skip to main content
research-article

Voltage Sensor Implementations for Remote Power Attacks on FPGAs

Published:22 December 2022Publication History
Skip Abstract Section

Abstract

This article presents a study of two types of on-chip FPGA voltage sensors based on ring oscillators (ROs) and time-to-digital converter (TDCs), respectively. It has previously been shown that these sensors are often used to extract side-channel information from FPGAs without physical access. The performance of the sensors is evaluated in the presence of circuits that deliberately waste power, resulting in localized voltage drops. The effects of FPGA power supply features and sensor sensitivity in detecting voltage drops in an FPGA power distribution network (PDN) are evaluated for Xilinx Artix-7, Zynq 7000, and Zynq UltraScale+ FPGAs. We show that both sensor types are able to detect supply voltage drops, and that their measurements are consistent with each other. Our findings show that TDC-based sensors are more sensitive and can detect voltage drops that are shorter in duration, while RO sensors are easier to implement because calibration is not required. Furthermore, we present a new time-interleaved TDC design that sweeps the sensor phase. The new sensor generates data that can reconstruct voltage transients on the order of tens of picoseconds.

REFERENCES

  1. [1] Alam Md Mahbub, Tajik Shahin, Ganji Fatemeh, Tehranipoor Mark, and Forte Domenic. 2019. RAM-Jam: Remote temperature and voltage fault attack on FPGAs using memory collisions. In Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC’19). 4855.Google ScholarGoogle Scholar
  2. [2] Balla Alessandro, Beretta Matteo Mario, Ciambrone Paolo, Gatta Maurizio, Gonnella Francesco, Iafolla Lorenzo, Mascolo Matteo, Messi Roberto, Moricciani Dario, and Riondino Domenico. 2014. The characterization and application of a low resource FPGA-based time to digital converter. Nuclear Instruments and Methods in Physics Research Section A: Accelerators, Spectrometers, Detectors and Associated Equipment 739 (2014), 7582.Google ScholarGoogle ScholarCross RefCross Ref
  3. [3] Boutros Andrew, Hall Mathew, Papernot Nicolas, and Betz Vaughn. 2020. Neighbors from Hell: Voltage attacks against deep learning accelerators on multi-tenant FPGAs. In 2020 International Conference on Field-Programmable Technology (ICFPT’20). IEEE, 103111.Google ScholarGoogle ScholarCross RefCross Ref
  4. [4] Inc Digilent. [n. d.]. Zybo Z7 Reference Manual. https://reference.digilentinc.com/reference/programmable-logic/zybo-z7/reference-manual.Google ScholarGoogle Scholar
  5. [5] Giechaskiel Ilias, Rasmussen Kasper, and Szefer Jakub. 2020. C3APSULe: Cross-FPGA covert-channel attacks through power supply unit leakage. In Proceedings of the IEEE Symposium on Security and Privacy (S&P’20). 17281741.Google ScholarGoogle ScholarCross RefCross Ref
  6. [6] Giechaskiel Ilias, Rasmussen Kasper Bonne, and Szefer Jakub. 2019. Measuring long wire leakage with ring oscillators in cloud FPGAs. In International Conference on Field Programmable Logic and Applications (FPL’19). 4550.Google ScholarGoogle ScholarCross RefCross Ref
  7. [7] Glamočanin Ognjen, Coulon Louis, Regazzoni Francesco, and Stojilović Mirjana. 2020. Are cloud FPGAs really vulnerable to power analysis attacks?. In Design, Automation & Test in Europe Conference & Exhibition (DATE’20). IEEE, 10071010.Google ScholarGoogle ScholarCross RefCross Ref
  8. [8] Gnad Dennis R. E., Nguyen Cong Dang Khoa, Gillani Syed Hashim, and Tahoori Mehdi B.. 2019. Voltage-based covert channels in multi-tenant FPGAs.IACR Cryptol. ePrint Arch. 2019 (2019), 1394.Google ScholarGoogle Scholar
  9. [9] Gnad Dennis R. E., Oboril Fabian, Kiamehr Saman, and Tahoori Mehdi B.. 2016. Analysis of transient voltage fluctuations in FPGAs. In International Conference on Field-Programmable Technology. 1219.Google ScholarGoogle ScholarCross RefCross Ref
  10. [10] Gnad Dennis R. E., Oboril Fabian, and Tahoori Mehdi B.. 2017. Voltage drop-based fault attacks on FPGAs using valid bitstreams. In 2017 27th International Conference on Field Programmable Logic and Applications (FPL’17). IEEE, 17.Google ScholarGoogle ScholarCross RefCross Ref
  11. [11] Khawaja Ahmed, Landgraf Joshua, Prakash Rohith, Wei Michael, Schkufza Eric, and Rossbach Christopher J.. 2018. Sharing, protection, and compatibility for reconfigurable fabric with AMORPHOS. In USENIX Symposium on Operating Systems Design and Implementation (OSDI’18). 107127.Google ScholarGoogle Scholar
  12. [12] Krautter Jonas, Gnad Dennis R. E., and Tahoori Mehdi B.. 2019. Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 12, 3 (2019), 126.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. [13] Krautter Jonas, Gnad Dennis R. E., and Tahoori Mehdi B.. 2021. Remote and stealthy fault attacks on virtualized FPGAs. In Design, Automation & Test in Europe Conference & Exhibition (DATE’21). IEEE, 16321637.Google ScholarGoogle ScholarCross RefCross Ref
  14. [14] La Tuan Minh, Matas Kaspar, Grunchevski Nikola, Pham Khoa Dang, and Koch Dirk. 2020. FPGADefender: Malicious self-oscillator scanning for Xilinx UltraScale+ FPGAs. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 13, 3 (2020), 131.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. [15] Li Xiang, Stanwicks Peter, Provelengios George, Tessier Russell, and Holcomb Daniel E.. 2020. Jitter-based adaptive true random number generation for FPGAs in the cloud. In International Conference on Field-Programmable Technology. 112119.Google ScholarGoogle ScholarCross RefCross Ref
  16. [16] Matas Kaspar, La Tuan Minh, Pham Khoa Dang, and Koch Dirk. 2020. Power-hammering through glitch amplification–attacks and mitigation. In IEEE 28th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM’20). 6569.Google ScholarGoogle Scholar
  17. [17] Moini Shayan, Li Xiang, Stanwicks Peter, Provelengios George, Burleson Wayne, Tessier Russell, and Holcomb Daniel. 2020. Understanding and comparing the capabilities of on-chip voltage sensors against remote power attacks on FPGAs. In IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS’20). 941944.Google ScholarGoogle Scholar
  18. [18] Mota Manuel and Christiansen Jorgen. 1999. A high-resolution time interpolator based on a delay locked loop and an RC delay line. IEEE Journal of Solid-State Circuits 34, 10 (1999), 13601366.Google ScholarGoogle ScholarCross RefCross Ref
  19. [19] O’Flynn Colin and Chen Zhizhang David. 2014. Chipwhisperer: An open-source platform for hardware embedded security research. In International Workshop on Constructive Side-Channel Analysis and Secure Design. 243260.Google ScholarGoogle Scholar
  20. [20] Provelengios George, Holcomb Daniel, and Tessier Russell. 2019. Characterizing power distribution attacks in multi-user FPGA environments. In International Conference on Field Programmable Logic and Applications (FPL’19). 194201.Google ScholarGoogle ScholarCross RefCross Ref
  21. [21] Provelengios George, Holcomb Daniel, and Tessier Russell. 2020. Power distribution attacks in multitenant FPGAs. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 28, 12 (2020), 26852698.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. [22] Provelengios George, Holcomb Daniel, and Tessier Russell. 2020. Power wasting circuits for cloud FPGA attacks. In 30th International Conference on Field-Programmable Logic and Applications (FPL’20). IEEE, 231235.Google ScholarGoogle ScholarCross RefCross Ref
  23. [23] Schellenberg Falk, Gnad Dennis R. E., Moradi Amir, and Tahoori Mehdi B.. 2018. Remote inter-chip power analysis side-channel attacks at board-level. In International Conference on Computer-Aided Design. 17.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. [24] Shen Linda L., Ahmed Ibrahim, and Betz Vaughn. 2019. Fast voltage transients on FPGAs: Impact and mitigation strategies. In 2019 IEEE 27th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM’19). IEEE, 271279.Google ScholarGoogle Scholar
  25. [25] Song Jian, An Qi, and Liu Shubin. 2006. A high-resolution time-to-digital converter implemented in field-programmable-gate-arrays. IEEE Transactions on Nuclear Science 53, 1 (2006), 236241.Google ScholarGoogle ScholarCross RefCross Ref
  26. [26] Sugawara Takeshi, Sakiyama Kazuo, Nashimoto Shoei, Suzuki Daisuke, and Nagatsuka Tomoyuki. 2019. Oscillator without a combinatorial loop and its threat to FPGA in data centre. Electronics Letters 55, 11 (2019), 640642.Google ScholarGoogle ScholarCross RefCross Ref
  27. [27] Tian Shanquan and Szefer Jakub. 2019. Temporal thermal covert channels in cloud FPGAs. In ACM/SIGDA International Symposium on Field-Programmable Gate Arrays. 298303.Google ScholarGoogle Scholar
  28. [28] Xilinx Corporation. 2018. ZCU104 User’s Guide. Xilinx Corporation.Google ScholarGoogle Scholar
  29. [29] Yin Zhoujiancheng, Liu Shubin, Hao Xinjun, Gao Shanshan, and An Qi. 2012. A high-resolution time-to-digital converter based on multi-phase clock implement in field-programmable-gate-array. In 2012 18th IEEE-NPSS Real Time Conference. IEEE, 14.Google ScholarGoogle ScholarCross RefCross Ref
  30. [30] Zhao Mark and Suh G. Edward. 2018. FPGA-based remote power side-channel attacks. In 2018 IEEE Symposium on Security and Privacy (SP’18). IEEE, 229244.Google ScholarGoogle Scholar
  31. [31] Zhao Shuze, Ahmed Ibrahim, Betz Vaughn, Lotfi Ashraf, and Trescases Olivier. 2018. Frequency-domain power delivery network self-characterization in FPGAs for improved system reliability. IEEE Transactions on Industrial Electronics 65, 11 (2018), 89158924.Google ScholarGoogle ScholarCross RefCross Ref
  32. [32] Zick Kenneth M. and Hayes John P.. 2012. Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Transactions on Reconfigurable Technology and Systems 5, 1 (2012), 1–26.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. [33] Zick Kenneth M., Srivastav Meeta, Zhang Wei, and French Matthew. 2013. Sensing nanosecond-scale voltage attacks and natural transients in FPGAs. In ACM/SIGDA International Symposium on Field Programmable Gate Arrays. 101104.Google ScholarGoogle Scholar

Index Terms

  1. Voltage Sensor Implementations for Remote Power Attacks on FPGAs

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Reconfigurable Technology and Systems
          ACM Transactions on Reconfigurable Technology and Systems  Volume 16, Issue 1
          March 2023
          403 pages
          ISSN:1936-7406
          EISSN:1936-7414
          DOI:10.1145/35733111
          • Editor:
          • Deming Chen
          Issue’s Table of Contents

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 22 December 2022
          • Online AM: 8 August 2022
          • Accepted: 25 July 2022
          • Revised: 11 June 2022
          • Received: 1 December 2021
          Published in trets Volume 16, Issue 1

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Full Text

        View this article in Full Text.

        View Full Text

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!