community for Free and Open Source Gateware IP cores. Retrieved from: https://opencores.org/.
[7]
Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2002. The EM side-channel(s). In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 29--45.
[8]
C. Albrecht. 2005. IWLS 2005 Benchmarks. Technical Report. Cadence Berkeley Labs.
[9]
Victor M. Alvarez. 2018. YARA—The pattern matching swiss knife for malware researchers. Retrieved from: http://virustotal.github.io/yara/.
[10]
Karim Arabi, Resve Saleh, and Xiongfei Meng. 2007. Power supply noise in SoCs: Metrics, management, and measurement. IEEE Des. Test. Comput. 24, 3 (Aug. 2007), 236--244.
[11]
Mathieu Bastian, Sebastien Heymann, and Mathieu Jacomy. 2009. Gephi: An Open Source Software for Exploring and Manipulating Networks. Retrieved from: https://www.aaai.org/ocs/index.php/ICWSM/09/paper/view/154.
[12]
C. Beckhoff, D. Koch, and J. Torresen. 2010. Short-circuits on FPGAs caused by partial runtime reconfiguration. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’10). IEEE, 596--601.
[13]
S. Bhunia, M. Abramovici, D. Agrawal, P. Bradley, M. S. Hsiao, J. Plusquellic, and M. Tehranipoor. 2013. Protection against hardware Trojan attacks: Towards a comprehensive solution. IEEE Des. Test 30, 3 (June 2013), 6--17.
[14]
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults. In Proceedings of the International Conference on Advances in Cryptology (EUROCRYPT’97). Springer, 37--51.
[15]
F. Brglez, D. Bryan, and K. Kozminski. 1989. Combinational profiles of sequential benchmark circuits. In Proceedings of the IEEE International Symposium on Circuits and Systems. 1929--1934.
[16]
F. Brglez and H. Fujiwara. 1985. A neutral netlist of 10 combinational benchmark circuits and a target translator in Fortran. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS’85). IEEE Press, Piscataway, NJ, 677--692.
[17]
Stuart Byma, J. Gregory Steffan, Hadi Bannazadeh, Alberto Leon Garcia, and Paul Chow. 2014. FPGAs in the cloud: Booting virtualized hardware accelerators with OpenStack. In Proceedings of the International Conference on Field-Programmable Custom Computing Machines (FCCM’14). IEEE, 109--116.
[18]
Clifford Wolf and Mathias Lasser. 2015. Project IceStorm. Retrieved from: http://www.clifford.at/icestorm/.
[19]
Cobham Gaisler. 2019. LEON3 Processor. Retrieved from: https://www.gaisler.com/index.php/products/processors/leon3.
[20]
Jason Cong, Mohammad Ali Ghodrat, Michael Gill, Beayna Grigorian, and Glenn Reinman. 2012. Architecture support for accelerator-rich CMPs. In Proceedings of the Design Automation Conference (DAC’12). IEEE, 843--849.
[21]
D. Corbett. 2012. The Xilinx Isolation Design Flow for Fault-Tolerant Systems. Retrieved from: https://www.xilinx.com/support/documentation/white_papers/wp412_IDF_for_Fault_Tolerant_Sys.pdf.
[22]
F. Corno, M. S. Reorda, and G. Squillero. 2000. RT-level ITC’99 benchmarks and first ATPG results. IEEE Des. Test Comput. 17, 3 (July 2000), 44--53.
[23]
Alexander Czutro, Matthias Sauer, Ilia Polian, and Bernd Becker. 2012. Multi-conditional SAT-ATPG for power-droop testing. In Proceedings of the 17th IEEE European Test Symposium (ETS’12). IEEE.
[24]
S. Das, P. Whatmough, and D. Bull. 2015. Modeling and characterization of the system-level power delivery network for a dual-core ARM Cortex-A57 cluster in 28nm CMOS. In Proceedings of the International Symposium on Low Power Electronics and Design. 146--151.
[25]
Ken Eguro and Ramarathnam Venkatesan. 2012. FPGAs for trusted cloud computing. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’12). IEEE, 63--70.
[26]
Suhaib A. Fahmy, Kizheppatt Vipin, and Shanker Shreejith. 2015. Virtualized FPGA accelerators for efficient cloud computing. In Proceedings of the International Conference on Cloud Computing (CloudCom’15). IEEE, 430--435.
[27]
Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Matthias Wilhelm, Tobias Weidlich, Russell Tessier, and Christof Paar. 2018. HAL—The missing piece of the puzzle for hardware reverse engineering, Trojan detection and insertion. IEEE Trans. Depend. Secure Comput. 16, 3 (2018), 498--510.
[28]
Emden R. Gansner and Stephen C. North. 2000. An open graph visualization system and its applications to software engineering. Softw.—Pract. Exper. 30, 11 (2000), 1203--1233.
[29]
Ilias Giechaskiel, Kasper B. Rasmussen, and Ken Eguro. 2018. Leaky wires: Information leakage and covert communication between FPGA long wires. In Proceedings of the Asia Conference on Computer and Communications Security (ASIACCS’18). 15--27.
[30]
D. R. E. Gnad, F. Oboril, and M. B. Tahoori. 2017. Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’17). IEEE, 4--8.
[31]
D. R. E. Gnad, S. Rapp, J. Krautter, and M. B. Tahoori. 2018. Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In Proceedings of the International Conference on Field-Programmable Technology (FPT’18).
[32]
Ilija Hadžić, Sanjay Udani, and Jonathan M. Smith. 1999. FPGA viruses. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’99), Patrick Lysaght, James Irvine, and Reiner Hartenstein (Eds.). Springer, 291--300.
[33]
K. A. Hawick and H. A. James. 2008. Enumerating circuits and loops in graphs with self-arcs and multiple-arcs. In Proceedings of the International Conference on Foundations of Computer Science (FCS’08). CSREA, 14--20.
[34]
Ted Huffmire, Brett Brotherton, Gang Wang, Timothy Sherwood, Ryan Kastner, Timothy E. Levin, Thuy D. Nguyen, and Cynthia E. Irvine. 2007. Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems. In Proceedings of the Symposium on Security and Privacy (S8P’07). IEEE, 281--295.
[35]
Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the Conference on Advances in Cryptology (CRYPTO’99). Springer, 388--397.
[36]
J. Krautter, D. R. E. Gnad, and M. B. Tahoori. 2018. FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Trans. Crypto. Hardw. Embedd. Syst. 3 (2018).
[37]
Jason Luu, Nooruddin Ahmed, Kenneth B. Kent, Jason Anderson, Jonathan Rose, Vaughn Betz, Jeffrey Goeders, Michael Wainberg, Andrew Somerville, Thien Yu, Konstantin Nasartschuk, Miad Nasr, Sen Wang, and Tim Liu. 2014. VTR 7.0. ACM Trans. Reconfig. Technol. Syst. 7, 2 (July 2014), 1--30.
[38]
A. L. Masle and W. Luk. 2012. Detecting power attacks on reconfigurable hardware. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’12). IEEE, 14--19.
[39]
A. V. Mezhiba and E. G. Friedman. 2004. Scaling trends of on-chip power distribution noise. Trans. VLSI Syst. 12, 4 (Apr. 2004), 386--394.
[40]
Enys Mones, Lilla Vicsek, and Tamás Vicsek. 2012. Hierarchy measure for complex networks. PLoS ONE 7, 3 (Mar. 2012), e33799.
[41]
Tiago P. Peixoto. 2014. The graph-tool python library. figshare.
[42]
Chethan Ramesh, Shivukumar B. Patil, Siva Nishok Dhanuskodi, George Provelengios, Sebastien Pillement, Daniel Holcomb, and Russell Tessier. 2018. FPGA side channel attacks without physical access. In Proceedings of the International Symposium on Field-Programmable Custom Computing Machines.
[43]
Jonathan Rose, Jason Luu, Chi Wai Yu, Opal Densmore, Jeffrey Goeders, Andrew Somerville, Kenneth B. Kent, Peter Jamieson, and Jason Anderson. 2012. The VTR project. In Proceedings of the ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA’12). ACM Press.
[44]
F. Schellenberg, D. R. E. Gnad, A. Moradi, and M. B. Tahoori. 2018. An inside job: Remote power analysis attacks on FPGAs. In Proceedings of the Conference on Design, Automation 8 Test in Europe (DATE’18). IEEE.
[45]
Li Shang, Alireza S. Kaviani, and Kusuma Bathala. 2002. Dynamic power consumption in Virtex™-II FPGA family. In Proceedings of the 10th ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA’02). ACM Press.
[46]
SpinalHDL contributors. 2019. An FPGA Friendly 32 bit RISC-V CPU implementation. Retrieved from: https://github.com/SpinalHDL/VexRiscv.
[47]
Tilmann Stöhr, Markus Alt, Asmus Hetzel, and Jürgen Koehl. 1998. Analysis, reduction and avoidance of crosstalk on VLSI chips. In Proceedings of the International Symposium on Physical Design (ISPD’98). ACM, New York, NY, 211--218.
[48]
Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In Proceedings of the USENIX Security Symposium.
[49]
M. Tehranipoor and F. Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Des. Test. Comput. 27, 1 (Jan. 2010), 10--25.
[50]
Clifford Wolf. 2013. Yosys Open SYnthesis Suite. Retrieved from: http://www.clifford.at/yosys/.
[51]
Mark Zhao and G. Edward Suh. 2018. FPGA-based remote power side-channel attacks. In Proceedings of the Symposium on Security and Privacy (S8P’18). IEEE.
[52]
Kenneth M. Zick and John P. Hayes. 2012. Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Trans. Reconfig. Technol. Syst. 5, 1, Article 1 (Mar. 2012), 26 pages.
[53]
Kenneth M. Zick, Meeta Srivastav, Wei Zhang, and Matthew French. 2013. Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In Proceedings of the International Symposium on Field-Programmable Gate Arrays (FPGA’13). ACM, 101--104.

Cited By

View all
  • (2024)Natural Language Processing for Hardware Security: Case of Hardware Trojan Detection in FPGAsCryptography10.3390/cryptography80300368:3(36)Online publication date: 8-Aug-2024
  • (2024)Turn on, Tune in, and Listen up: Maximizing Side-Channel Recovery in Cross-Platform Time-to-Digital ConvertersACM Transactions on Reconfigurable Technology and Systems10.1145/366609217:3(1-30)Online publication date: 7-Jun-2024
  • (2024)Covert-channels in FPGA-enabled SmartSSDsACM Transactions on Reconfigurable Technology and Systems10.1145/363531217:2(1-23)Online publication date: 30-Apr-2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Reconfigurable Technology and Systems
ACM Transactions on Reconfigurable Technology and Systems  Volume 12, Issue 3
Special Section on Security in FPGAs and Regular Articles
September 2019
150 pages
ISSN:1936-7406
EISSN:1936-7414
DOI:10.1145/3357092
  • Editor:
  • Deming Chen
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 August 2019
Accepted: 01 April 2019
Revised: 01 February 2019
Received: 01 October 2018
Published in TRETS Volume 12, Issue 3

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. FPGA
  2. bitstream
  3. countermeasure
  4. fault attack
  5. mitigation
  6. security
  7. side-channel attack

Qualifiers

  • Research-article
  • Research
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)68
  • Downloads (Last 6 weeks)4
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Natural Language Processing for Hardware Security: Case of Hardware Trojan Detection in FPGAsCryptography10.3390/cryptography80300368:3(36)Online publication date: 8-Aug-2024
  • (2024)Turn on, Tune in, and Listen up: Maximizing Side-Channel Recovery in Cross-Platform Time-to-Digital ConvertersACM Transactions on Reconfigurable Technology and Systems10.1145/366609217:3(1-30)Online publication date: 7-Jun-2024
  • (2024)Covert-channels in FPGA-enabled SmartSSDsACM Transactions on Reconfigurable Technology and Systems10.1145/363531217:2(1-23)Online publication date: 30-Apr-2024
  • (2024)On the Malicious Potential of Xilinx’s Internal Configuration Access Port (ICAP)ACM Transactions on Reconfigurable Technology and Systems10.1145/363320417:2(1-28)Online publication date: 30-Apr-2024
  • (2024)Meta-Scanner: Detecting Fault Attacks via Scanning FPGA Designs MetadataIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.344376943:11(3443-3454)Online publication date: 1-Nov-2024
  • (2024)In-Situ FPGA Fault Injection with Short-Circuits2024 IEEE Physical Assurance and Inspection of Electronics (PAINE)10.1109/PAINE62042.2024.10792722(1-7)Online publication date: 12-Nov-2024
  • (2024)Natural Language Processing Meets Hardware Trojan Detection: Automating Security of FPGAs2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI61997.2024.00151(775-778)Online publication date: 1-Jul-2024
  • (2024)MaliGNNoma: GNN-Based Malicious Circuit Classifier for Secure Cloud FPGAs2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545411(383-393)Online publication date: 6-May-2024
  • (2024)Detection of Stealthy Bitstreams in Cloud FPGAs using Graph Convolutional Networks*2024 IEEE European Test Symposium (ETS)10.1109/ETS61313.2024.10567821(1-6)Online publication date: 20-May-2024
  • (2024)Circuit Disguise: Detecting Malicious Circuits in Cloud FPGAs without IP Disclosure2024 27th Euromicro Conference on Digital System Design (DSD)10.1109/DSD64264.2024.00055(361-368)Online publication date: 28-Aug-2024
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media