X-Attack: Remote Activation of Satisfiability Don't-Care Hardware Trojans on Shared FPGAs

Albeit very appealing, FPGA multitenancy in the cloud computing environment is currently on hold due to a number of recently discovered vulnerabilities to side-channel attacks and covert communication. In this work, we successfully demonstrate a new attack scenario on shared FPGAs: we show that an FPGA tenant can activate a dormant hardware Trojan without any physical or logical connection to the private Trojan-infected FPGA circuit. Our victim contains a so-called satisfiability don't-care Trojan, activated by a pair of don't-care signals, which never reach the combined trigger condition under normal operation. However, once a malicious FPGA user starts to induce considerable fluctuations in the on-chip signal delays—and, consequently, the timing faults-these harmless don't-care signals take unexpected values which trigger the Trojan. Our attack model eliminates the assumption on physical access to or manipulation of the victim design. Contrary to existing fault and side-channel attacks that target unprotected cryptographic circuits, our new attack is shown effective even against provably well-protected cryptographic circuits. Besides demonstrating the attack by successfully leaking the entire cryptographic key from one unprotected and one masked AES S-box implementation, we present an efficient and lightweight countermeasure.

[1]  Axel Jantsch,et al.  Toggle MUX: How X-optimism can lead to malicious hardware , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[2]  Jean-Max Dutertre,et al.  Efficiency of a glitch detector against electromagnetic fault injection , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[3]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[4]  Jakub Szefer,et al.  Measuring Long Wire Leakage with Ring Oscillators in Cloud FPGAs , 2019, 2019 29th International Conference on Field Programmable Logic and Applications (FPL).

[5]  Kwang-Ting Cheng,et al.  Hardware Trojans hidden in RTL don't cares — Automated insertion and prevention methodologies , 2015, 2015 IEEE International Test Conference (ITC).

[6]  Mehdi Baradaran Tahoori,et al.  Voltage drop-based fault attacks on FPGAs using valid bitstreams , 2017, 2017 27th International Conference on Field Programmable Logic and Applications (FPL).

[7]  G. Edward Suh,et al.  FPGA-Based Remote Power Side-Channel Attacks , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[8]  Daniel E. Holcomb,et al.  FPGA Side Channel Attacks without Physical Access , 2018, 2018 IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[9]  Mehdi Baradaran Tahoori,et al.  An inside job: Remote power analysis attacks on FPGAs , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[10]  Peter Y. K. Cheung,et al.  Timing Fault Detection in FPGA-Based Circuits , 2014, 2014 IEEE 22nd Annual International Symposium on Field-Programmable Custom Computing Machines.

[11]  Mehdi Baradaran Tahoori,et al.  FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[12]  Mirjana Stojilovic,et al.  Physical Side-Channel Attacks and Covert Communication on FPGAs: A Survey , 2019, 2019 29th International Conference on Field Programmable Logic and Applications (FPL).

[13]  Daniel E. Holcomb,et al.  Characterizing Power Distribution Attacks in Multi-User FPGA Environments , 2019, 2019 29th International Conference on Field Programmable Logic and Applications (FPL).

[14]  Wei Hu,et al.  Leveraging Unspecified Functionality in Obfuscated Hardware for Trojan and Fault Attacks , 2019, 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST).

[15]  Wei Hu,et al.  Why you should care about don't cares: Exploiting internal don't care conditions for hardware Trojans , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[16]  Mohammad Ebrahimi,et al.  SENSIBle: A Highly Scalable SENsor DeSIgn for Path-Based Age Monitoring in FPGAs , 2017, IEEE Transactions on Computers.

[17]  Ken Eguro,et al.  Leaky Wires: Information Leakage and Covert Communication Between FPGA Long Wires , 2016, AsiaCCS.

[18]  Meeta Srivastav,et al.  Sensing nanosecond-scale voltage attacks and natural transients in FPGAs , 2013, FPGA '13.

[19]  Abdulazim Amouri,et al.  A Low-Cost Sensor for Aging and Late Transitions Detection in Modern FPGAs , 2011, 2011 21st International Conference on Field Programmable Logic and Applications.

[20]  Mark Mohammad Tehranipoor,et al.  AVFSM: A framework for identifying and mitigating vulnerabilities in FSMs , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[21]  Francesco Regazzoni,et al.  Are Cloud FPGAs Really Vulnerable to Power Analysis Attacks? , 2020, 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[22]  David Blaauw,et al.  Razor: A Low-Power Pipeline Based on Circuit-Level Timing Speculation , 2003, MICRO.

[23]  B. Robisson,et al.  Investigation of timing constraints violation as a fault injection means , 2012 .

[24]  Tim Güneysu,et al.  Generic Side-Channel Countermeasures for Reconfigurable Devices , 2011, CHES.

[25]  Dirk Koch,et al.  Invited Tutorial: FPGA Hardware Security for Datacenters and Beyond , 2020, FPGA.

[26]  Dina G. Mahmoud,et al.  Timing Violation Induced Faults in Multi-Tenant FPGAs , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).