Abstract
A rising trend is the use of multi-tenant FPGAs, particularly in cloud environments, where partial access to the hardware is given to multiple third parties. This leads to new types of attacks in FPGAs, which operate not only on the logic level, but also on the electrical level through the common power delivery network. Since FPGAs are configured from the software-side, attackers are enabled to launch hardware attacks from software, impacting the security of an entire system. In this article, we show the first attempt of a countermeasure against attacks on the electrical level, which is based on a bitstream checking methodology. Bitstreams are translated back into flat technology mapped netlists, which are then checked for properties that indicate potential malicious runtime behavior of FPGA logic. Our approach can provide a metric of potential risk of the FPGA bitstream being used in active fault or passive side-channel attacks against other users of the FPGA fabric or the entire SoC platform.
- Chipworks. 2014. Inside the Samsung Galaxy S5. Retrieved from: https://www.chipworks.com/ko/node/126.Google Scholar
- iFixit. 2015. Pebble Time Teardown. Retrieved from: https://www.ifixit.com/Teardown/Pebble+Time+Teardown/42382.Google Scholar
- Amazon Web Services (AWS). 2018. Amazon EC2 F1 Instances. Retrieved from: https://aws.amazon.com/ec2/instance-types/f1/.Google Scholar
- LWN.net. 2018. FPGA Device Feature List (DFL) Device Drivers. Retrieved from: https://lwn.net/Articles/757283/.Google Scholar
- Alibaba Cloud. 2018. Instance type families—Alibaba Cloud Documentation Center. Retrieved from: https://www.alibabacloud.com/help/doc-detail/25378.html.Google Scholar
- OpenCores. 2018. OpenCores—The Reference Community for Free and Open Source Gateware IP cores. Retrieved from: https://opencores.org/.Google Scholar
- Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2002. The EM side-channel(s). In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 29--45. Google Scholar
Digital Library
- C. Albrecht. 2005. IWLS 2005 Benchmarks. Technical Report. Cadence Berkeley Labs.Google Scholar
- Victor M. Alvarez. 2018. YARA—The pattern matching swiss knife for malware researchers. Retrieved from: http://virustotal.github.io/yara/.Google Scholar
- Karim Arabi, Resve Saleh, and Xiongfei Meng. 2007. Power supply noise in SoCs: Metrics, management, and measurement. IEEE Des. Test. Comput. 24, 3 (Aug. 2007), 236--244. Google Scholar
Digital Library
- Mathieu Bastian, Sebastien Heymann, and Mathieu Jacomy. 2009. Gephi: An Open Source Software for Exploring and Manipulating Networks. Retrieved from: https://www.aaai.org/ocs/index.php/ICWSM/09/paper/view/154.Google Scholar
- C. Beckhoff, D. Koch, and J. Torresen. 2010. Short-circuits on FPGAs caused by partial runtime reconfiguration. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’10). IEEE, 596--601. Google Scholar
Digital Library
- S. Bhunia, M. Abramovici, D. Agrawal, P. Bradley, M. S. Hsiao, J. Plusquellic, and M. Tehranipoor. 2013. Protection against hardware Trojan attacks: Towards a comprehensive solution. IEEE Des. Test 30, 3 (June 2013), 6--17.Google Scholar
Cross Ref
- Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults. In Proceedings of the International Conference on Advances in Cryptology (EUROCRYPT’97). Springer, 37--51. Google Scholar
Digital Library
- F. Brglez, D. Bryan, and K. Kozminski. 1989. Combinational profiles of sequential benchmark circuits. In Proceedings of the IEEE International Symposium on Circuits and Systems. 1929--1934.Google Scholar
- F. Brglez and H. Fujiwara. 1985. A neutral netlist of 10 combinational benchmark circuits and a target translator in Fortran. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS’85). IEEE Press, Piscataway, NJ, 677--692.Google Scholar
- Stuart Byma, J. Gregory Steffan, Hadi Bannazadeh, Alberto Leon Garcia, and Paul Chow. 2014. FPGAs in the cloud: Booting virtualized hardware accelerators with OpenStack. In Proceedings of the International Conference on Field-Programmable Custom Computing Machines (FCCM’14). IEEE, 109--116. Google Scholar
Digital Library
- Clifford Wolf and Mathias Lasser. 2015. Project IceStorm. Retrieved from: http://www.clifford.at/icestorm/.Google Scholar
- Cobham Gaisler. 2019. LEON3 Processor. Retrieved from: https://www.gaisler.com/index.php/products/processors/leon3.Google Scholar
- Jason Cong, Mohammad Ali Ghodrat, Michael Gill, Beayna Grigorian, and Glenn Reinman. 2012. Architecture support for accelerator-rich CMPs. In Proceedings of the Design Automation Conference (DAC’12). IEEE, 843--849. Google Scholar
Digital Library
- D. Corbett. 2012. The Xilinx Isolation Design Flow for Fault-Tolerant Systems. Retrieved from: https://www.xilinx.com/support/documentation/white_papers/wp412_IDF_for_Fault_Tolerant_Sys.pdf.Google Scholar
- F. Corno, M. S. Reorda, and G. Squillero. 2000. RT-level ITC’99 benchmarks and first ATPG results. IEEE Des. Test Comput. 17, 3 (July 2000), 44--53. Google Scholar
Digital Library
- Alexander Czutro, Matthias Sauer, Ilia Polian, and Bernd Becker. 2012. Multi-conditional SAT-ATPG for power-droop testing. In Proceedings of the 17th IEEE European Test Symposium (ETS’12). IEEE.Google Scholar
Cross Ref
- S. Das, P. Whatmough, and D. Bull. 2015. Modeling and characterization of the system-level power delivery network for a dual-core ARM Cortex-A57 cluster in 28nm CMOS. In Proceedings of the International Symposium on Low Power Electronics and Design. 146--151.Google Scholar
- Ken Eguro and Ramarathnam Venkatesan. 2012. FPGAs for trusted cloud computing. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’12). IEEE, 63--70.Google Scholar
Cross Ref
- Suhaib A. Fahmy, Kizheppatt Vipin, and Shanker Shreejith. 2015. Virtualized FPGA accelerators for efficient cloud computing. In Proceedings of the International Conference on Cloud Computing (CloudCom’15). IEEE, 430--435. Google Scholar
Digital Library
- Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Matthias Wilhelm, Tobias Weidlich, Russell Tessier, and Christof Paar. 2018. HAL—The missing piece of the puzzle for hardware reverse engineering, Trojan detection and insertion. IEEE Trans. Depend. Secure Comput. 16, 3 (2018), 498--510.Google Scholar
Cross Ref
- Emden R. Gansner and Stephen C. North. 2000. An open graph visualization system and its applications to software engineering. Softw.—Pract. Exper. 30, 11 (2000), 1203--1233. Google Scholar
Digital Library
- Ilias Giechaskiel, Kasper B. Rasmussen, and Ken Eguro. 2018. Leaky wires: Information leakage and covert communication between FPGA long wires. In Proceedings of the Asia Conference on Computer and Communications Security (ASIACCS’18). 15--27. Google Scholar
Digital Library
- D. R. E. Gnad, F. Oboril, and M. B. Tahoori. 2017. Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’17). IEEE, 4--8.Google Scholar
- D. R. E. Gnad, S. Rapp, J. Krautter, and M. B. Tahoori. 2018. Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In Proceedings of the International Conference on Field-Programmable Technology (FPT’18).Google Scholar
- Ilija Hadžić, Sanjay Udani, and Jonathan M. Smith. 1999. FPGA viruses. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’99), Patrick Lysaght, James Irvine, and Reiner Hartenstein (Eds.). Springer, 291--300. Google Scholar
Digital Library
- K. A. Hawick and H. A. James. 2008. Enumerating circuits and loops in graphs with self-arcs and multiple-arcs. In Proceedings of the International Conference on Foundations of Computer Science (FCS’08). CSREA, 14--20.Google Scholar
- Ted Huffmire, Brett Brotherton, Gang Wang, Timothy Sherwood, Ryan Kastner, Timothy E. Levin, Thuy D. Nguyen, and Cynthia E. Irvine. 2007. Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems. In Proceedings of the Symposium on Security and Privacy (S8P’07). IEEE, 281--295. Google Scholar
Digital Library
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the Conference on Advances in Cryptology (CRYPTO’99). Springer, 388--397.Google Scholar
Cross Ref
- J. Krautter, D. R. E. Gnad, and M. B. Tahoori. 2018. FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Trans. Crypto. Hardw. Embedd. Syst. 3 (2018).Google Scholar
- Jason Luu, Nooruddin Ahmed, Kenneth B. Kent, Jason Anderson, Jonathan Rose, Vaughn Betz, Jeffrey Goeders, Michael Wainberg, Andrew Somerville, Thien Yu, Konstantin Nasartschuk, Miad Nasr, Sen Wang, and Tim Liu. 2014. VTR 7.0. ACM Trans. Reconfig. Technol. Syst. 7, 2 (July 2014), 1--30. Google Scholar
Digital Library
- A. L. Masle and W. Luk. 2012. Detecting power attacks on reconfigurable hardware. In Proceedings of the International Conference on Field-Programmable Logic and Applications (FPL’12). IEEE, 14--19.Google Scholar
- A. V. Mezhiba and E. G. Friedman. 2004. Scaling trends of on-chip power distribution noise. Trans. VLSI Syst. 12, 4 (Apr. 2004), 386--394. Google Scholar
Digital Library
- Enys Mones, Lilla Vicsek, and Tamás Vicsek. 2012. Hierarchy measure for complex networks. PLoS ONE 7, 3 (Mar. 2012), e33799.Google Scholar
Cross Ref
- Tiago P. Peixoto. 2014. The graph-tool python library. figshare.Google Scholar
- Chethan Ramesh, Shivukumar B. Patil, Siva Nishok Dhanuskodi, George Provelengios, Sebastien Pillement, Daniel Holcomb, and Russell Tessier. 2018. FPGA side channel attacks without physical access. In Proceedings of the International Symposium on Field-Programmable Custom Computing Machines.Google Scholar
Cross Ref
- Jonathan Rose, Jason Luu, Chi Wai Yu, Opal Densmore, Jeffrey Goeders, Andrew Somerville, Kenneth B. Kent, Peter Jamieson, and Jason Anderson. 2012. The VTR project. In Proceedings of the ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA’12). ACM Press.Google Scholar
Digital Library
- F. Schellenberg, D. R. E. Gnad, A. Moradi, and M. B. Tahoori. 2018. An inside job: Remote power analysis attacks on FPGAs. In Proceedings of the Conference on Design, Automation 8 Test in Europe (DATE’18). IEEE.Google Scholar
- Li Shang, Alireza S. Kaviani, and Kusuma Bathala. 2002. Dynamic power consumption in Virtex™-II FPGA family. In Proceedings of the 10th ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA’02). ACM Press. Google Scholar
Digital Library
- SpinalHDL contributors. 2019. An FPGA Friendly 32 bit RISC-V CPU implementation. Retrieved from: https://github.com/SpinalHDL/VexRiscv.Google Scholar
- Tilmann Stöhr, Markus Alt, Asmus Hetzel, and Jürgen Koehl. 1998. Analysis, reduction and avoidance of crosstalk on VLSI chips. In Proceedings of the International Symposium on Physical Design (ISPD’98). ACM, New York, NY, 211--218. Google Scholar
Digital Library
- Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In Proceedings of the USENIX Security Symposium. Google Scholar
Digital Library
- M. Tehranipoor and F. Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Des. Test. Comput. 27, 1 (Jan. 2010), 10--25. Google Scholar
Digital Library
- Clifford Wolf. 2013. Yosys Open SYnthesis Suite. Retrieved from: http://www.clifford.at/yosys/.Google Scholar
- Mark Zhao and G. Edward Suh. 2018. FPGA-based remote power side-channel attacks. In Proceedings of the Symposium on Security and Privacy (S8P’18). IEEE.Google Scholar
- Kenneth M. Zick and John P. Hayes. 2012. Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Trans. Reconfig. Technol. Syst. 5, 1, Article 1 (Mar. 2012), 26 pages. Google Scholar
Digital Library
- Kenneth M. Zick, Meeta Srivastav, Wei Zhang, and Matthew French. 2013. Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In Proceedings of the International Symposium on Field-Programmable Gate Arrays (FPGA’13). ACM, 101--104. Google Scholar
Digital Library
Index Terms
Mitigating Electrical-level Attacks towards Secure Multi-Tenant FPGAs in the Cloud
Recommendations
FPGADefender: Malicious Self-oscillator Scanning for Xilinx UltraScale + FPGAs
Sharing configuration bitstreams rather than netlists is a very desirable feature to protect IP or to share IP without longer CAD tool processing times. Furthermore, an increasing number of systems could hugely benefit from serving multiple users on the ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Secure Protocol Implementation for Remote Bitstream Update Preventing Replay Attacks on FPGA
FPL '10: Proceedings of the 2010 International Conference on Field Programmable Logic and ApplicationsNowadays, there are lot of applications where remote update is an essential service. Indeed, in high volume sale products or space-based systems it is too expensive to retrieve the device in order to update it. Field Programmable Gate Arrays (FPGAs) are ...






Comments